diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c
index c7fb99046..98ba56ff4 100644
--- a/lib/krb5/get_cred.c
+++ b/lib/krb5/get_cred.c
@@ -99,7 +99,7 @@ krb5_get_credentials (krb5_context context,
     a.req_body.from = NULL;
     a.req_body.till = in_creds->times.endtime;
     a.req_body.rtime = NULL;
-    a.req_body.nonce = getpid();
+    krb5_generate_random_block (&a.req_body.nonce, sizeof(a.req_body.nonce));
     a.req_body.additional_tickets = NULL;
     a.req_body.enc_authorization_data = NULL;
 
diff --git a/lib/krb5/get_in_tkt.c b/lib/krb5/get_in_tkt.c
index c3242cd65..eb3a44b7a 100644
--- a/lib/krb5/get_in_tkt.c
+++ b/lib/krb5/get_in_tkt.c
@@ -189,7 +189,7 @@ krb5_get_in_tkt(krb5_context context,
 #endif
 
     a.req_body.till  = creds->times.endtime;
-    a.req_body.nonce = 17;	/* XXX */
+    krb5_generate_random_block (&a.req_body.nonce, sizeof(a.req_body.nonce));
     if (etypes)
 	abort ();
     else {