diff --git a/src/main/java/me/zhyd/oauth/utils/RandomUtil.java b/src/main/java/me/zhyd/oauth/utils/RandomUtil.java
index e68a2c6..78c42dc 100644
--- a/src/main/java/me/zhyd/oauth/utils/RandomUtil.java
+++ b/src/main/java/me/zhyd/oauth/utils/RandomUtil.java
@@ -1,5 +1,7 @@
 package me.zhyd.oauth.utils;
 
+import java.security.SecureRandom;
+import java.util.Random;
 import java.util.concurrent.ThreadLocalRandom;
 
 /**
@@ -22,6 +24,26 @@ public class RandomUtil {
      * @param length 字符串的长度
      * @return 指定长度的随机字符串
      */
+
+    /* A cryptographically strong random number generator object for use with randomString().
+    **/
+    private static Random randGen = new SecureRandom();
+
+    /**
+     * Array of numbers and letters of mixed case. Numbers appear in the list
+     * twice so that there is a more equal chance that a number will be picked.
+     * We can use the array to get a random number or letter by picking a random
+     * array index.
+     */
+    private static char[] numbersAndLetters = ("0123456789abcdefghijklmnopqrstuvwxyz" +
+            "ABCDEFGHIJKLMNOPQRSTUVWXYZ").toCharArray();
+
+    /**
+     * Returns a random String of numbers and letters (lower and upper case)
+     * of the specified length. The method uses a cryptographically strong
+     * random number generator as provided by {@link SecureRandom}
+    */
+
     public static String randomString(int length) {
         final StringBuilder sb = new StringBuilder(length);
 
@@ -30,7 +52,7 @@ public static String randomString(int length) {
         }
         int baseLength = BASE_CHAR_NUMBER.length();
         for (int i = 0; i < length; i++) {
-            int number = ThreadLocalRandom.current().nextInt(baseLength);
+            int number = SERCURE_RANDOM.nextInt(baseLength);
             sb.append(BASE_CHAR_NUMBER.charAt(number));
         }
         return sb.toString();