diff --git a/doc/src/asciidoc/module_cryptoservice.adoc b/doc/src/asciidoc/module_cryptoservice.adoc
index d12a13b4ca..bc652c5730 100644
--- a/doc/src/asciidoc/module_cryptoservice.adoc
+++ b/doc/src/asciidoc/module_cryptoservice.adoc
@@ -65,9 +65,8 @@ The crypto service can be configured using a QBean descriptor like this:
     <property name="keylength" value="256" />                         <5>
     <property name="duration" value="86400000" />                     <6>
     <property name="ttl" value="3600000" />                           <7>
-    <property name="max-random-operations" value="1000000" />         <8>
     <ks-provider 
-    class="org.jpos.crypto.SysConfigCryptoServiceKeyStoreProvider" /> <9>
+    class="org.jpos.crypto.SysConfigCryptoServiceKeyStoreProvider" /> <8>
 </crypto-service>
 ------------
 <1> custodian PGP id, there can be many `custodian` entries.
@@ -77,8 +76,7 @@ The crypto service can be configured using a QBean descriptor like this:
 <5> key length defaults to 256. Can be reduced if AES-256 is not supported by the JVM due to export restrictions.
 <6> key duration
 <7> internal key cache time-to-live (in millis).
-<8> after max-random-operations (default to 100000), SecureRandom object gets discarded.
-<9> CryptoServiceKeyStoreProvider class configuration.
+<8> CryptoServiceKeyStoreProvider class configuration.
 
 [TIP]
 =====
diff --git a/modules/cryptoservice/src/main/java/org/jpos/crypto/CryptoService.java b/modules/cryptoservice/src/main/java/org/jpos/crypto/CryptoService.java
index 7e532f0d94..143f6ee14a 100644
--- a/modules/cryptoservice/src/main/java/org/jpos/crypto/CryptoService.java
+++ b/modules/cryptoservice/src/main/java/org/jpos/crypto/CryptoService.java
@@ -77,10 +77,13 @@ public final class CryptoService extends QBeanSupport implements Runnable, XmlCo
     private long ttl;
     private long duration;
     private Supplier<String> unlock;
-    private Recyclable<Random> rnd;
-    private int maxRandomOperations = 100000;
+    private static SecureRandom rnd;
     private CryptoServiceKeyStoreProvider ksProvider;
 
+    static {
+        rnd = new SecureRandom();
+    }
+
     /**
      * Encrypts data using the current key
      * @param b data to encrypt
@@ -201,7 +204,6 @@ public boolean isLocked () {
 
     @Override
     protected void initService() throws ConfigurationException {
-        rnd = new Recyclable<>(SecureRandom::new, maxRandomOperations);
         if (!lazy.get())
             new Thread(this, getName()).start();
         NameRegistrar.register(getName(), this);
@@ -230,7 +232,6 @@ public void setConfiguration (Configuration cfg) throws ConfigurationException {
         waitTimeout = cfg.getLong("timeout", 30000L);
         ttl = cfg.getLong("ttl", 3600000L);
         duration = cfg.getLong("duration", 86400000L);
-        maxRandomOperations = cfg.getInt("max-random-operations", 100000);
         String unlockPassword = cfg.get("unlock-password", null);
         if (unlockPassword != null) {
             try {
@@ -302,7 +303,7 @@ private byte[] decrypt (SecretKey sk, IvParameterSpec iv, byte[] cryptogram)
 
     private byte[] randomIV() {
         final byte[] b = new byte[16];
-        rnd.get().nextBytes(b);
+        rnd.nextBytes(b);
         return b;
     }