diff --git a/Pods b/Pods
index d16f91410..f62516a6d 160000
--- a/Pods
+++ b/Pods
@@ -1 +1 @@
-Subproject commit d16f91410fa1d9859a910b6f2b6e2369fb6d0377
+Subproject commit f62516a6d38a44a322bd115f913e83e2941e404f
diff --git a/Signal/src/ViewControllers/DebugUI/DebugUIContacts.m b/Signal/src/ViewControllers/DebugUI/DebugUIContacts.m
index 21344687a..0766aa528 100644
--- a/Signal/src/ViewControllers/DebugUI/DebugUIContacts.m
+++ b/Signal/src/ViewControllers/DebugUI/DebugUIContacts.m
@@ -7,6 +7,7 @@
 #import "Signal-Swift.h"
 #import "SignalApp.h"
 #import <Contacts/Contacts.h>
+#import <Curve25519Kit/Randomness.h>
 
 NS_ASSUME_NONNULL_BEGIN
 
@@ -1351,7 +1352,7 @@ NS_ASSUME_NONNULL_BEGIN
         validRecipientId,
         [TSAccountManager localNumber],
     ] mutableCopy];
-    NSData *groupId = [SecurityUtils generateRandomBytes:16];
+    NSData *groupId = [Randomness generateRandomBytes:16];
     TSGroupModel *model =
         [[TSGroupModel alloc] initWithTitle:groupName memberIds:recipientIds image:nil groupId:groupId];
     TSGroupThread *thread = [TSGroupThread getOrCreateThreadWithGroupModel:model];
diff --git a/Signal/src/ViewControllers/DebugUI/DebugUIMessages.m b/Signal/src/ViewControllers/DebugUI/DebugUIMessages.m
index 4f42f994d..773004a77 100644
--- a/Signal/src/ViewControllers/DebugUI/DebugUIMessages.m
+++ b/Signal/src/ViewControllers/DebugUI/DebugUIMessages.m
@@ -3343,6 +3343,7 @@ typedef OWSContact * (^OWSContactBlock)(YapDatabaseReadWriteTransaction *transac
 + (NSData *)createRandomNSDataOfSize:(size_t)size
 {
     OWSAssert(size % 4 == 0);
+    OWSAssert(size < INT_MAX);
 
     return [Randomness generateRandomBytes:(int)size];
 }
@@ -3833,7 +3834,7 @@ typedef OWSContact * (^OWSContactBlock)(YapDatabaseReadWriteTransaction *transac
         recipientId,
         [TSAccountManager localNumber],
     ] mutableCopy];
-    NSData *groupId = [SecurityUtils generateRandomBytes:16];
+    NSData *groupId = [Randomness generateRandomBytes:16];
     TSGroupModel *groupModel =
         [[TSGroupModel alloc] initWithTitle:groupName memberIds:recipientIds image:nil groupId:groupId];
 
@@ -4324,7 +4325,7 @@ typedef OWSContact * (^OWSContactBlock)(YapDatabaseReadWriteTransaction *transac
                         recipientId,
                         [TSAccountManager localNumber],
                     ] mutableCopy];
-                    NSData *groupId = [SecurityUtils generateRandomBytes:16];
+                    NSData *groupId = [Randomness generateRandomBytes:16];
                     TSGroupModel *groupModel =
                         [[TSGroupModel alloc] initWithTitle:groupName memberIds:recipientIds image:nil groupId:groupId];
 
@@ -4363,7 +4364,7 @@ typedef OWSContact * (^OWSContactBlock)(YapDatabaseReadWriteTransaction *transac
                         recipientId,
                         [TSAccountManager localNumber],
                     ] mutableCopy];
-                    NSData *groupId = [SecurityUtils generateRandomBytes:16];
+                    NSData *groupId = [Randomness generateRandomBytes:16];
                     TSGroupModel *groupModel =
                         [[TSGroupModel alloc] initWithTitle:groupName memberIds:recipientIds image:nil groupId:groupId];
 
diff --git a/Signal/src/ViewControllers/DebugUI/DebugUIMessagesAssetLoader.m b/Signal/src/ViewControllers/DebugUI/DebugUIMessagesAssetLoader.m
index 83fd9f8d5..cc98eb85a 100644
--- a/Signal/src/ViewControllers/DebugUI/DebugUIMessagesAssetLoader.m
+++ b/Signal/src/ViewControllers/DebugUI/DebugUIMessagesAssetLoader.m
@@ -203,6 +203,7 @@ NS_ASSUME_NONNULL_BEGIN
                         failure:(ActionFailureBlock)failure
 {
     OWSAssert(dataLength > 0);
+    OWSAssert(dataLength < INT_MAX);
     OWSAssert(success);
     OWSAssert(failure);
     OWSAssert(self.filename.length > 0);
diff --git a/Signal/src/ViewControllers/DebugUI/DebugUIMisc.m b/Signal/src/ViewControllers/DebugUI/DebugUIMisc.m
index fb6f36c86..d6c84a73f 100644
--- a/Signal/src/ViewControllers/DebugUI/DebugUIMisc.m
+++ b/Signal/src/ViewControllers/DebugUI/DebugUIMisc.m
@@ -16,7 +16,6 @@
 #import <SignalServiceKit/OWSDisappearingMessagesConfiguration.h>
 #import <SignalServiceKit/OWSPrimaryStorage+SessionStore.h>
 #import <SignalServiceKit/OWSVerificationStateChangeMessage.h>
-#import <SignalServiceKit/SecurityUtils.h>
 #import <SignalServiceKit/TSCall.h>
 #import <SignalServiceKit/TSInvalidIdentityKeyReceivingErrorMessage.h>
 #import <SignalServiceKit/TSThread.h>
diff --git a/Signal/src/ViewControllers/DebugUI/DebugUIStress.m b/Signal/src/ViewControllers/DebugUI/DebugUIStress.m
index bfb40ae3d..715bb843d 100644
--- a/Signal/src/ViewControllers/DebugUI/DebugUIStress.m
+++ b/Signal/src/ViewControllers/DebugUI/DebugUIStress.m
@@ -7,12 +7,12 @@
 #import "OWSTableViewController.h"
 #import "SignalApp.h"
 #import "ThreadUtil.h"
+#import <Curve25519Kit/Randomness.h>
 #import <SignalMessaging/Environment.h>
 #import <SignalServiceKit/Cryptography.h>
 #import <SignalServiceKit/NSDate+OWS.h>
 #import <SignalServiceKit/OWSDynamicOutgoingMessage.h>
 #import <SignalServiceKit/OWSPrimaryStorage.h>
-#import <SignalServiceKit/SecurityUtils.h>
 #import <SignalServiceKit/SignalServiceKit-Swift.h>
 #import <SignalServiceKit/TSGroupThread.h>
 #import <SignalServiceKit/TSThread.h>
@@ -507,7 +507,7 @@ NS_ASSUME_NONNULL_BEGIN
                 [[TSGroupModel alloc] initWithTitle:[groupThread.groupModel.groupName stringByAppendingString:@" Copy"]
                                           memberIds:groupThread.groupModel.groupMemberIds
                                               image:groupThread.groupModel.groupImage
-                                            groupId:[SecurityUtils generateRandomBytes:16]];
+                                            groupId:[Randomness generateRandomBytes:16]];
             thread = [TSGroupThread getOrCreateThreadWithGroupModel:groupModel transaction:transaction];
         }];
     OWSAssert(thread);
diff --git a/Signal/src/ViewControllers/DebugUI/DebugUISyncMessages.m b/Signal/src/ViewControllers/DebugUI/DebugUISyncMessages.m
index 3cf600cef..5e262248d 100644
--- a/Signal/src/ViewControllers/DebugUI/DebugUISyncMessages.m
+++ b/Signal/src/ViewControllers/DebugUI/DebugUISyncMessages.m
@@ -22,7 +22,6 @@
 #import <SignalServiceKit/OWSSyncGroupsMessage.h>
 #import <SignalServiceKit/OWSSyncGroupsRequestMessage.h>
 #import <SignalServiceKit/OWSVerificationStateChangeMessage.h>
-#import <SignalServiceKit/SecurityUtils.h>
 #import <SignalServiceKit/TSCall.h>
 #import <SignalServiceKit/TSDatabaseView.h>
 #import <SignalServiceKit/TSIncomingMessage.h>
diff --git a/Signal/src/ViewControllers/NewGroupViewController.m b/Signal/src/ViewControllers/NewGroupViewController.m
index 33ae106c6..2ca4306cf 100644
--- a/Signal/src/ViewControllers/NewGroupViewController.m
+++ b/Signal/src/ViewControllers/NewGroupViewController.m
@@ -8,6 +8,7 @@
 #import "OWSNavigationController.h"
 #import "Signal-Swift.h"
 #import "SignalApp.h"
+#import <Curve25519Kit/Randomness.h>
 #import <SignalMessaging/BlockListUIUtils.h>
 #import <SignalMessaging/ContactTableViewCell.h>
 #import <SignalMessaging/ContactsViewHelper.h>
@@ -21,7 +22,6 @@
 #import <SignalMessaging/UIViewController+OWS.h>
 #import <SignalServiceKit/NSDate+OWS.h>
 #import <SignalServiceKit/OWSMessageSender.h>
-#import <SignalServiceKit/SecurityUtils.h>
 #import <SignalServiceKit/SignalAccount.h>
 #import <SignalServiceKit/TSGroupModel.h>
 #import <SignalServiceKit/TSGroupThread.h>
@@ -507,7 +507,7 @@ const NSUInteger kNewGroupViewControllerAvatarWidth = 68;
     NSString *groupName = [self.groupNameTextField.text ows_stripped];
     NSMutableArray<NSString *> *recipientIds = [self.memberRecipientIds.allObjects mutableCopy];
     [recipientIds addObject:[self.contactsViewHelper localNumber]];
-    NSData *groupId = [SecurityUtils generateRandomBytes:16];
+    NSData *groupId = [Randomness generateRandomBytes:16];
     return [[TSGroupModel alloc] initWithTitle:groupName memberIds:recipientIds image:self.groupAvatar groupId:groupId];
 }
 
diff --git a/Signal/src/ViewControllers/ThreadSettings/UpdateGroupViewController.m b/Signal/src/ViewControllers/ThreadSettings/UpdateGroupViewController.m
index 79d6a27a3..c6f457ce9 100644
--- a/Signal/src/ViewControllers/ThreadSettings/UpdateGroupViewController.m
+++ b/Signal/src/ViewControllers/ThreadSettings/UpdateGroupViewController.m
@@ -21,7 +21,6 @@
 #import <SignalMessaging/UIViewController+OWS.h>
 #import <SignalServiceKit/NSDate+OWS.h>
 #import <SignalServiceKit/OWSMessageSender.h>
-#import <SignalServiceKit/SecurityUtils.h>
 #import <SignalServiceKit/SignalAccount.h>
 #import <SignalServiceKit/TSGroupModel.h>
 #import <SignalServiceKit/TSGroupThread.h>
diff --git a/Signal/src/call/SignalCall.swift b/Signal/src/call/SignalCall.swift
index 6be0689d0..eba4d6a49 100644
--- a/Signal/src/call/SignalCall.swift
+++ b/Signal/src/call/SignalCall.swift
@@ -240,8 +240,6 @@ protocol CallObserver: class {
 
 fileprivate extension UInt64 {
     static func ows_random() -> UInt64 {
-        var random: UInt64 = 0
-        arc4random_buf(&random, MemoryLayout.size(ofValue: random))
-        return random
+        return Cryptography.randomUInt64()
     }
 }
diff --git a/Signal/test/ViewControllers/ConversationViewItemTest.m b/Signal/test/ViewControllers/ConversationViewItemTest.m
index 6107566ec..97cdd2dc7 100644
--- a/Signal/test/ViewControllers/ConversationViewItemTest.m
+++ b/Signal/test/ViewControllers/ConversationViewItemTest.m
@@ -6,7 +6,6 @@
 #import <MobileCoreServices/MobileCoreServices.h>
 #import <SignalMessaging/SignalMessaging-Swift.h>
 #import <SignalServiceKit/MIMETypeUtil.h>
-#import <SignalServiceKit/SecurityUtils.h>
 #import <SignalServiceKit/TSAttachmentStream.h>
 #import <SignalServiceKit/TSContactThread.h>
 #import <SignalServiceKit/TSOutgoingMessage.h>
diff --git a/SignalMessaging/environment/SignalKeyingStorage.m b/SignalMessaging/environment/SignalKeyingStorage.m
index 96f0718cf..da9e9ef07 100644
--- a/SignalMessaging/environment/SignalKeyingStorage.m
+++ b/SignalMessaging/environment/SignalKeyingStorage.m
@@ -3,8 +3,8 @@
 //
 
 #import "SignalKeyingStorage.h"
+#import <Curve25519Kit/Randomness.h>
 #import <SignalServiceKit/OWSPrimaryStorage.h>
-#import <SignalServiceKit/SecurityUtils.h>
 #import <SignalServiceKit/YapDatabaseConnection+OWS.h>
 
 #define SignalKeyingCollection @"SignalKeyingCollection"
@@ -17,9 +17,9 @@
 
 + (void)generateSignaling
 {
-    [self storeData:[SecurityUtils generateRandomBytes:SIGNALING_MAC_KEY_LENGTH] forKey:SIGNALING_MAC_KEY];
-    [self storeData:[SecurityUtils generateRandomBytes:SIGNALING_CIPHER_KEY_LENGTH] forKey:SIGNALING_CIPHER_KEY];
-    [self storeData:[SecurityUtils generateRandomBytes:SIGNALING_EXTRA_KEY_LENGTH] forKey:SIGNALING_EXTRA_KEY];
+    [self storeData:[Randomness generateRandomBytes:SIGNALING_MAC_KEY_LENGTH] forKey:SIGNALING_MAC_KEY];
+    [self storeData:[Randomness generateRandomBytes:SIGNALING_CIPHER_KEY_LENGTH] forKey:SIGNALING_CIPHER_KEY];
+    [self storeData:[Randomness generateRandomBytes:SIGNALING_EXTRA_KEY_LENGTH] forKey:SIGNALING_EXTRA_KEY];
 }
 
 + (int64_t)getAndIncrementOneTimeCounter
diff --git a/SignalMessaging/profiles/OWSProfileManager.m b/SignalMessaging/profiles/OWSProfileManager.m
index 7d106790c..f221afe59 100644
--- a/SignalMessaging/profiles/OWSProfileManager.m
+++ b/SignalMessaging/profiles/OWSProfileManager.m
@@ -20,7 +20,6 @@
 #import <SignalServiceKit/OWSProfileKeyMessage.h>
 #import <SignalServiceKit/OWSRequestBuilder.h>
 #import <SignalServiceKit/OWSSignalService.h>
-#import <SignalServiceKit/SecurityUtils.h>
 #import <SignalServiceKit/TSAccountManager.h>
 #import <SignalServiceKit/TSGroupThread.h>
 #import <SignalServiceKit/TSNetworkManager.h>
diff --git a/SignalServiceKit/src/Account/TSAccountManager.m b/SignalServiceKit/src/Account/TSAccountManager.m
index e885673ce..c5839fb0c 100644
--- a/SignalServiceKit/src/Account/TSAccountManager.m
+++ b/SignalServiceKit/src/Account/TSAccountManager.m
@@ -4,6 +4,7 @@
 
 #import "TSAccountManager.h"
 #import "AppContext.h"
+#import "Cryptography.h"
 #import "NSData+Base64.h"
 #import "NSData+OWS.h"
 #import "NSNotificationCenter+OWS.h"
@@ -11,12 +12,12 @@
 #import "OWSError.h"
 #import "OWSPrimaryStorage+SessionStore.h"
 #import "OWSRequestFactory.h"
-#import "SecurityUtils.h"
 #import "TSNetworkManager.h"
 #import "TSPreKeyManager.h"
 #import "TSVerifyCodeRequest.h"
 #import "YapDatabaseConnection+OWS.h"
 #import "YapDatabaseTransaction+OWS.h"
+#import <Curve25519Kit/Randomness.h>
 #import <YapDatabase/YapDatabase.h>
 
 NS_ASSUME_NONNULL_BEGIN
@@ -432,7 +433,7 @@ NSString *const TSAccountManager_ServerSignalingKey = @"TSStorageServerSignaling
 #pragma mark Server keying material
 
 + (NSString *)generateNewAccountAuthenticationToken {
-    NSData *authToken        = [SecurityUtils generateRandomBytes:16];
+    NSData *authToken = [Randomness generateRandomBytes:16];
     NSString *authTokenPrint = [[NSData dataWithData:authToken] hexadecimalString];
     return authTokenPrint;
 }
@@ -441,7 +442,7 @@ NSString *const TSAccountManager_ServerSignalingKey = @"TSStorageServerSignaling
     /*The signalingKey is 32 bytes of AES material (256bit AES) and 20 bytes of
      * Hmac key material (HmacSHA1) concatenated into a 52 byte slug that is
      * base64 encoded. */
-    NSData *signalingKeyToken        = [SecurityUtils generateRandomBytes:52];
+    NSData *signalingKeyToken = [Randomness generateRandomBytes:52];
     NSString *signalingKeyTokenPrint = [[NSData dataWithData:signalingKeyToken] base64EncodedString];
     return signalingKeyTokenPrint;
 }
diff --git a/SignalServiceKit/src/Security/SecurityUtils.h b/SignalServiceKit/src/Security/SecurityUtils.h
deleted file mode 100644
index f448a0566..000000000
--- a/SignalServiceKit/src/Security/SecurityUtils.h
+++ /dev/null
@@ -1,9 +0,0 @@
-//
-//  Copyright (c) 2017 Open Whisper Systems. All rights reserved.
-//
-
-@interface SecurityUtils : NSObject
-
-+ (NSData *)generateRandomBytes:(NSUInteger)length;
-
-@end
diff --git a/SignalServiceKit/src/Security/SecurityUtils.m b/SignalServiceKit/src/Security/SecurityUtils.m
deleted file mode 100644
index 3a4a68775..000000000
--- a/SignalServiceKit/src/Security/SecurityUtils.m
+++ /dev/null
@@ -1,15 +0,0 @@
-//
-//  Copyright (c) 2018 Open Whisper Systems. All rights reserved.
-//
-
-#import "SecurityUtils.h"
-#import <Curve25519Kit/Randomness.h>
-
-@implementation SecurityUtils
-
-+ (NSData *)generateRandomBytes:(NSUInteger)length
-{
-    return [Randomness generateRandomBytes:(int)length];
-}
-
-@end
diff --git a/SignalServiceKit/src/Storage/AxolotlStore/OWSPrimaryStorage+PreKeyStore.m b/SignalServiceKit/src/Storage/AxolotlStore/OWSPrimaryStorage+PreKeyStore.m
index 4e445a166..98f91eaa2 100644
--- a/SignalServiceKit/src/Storage/AxolotlStore/OWSPrimaryStorage+PreKeyStore.m
+++ b/SignalServiceKit/src/Storage/AxolotlStore/OWSPrimaryStorage+PreKeyStore.m
@@ -3,6 +3,7 @@
 //
 
 #import "OWSPrimaryStorage+PreKeyStore.h"
+#import "Cryptography.h"
 #import "OWSPrimaryStorage+keyFromIntLong.h"
 #import "TSStorageKeys.h"
 #import "YapDatabaseConnection+OWS.h"
diff --git a/SignalServiceKit/src/Storage/AxolotlStore/OWSPrimaryStorage+SignedPreKeyStore.m b/SignalServiceKit/src/Storage/AxolotlStore/OWSPrimaryStorage+SignedPreKeyStore.m
index 2d4f28a56..1b3565ce8 100644
--- a/SignalServiceKit/src/Storage/AxolotlStore/OWSPrimaryStorage+SignedPreKeyStore.m
+++ b/SignalServiceKit/src/Storage/AxolotlStore/OWSPrimaryStorage+SignedPreKeyStore.m
@@ -2,9 +2,10 @@
 //  Copyright (c) 2018 Open Whisper Systems. All rights reserved.
 //
 
+#import "OWSPrimaryStorage+SignedPreKeyStore.h"
+#import "Cryptography.h"
 #import "OWSIdentityManager.h"
 #import "OWSPrimaryStorage+PreKeyStore.h"
-#import "OWSPrimaryStorage+SignedPreKeyStore.h"
 #import "OWSPrimaryStorage+keyFromIntLong.h"
 #import "YapDatabaseConnection+OWS.h"
 #import <AxolotlKit/AxolotlExceptions.h>
diff --git a/SignalServiceKit/src/Util/OWSAnalytics.m b/SignalServiceKit/src/Util/OWSAnalytics.m
index 1a5f8178b..813b618b6 100755
--- a/SignalServiceKit/src/Util/OWSAnalytics.m
+++ b/SignalServiceKit/src/Util/OWSAnalytics.m
@@ -4,6 +4,7 @@
 
 #import "OWSAnalytics.h"
 #import "AppContext.h"
+#import "Cryptography.h"
 #import "OWSBackgroundTask.h"
 #import "OWSPrimaryStorage.h"
 #import "OWSQueues.h"