diff --git a/api/src/Auth.php b/api/src/Auth.php
index 1610549002..833f6d4ca7 100644
--- a/api/src/Auth.php
+++ b/api/src/Auth.php
@@ -292,10 +292,13 @@ class Auth
 			$random_char = array_merge($random_char, str_split(str_replace('\\', '', self::SPECIALCHARS)), $random_char);
 		}
 
+		// use cryptographically secure random_int available in PHP 7+
+		$func = function_exists('random_int') ? 'random_int' : 'mt_rand';
+
 		$s = '';
 		for ($i=0; $i < $size; $i++)
 		{
-			$s .= $random_char[mt_rand(0, count($random_char)-1)];
+			$s .= $random_char[$func(0, count($random_char)-1)];
 		}
 		return $s;
 	}
diff --git a/doc/rpm-build/post_install.php b/doc/rpm-build/post_install.php
index f287fe308b..6af76760cf 100755
--- a/doc/rpm-build/post_install.php
+++ b/doc/rpm-build/post_install.php
@@ -550,10 +550,13 @@ function randomstring($len=16)
 		'>','|','[',']','}',	// dont add /\,'"{ as we have problems dealing with them
 	);
 
+	// use cryptographically secure random_int available in PHP 7+
+	$func = function_exists('random_int') ? 'random_int' : 'mt_rand';
+
 	$str = '';
 	for($i=0; $i < $len; $i++)
 	{
-		$str .= $usedchars[mt_rand(0,count($usedchars)-1)];
+		$str .= $usedchars[$func(0,count($usedchars)-1)];
 	}
 	return $str;
 }