diff --git a/nomad/server.go b/nomad/server.go
index 2af167bea..edc90f2eb 100644
--- a/nomad/server.go
+++ b/nomad/server.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"log"
-	"math/rand"
 	"net"
 	"net/rpc"
 	"os"
@@ -249,7 +248,9 @@ func NewServer(config *Config) (*Server, error) {
 	go s.heartbeatStats()
 
 	// Seed the global random.
-	rand.Seed(time.Now().UnixNano())
+	if err := seedRandom(); err != nil {
+		return nil, err
+	}
 
 	// Done
 	return s, nil
diff --git a/nomad/util.go b/nomad/util.go
index a47154356..635a09172 100644
--- a/nomad/util.go
+++ b/nomad/util.go
@@ -2,6 +2,8 @@ package nomad
 
 import (
 	"fmt"
+	"math"
+	"math/big"
 	"math/rand"
 	"net"
 	"os"
@@ -10,6 +12,8 @@ import (
 	"strconv"
 	"time"
 
+	crand "crypto/rand"
+
 	"github.com/hashicorp/serf/serf"
 )
 
@@ -127,3 +131,15 @@ func rateScaledInterval(rate float64, min time.Duration, n int) time.Duration {
 	}
 	return interval
 }
+
+// seedRandom seeds the global random variable using a cryptographically random
+// seed. It returns an error if determing the random seed fails.
+func seedRandom() error {
+	n, err := crand.Int(crand.Reader, big.NewInt(math.MaxInt64))
+	if err != nil {
+		return err
+	}
+	rand.Seed(n.Int64())
+	return nil
+}
+