diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 4aae84705b..270d513a26 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -66,23 +66,27 @@ function set_var(&$result, $var, $type, $multibyte = false)
 /**
 * Generates an alphanumeric random string of given length
 *
+* @param int $num_chars Length of random string, defaults to 8
+*
 * @return string
 */
 function gen_rand_string($num_chars = 8)
 {
 	// [a, z] + [0, 9] = 36
-	return substr(strtoupper(base_convert(unique_id(), 16, 36)), 0, $num_chars);
+	return substr(strtoupper(base_convert(bin2hex(random_bytes($num_chars)), 16, 36)), 0, $num_chars);
 }
 
 /**
 * Generates a user-friendly alphanumeric random string of given length
 * We remove 0 and O so users cannot confuse those in passwords etc.
 *
+* @param int $num_chars Length of random string, defaults to 8
+*
 * @return string
 */
 function gen_rand_string_friendly($num_chars = 8)
 {
-	$rand_str = unique_id();
+	$rand_str = bin2hex(random_bytes($num_chars));
 
 	// Remove Z and Y from the base_convert(), replace 0 with Z and O with Y
 	// [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34
diff --git a/tests/random/gen_rand_string_test.php b/tests/random/gen_rand_string_test.php
index a9d1ea20de..428db6ac98 100644
--- a/tests/random/gen_rand_string_test.php
+++ b/tests/random/gen_rand_string_test.php
@@ -40,7 +40,10 @@ class phpbb_random_gen_rand_string_test extends phpbb_test_case
 				$random_string_length = strlen($random_string);
 
 				$this->assertTrue($random_string_length >= self::MIN_STRING_LENGTH);
-				$this->assertTrue($random_string_length <= $num_chars);
+				$this->assertTrue(
+					$random_string_length == $num_chars,
+					sprintf('Failed asserting that random string length matches expected length. Expected %1$u, Actual %2$u', $num_chars, $random_string_length)
+				);
 				$this->assertRegExp('#^[A-Z0-9]+$#', $random_string);
 			}
 		}
@@ -56,7 +59,10 @@ class phpbb_random_gen_rand_string_test extends phpbb_test_case
 				$random_string_length = strlen($random_string);
 
 				$this->assertTrue($random_string_length >= self::MIN_STRING_LENGTH);
-				$this->assertTrue($random_string_length <= $num_chars);
+				$this->assertTrue(
+					$random_string_length == $num_chars,
+					sprintf('Failed asserting that random string length matches expected length. Expected %1$u, Actual %2$u', $num_chars, $random_string_length)
+				);
 				$this->assertRegExp('#^[A-NP-Z1-9]+$#', $random_string);
 			}
 		}