diff --git a/src/main/java/axiom/delauth/token/TokenGenerator.java b/src/main/java/axiom/delauth/token/TokenGenerator.java
index 2282609..75a07ec 100644
--- a/src/main/java/axiom/delauth/token/TokenGenerator.java
+++ b/src/main/java/axiom/delauth/token/TokenGenerator.java
@@ -2,7 +2,7 @@
 
 import org.apache.log4j.Logger;
 
-import java.util.Random;
+import java.security.SecureRandom;
 
 
 public class TokenGenerator {
@@ -13,11 +13,11 @@ public class TokenGenerator {
     private TokenStore tokenStore = new TokenStorePojo();
 
     public String generateToken(String username) {
-        String token = Integer.toHexString(new Random().nextInt(Integer.MAX_VALUE));
+        String token = Integer.toHexString(new SecureRandom().nextInt(Integer.MAX_VALUE));
 
         tokenStore.addToken(username, token);
 
         return token;
     }
 
-}
\ No newline at end of file
+}
diff --git a/src/main/java/axiom/saml/idp/IdGenerator.java b/src/main/java/axiom/saml/idp/IdGenerator.java
index 2b0772a..22f8e67 100644
--- a/src/main/java/axiom/saml/idp/IdGenerator.java
+++ b/src/main/java/axiom/saml/idp/IdGenerator.java
@@ -2,7 +2,7 @@
 
 import org.apache.log4j.Logger;
 
-import java.util.Random;
+import java.security.SecureRandom;
 
 
 /**
@@ -17,7 +17,7 @@ private IdGenerator() {
     } // should not be instantiated
 
     public static String generateId() {
-        String id = "_" + Integer.toHexString(new Random().nextInt(Integer.MAX_VALUE)) + "-" + Integer.toHexString(new Random().nextInt(Integer.MAX_VALUE));
+        String id = "_" + Integer.toHexString(new SecureRandom().nextInt(Integer.MAX_VALUE)) + "-" + Integer.toHexString(new SecureRandom().nextInt(Integer.MAX_VALUE));
         logger.debug("Generated Id: " + id);
         return id;
     }