diff --git a/code/rfc6238.php b/code/rfc6238.php
index 522665e..d9d719c 100644
--- a/code/rfc6238.php
+++ b/code/rfc6238.php
@@ -77,8 +77,10 @@ public static function generateRandomClue($length = 16) {
   		$b32 	= "234567QWERTYUIOPASDFGHJKLZXCVBNM";
   		$s 	= "";
 
+ 	$srand = openssl_random_pseudo_bytes($length, $strong);
+
       for ($i = 0; $i < $length; $i++)
-			  $s .= $b32[rand(0,31)];
+			   $s .= $b32[ord($srand[$i]) % 32];
 
         return $s;
     }
@@ -186,4 +188,4 @@ private static function oath_truncate($hash, $length = 6, $debug=false) {
       return $result;
 		}
 		
-	}
\ No newline at end of file
+	}