diff --git a/api/validate.go b/api/validate.go
index 65c7ace3..a056e69c 100644
--- a/api/validate.go
+++ b/api/validate.go
@@ -52,7 +52,8 @@ func CheckCSRF(apiContext *types.APIContext) error {
 
 	cookie, err := apiContext.Request.Cookie(csrfCookie)
 	if err == http.ErrNoCookie {
-		bytes := make([]byte, 5)
+		// 16 bytes = 32 Hex Char = 128 bit entropy
+		bytes := make([]byte, 16)
 		_, err := rand.Read(bytes)
 		if err != nil {
 			return httperror.WrapAPIError(err, httperror.ServerError, "Failed in CSRF processing")