diff --git a/cmd/ck-client/ck-client.go b/cmd/ck-client/ck-client.go
index 08282d5..38bf95d 100644
--- a/cmd/ck-client/ck-client.go
+++ b/cmd/ck-client/ck-client.go
@@ -8,7 +8,6 @@ import (
 	"flag"
 	"fmt"
 	"github.com/cbeuw/Cloak/internal/common"
-	"math/rand"
 	"net"
 	"os"
 
@@ -174,10 +173,13 @@ func main() {
 		log.Infof("Listening on %v %v for %v client", network, localConfig.LocalAddr, authInfo.ProxyMethod)
 		seshMaker = func() *mux.Session {
 			authInfo := authInfo // copy the struct because we are overwriting SessionId
+
+			randByte := make([]byte, 1)
+			common.RandRead(authInfo.WorldState.Rand, randByte)
+			authInfo.MockDomain = localConfig.MockDomainList[int(randByte[0])%len(localConfig.MockDomainList)]
+
 			// sessionID is usergenerated. There shouldn't be a security concern because the scope of
 			// sessionID is limited to its UID.
-
-			authInfo.MockDomain = localConfig.MockDomainList[rand.Intn(len(localConfig.MockDomainList))]
 			quad := make([]byte, 4)
 			common.RandRead(authInfo.WorldState.Rand, quad)
 			authInfo.SessionId = binary.BigEndian.Uint32(quad)
diff --git a/cmd/ck-client/protector_android.go b/cmd/ck-client/protector_android.go
index 639b98c..fbaea7b 100644
--- a/cmd/ck-client/protector_android.go
+++ b/cmd/ck-client/protector_android.go
@@ -1,4 +1,5 @@
 // +build android
+
 package main
 
 // Stolen from https://github.com/shadowsocks/overture/blob/shadowsocks/core/utils/utils_android.go