diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml
index 663b1031..91527116 100644
--- a/sasl/Cargo.toml
+++ b/sasl/Cargo.toml
@@ -20,6 +20,7 @@ scram = ["openssl"]
 
 [dependencies]
 base64 = "0.10"
+rand_os = "0.1"
 sha-1 = "0.8"
 sha2 = "0.8"
 hmac = "0.7"
diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs
index 6d15322a..f8bd0709 100644
--- a/sasl/src/common/scram.rs
+++ b/sasl/src/common/scram.rs
@@ -1,7 +1,6 @@
 use openssl::pkcs5::pbkdf2_hmac;
 use openssl::hash::MessageDigest;
-use openssl::rand::rand_bytes;
-use openssl::error::ErrorStack;
+use rand_os::{OsRng, rand_core::{RngCore, Error as RngError}};
 use sha1::{Sha1 as Sha1_hash, Digest};
 use sha2::Sha256 as Sha256_hash;
 use hmac::{Hmac, Mac};
@@ -13,9 +12,10 @@ use crate::secret;
 use base64;
 
 /// Generate a nonce for SCRAM authentication.
-pub fn generate_nonce() -> Result<String, ErrorStack> {
-    let mut data = vec![0; 32];
-    rand_bytes(&mut data)?;
+pub fn generate_nonce() -> Result<String, RngError> {
+    let mut data = [0u8; 32];
+    let mut rng = OsRng::new()?;
+    rng.fill_bytes(&mut data);
     Ok(base64::encode(&data))
 }
 
diff --git a/sasl/src/error.rs b/sasl/src/error.rs
index 6d79df25..b5287073 100644
--- a/sasl/src/error.rs
+++ b/sasl/src/error.rs
@@ -1,19 +1,19 @@
 #[cfg(feature = "scram")]
-use openssl::error::ErrorStack;
+use rand_os::rand_core::Error as RngError;
 
 /// A wrapper enum for things that could go wrong in this crate.
 #[derive(Debug)]
 pub enum Error {
     #[cfg(feature = "scram")]
-    /// An error in OpenSSL.
-    OpenSslErrorStack(ErrorStack),
+    /// An error while initializing the Rng.
+    RngError(RngError),
     /// An error in a SASL mechanism.
     SaslError(String),
 }
 
 #[cfg(feature = "scram")]
-impl From<ErrorStack> for Error {
-    fn from(err: ErrorStack) -> Error {
-        Error::OpenSslErrorStack(err)
+impl From<RngError> for Error {
+    fn from(err: RngError) -> Error {
+        Error::RngError(err)
     }
 }