diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index d8a3356d1ec3657ea5fc008072dd58a54a4be83b..22335b3235932e7878408b690b886b4198f7748f 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -86,7 +86,7 @@ class Crypto
         $key    = openssl_digest($secret, 'sha256');
         $method = 'AES-256-CBC';
         $ivSize = 16;
-        $iv     = substr($key, 0, $ivSize);
+        $iv     = openssl_random_pseudo_bytes($ivSize);
 
         return $iv.openssl_encrypt($data, $method, $key, $raw, $iv);
     }