diff --git a/scm-webapp/src/main/java/sonia/scm/security/DefaultKeyGenerator.java b/scm-webapp/src/main/java/sonia/scm/security/DefaultKeyGenerator.java
index 60d5d30d25..d03105a608 100644
--- a/scm-webapp/src/main/java/sonia/scm/security/DefaultKeyGenerator.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/DefaultKeyGenerator.java
@@ -51,6 +51,12 @@ import java.util.concurrent.atomic.AtomicLong;
 public class DefaultKeyGenerator implements KeyGenerator
 {
 
+  /** Field description */
+  private static final int RANDOM_MAX = 999;
+
+  /** Field description */
+  private static final int RANDOM_MIN = 100;
+
   /**
    * the logger for DefaultKeyGenerator
    */
@@ -72,7 +78,7 @@ public class DefaultKeyGenerator implements KeyGenerator
 
     buffer.append(Long.toHexString(System.currentTimeMillis()));
     buffer.append(Long.toHexString(sessionKey.incrementAndGet()));
-    buffer.append(Integer.toHexString(random.nextInt(999)));
+    buffer.append(Integer.toHexString(createRandom()));
 
     String key = buffer.toString();
 
@@ -84,6 +90,17 @@ public class DefaultKeyGenerator implements KeyGenerator
     return key;
   }
 
+  /**
+   * Create a random int between {@link #RANDOM_MIN} and {@link #RANDOM_MAX}.
+   * This method is package visible for testing.
+   *
+   * @return a random int between the min and max value
+   */
+  int createRandom()
+  {
+    return random.nextInt(RANDOM_MAX - RANDOM_MIN + 1) + RANDOM_MIN;
+  }
+
   //~--- fields ---------------------------------------------------------------
 
   /** Field description */
diff --git a/scm-webapp/src/test/java/sonia/scm/security/DefaultKeyGeneratorTest.java b/scm-webapp/src/test/java/sonia/scm/security/DefaultKeyGeneratorTest.java
index 231191714f..b40cb93189 100644
--- a/scm-webapp/src/test/java/sonia/scm/security/DefaultKeyGeneratorTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/DefaultKeyGeneratorTest.java
@@ -57,6 +57,24 @@ import java.util.concurrent.TimeoutException;
 public class DefaultKeyGeneratorTest
 {
 
+  /**
+   * Method description
+   *
+   */
+  @Test
+  public void testCreateRandom()
+  {
+    DefaultKeyGenerator gen = new DefaultKeyGenerator();
+
+    for (int i = 0; i < 10000; i++)
+    {
+      int r = gen.createRandom();
+
+      assertTrue(r >= 100);
+      assertTrue(r <= 999);
+    }
+  }
+
   /**
    * Method description
    *