diff --git a/configure.ac b/configure.ac
index 62cd547ef..610de09b4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -225,6 +225,8 @@ AC_REPLACE_FUNCS([reallocarray strcasecmp strcasestr strlcat strlcpy strndup\
 	timingsafe_memcmp])
 AM_CONDITIONAL(POLL, [test "x$ac_cv_func_poll" = "xyes"])
 
+AC_CHECK_LIB([bsd], [arc4random_buf])
+
 AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
 
 dnl Check for SO_PEERCRED #define
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index 4b86c1a3c..d357910a6 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -125,6 +125,9 @@
 /* Build a standalone xpbproxy */
 #undef STANDALONE_XPBPROXY
 
+/* Define to 1 if you have the `bsd' library (-lbsd). */
+#undef HAVE_LIBBSD
+
 /* Define to 1 if you have the `m' library (-lm). */
 #undef HAVE_LIBM
 
@@ -161,6 +164,9 @@
 /* Define to 1 if you have the <rpcsvc/dbm.h> header file. */
 #undef HAVE_RPCSVC_DBM_H
 
+/* Define to 1 if you have the `arc4random_buf' function. */
+#undef HAVE_ARC4RANDOM_BUF
+
 /* Define to use libc SHA1 functions */
 #undef HAVE_SHA1_IN_LIBC
 
diff --git a/os/auth.c b/os/auth.c
index 7da6fc6ed..81164a2f5 100644
--- a/os/auth.c
+++ b/os/auth.c
@@ -45,6 +45,9 @@ from The Open Group.
 #ifdef WIN32
 #include    <X11/Xw32defs.h>
 #endif
+#ifdef HAVE_LIBBSD
+#include   <bsd/stdlib.h>       /* for arc4random_buf() */
+#endif
 
 struct protocol {
     unsigned short name_length;
@@ -303,11 +306,15 @@ GenerateAuthorization(unsigned name_length,
 void
 GenerateRandomData(int len, char *buf)
 {
+#ifdef HAVE_ARC4RANDOMBUF
+    arc4random_buf(buf, len);
+#else
     int fd;
 
     fd = open("/dev/urandom", O_RDONLY);
     read(fd, buf, len);
     close(fd);
+#endif
 }
 
 #endif                          /* XCSECURITY */