diff --git a/security/pom.xml b/security/pom.xml
index f9fc2d5..4c6e85f 100644
--- a/security/pom.xml
+++ b/security/pom.xml
@@ -36,5 +36,11 @@
             <version>1.4</version>
             <type>jar</type>
         </dependency>
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+            <version>1.2.17</version>
+            <type>jar</type>
+        </dependency>
     </dependencies>
 </project>
diff --git a/security/src/main/java/de/muehlencord/shared/security/PasswordUtil.java b/security/src/main/java/de/muehlencord/shared/security/PasswordUtil.java
index 6dda951..7f1ce6f 100644
--- a/security/src/main/java/de/muehlencord/shared/security/PasswordUtil.java
+++ b/security/src/main/java/de/muehlencord/shared/security/PasswordUtil.java
@@ -9,6 +9,7 @@ import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Arrays;
 import org.apache.commons.codec.binary.Base64;
+import org.apache.log4j.Logger;
 
 /**
  *
@@ -16,6 +17,9 @@ import org.apache.commons.codec.binary.Base64;
  */
 public abstract class PasswordUtil {
 
+    /** logging object */
+    private final static Logger logger = Logger.getLogger(PasswordUtil.class);
+
     /**
      * returns password (pos 0) and the salt (pos 1) of given plaintext password. Both strings are base64 encoded
      *
@@ -73,8 +77,30 @@ public abstract class PasswordUtil {
      * @throws SecurityException if the creation of the salt fails
      */
     public static String createSaltString(int saltLength) throws SecurityException {
-        byte[] salt = createSalt(saltLength);
-        return base64Encode(salt);
+        byte[] saltByteArray = createSalt(saltLength);
+        String saltString = base64Encode(saltByteArray);
+        if (saltString.length() > saltLength) {
+            return saltString.substring(0, saltLength);
+        } else {
+            return saltString;
+        }
+    }
+
+    /** returns a random string with total length starting with prefix string
+     *
+     * @param prefix the prefix to start the string with
+     * @param length the maximum length of the string (including prefix)
+     * @return a random string
+     *
+     * @throws SecurityException if the random string could not be computed
+     */
+    public static String getRandomString(String prefix, int length) throws SecurityException {
+        if (prefix == null) {
+            prefix = "";
+        }
+        int idLength = length - prefix.length();
+        return prefix + createSaltString(idLength);
+
     }
 
 
@@ -90,6 +116,7 @@ public abstract class PasswordUtil {
     private static byte[] createSalt(int saltLength) throws SecurityException {
         try {
             SecureRandom sha1SecureRandom = SecureRandom.getInstance("SHA1PRNG");
+
             byte salt[] = new byte[saltLength];
             synchronized (sha1SecureRandom) {
                 sha1SecureRandom.nextBytes(salt);
@@ -102,10 +129,12 @@ public abstract class PasswordUtil {
 
     /**
      * hashes the given password (md5 hashed, base64 coded) with the given salt
+     *
      * @param text the text to salt
      * @param salt the salt to use
      * @return the input text salted with password
-     * @throws SecurityException 
+     *
+     * @throws SecurityException
      */
     private static byte[] hashPasswordWithSalt(byte text[], byte salt[]) throws SecurityException {
         try {
diff --git a/security/src/test/java/de/muehlencord/shared/security/PasswordUtilTest.java b/security/src/test/java/de/muehlencord/shared/security/PasswordUtilTest.java
index 4da5f2a..da64734 100644
--- a/security/src/test/java/de/muehlencord/shared/security/PasswordUtilTest.java
+++ b/security/src/test/java/de/muehlencord/shared/security/PasswordUtilTest.java
@@ -111,5 +111,41 @@ public class PasswordUtilTest {
     result = PasswordUtil.checkPassword(plainTextPassword, cryptedPassword, salt3);
     assertEquals(expResult, result);        
   }
+  
+    @Test
+    public void getRandomString() throws SecurityException {
+        System.out.println ("getRandomString"); 
+        String randomString = PasswordUtil.getRandomString("test-", 32);
+        System.out.println(randomString);
+        assertNotNull(randomString);
+        assertTrue("string must start with prefix", randomString.startsWith("test"));
+        assertEquals("string length check", 32, randomString.length());
+        
+        String randomString2 = PasswordUtil.getRandomString("test-", 32);
+        System.out.println(randomString2);
+        assertNotNull(randomString2);
+        assertTrue("string must start with prefix", randomString2.startsWith("test"));
+        assertEquals("string length check", 32, randomString2.length()); 
+        
+        assertNotSame(randomString, randomString2);
+    }
+
+    @Test
+    public void getRandomStringBlankPrefix() throws SecurityException {
+        System.out.println ("getRandomStringBlankPrefix"); 
+        String randomString = PasswordUtil.getRandomString("", 32);
+        System.out.println(randomString);
+        assertNotNull(randomString);
+        assertEquals("string length check", 32, randomString.length());
+    }
+
+    @Test
+    public void getRandomStringNullPrefix() throws SecurityException {
+        System.out.println ("getRandomStringNullPrefix"); 
+        String randomString = PasswordUtil.getRandomString(null, 32);
+        System.out.println(randomString);
+        assertNotNull(randomString);
+        assertEquals("string length check", 32, randomString.length());
+    }  
 
 }
\ No newline at end of file