diff --git a/system/core/Security.php b/system/core/Security.php
index e7772e0..607cadc 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -612,7 +612,7 @@ public function xss_hash()
 		{
 			$rand = $this->get_random_bytes(16);
 			$this->_xss_hash = ($rand === FALSE)
-				? md5(uniqid(mt_rand(), TRUE))
+				? sha256(uniqid(mt_rand(), TRUE))
 				: bin2hex($rand);
 		}
 
@@ -1101,7 +1101,7 @@ protected function _csrf_set_hash()
 
 			$rand = $this->get_random_bytes(16);
 			$this->_csrf_hash = ($rand === FALSE)
-				? md5(uniqid(mt_rand(), TRUE))
+				? sha256(uniqid(mt_rand(), TRUE))
 				: bin2hex($rand);
 		}
 
diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php
index d140163..82e8266 100644
--- a/system/libraries/Session/drivers/Session_memcached_driver.php
+++ b/system/libraries/Session/drivers/Session_memcached_driver.php
@@ -169,7 +169,7 @@ public function read($session_id)
 			$this->_session_id = $session_id;
 
 			$session_data = (string) $this->_memcached->get($this->_key_prefix.$session_id);
-			$this->_fingerprint = md5($session_data);
+			$this->_fingerprint = sha256($session_data);
 			return $session_data;
 		}
 
@@ -201,14 +201,14 @@ public function write($session_id, $session_data)
 				return $this->_failure;
 			}
 
-			$this->_fingerprint = md5('');
+			$this->_fingerprint = sha256('');
 			$this->_session_id = $session_id;
 		}
 
 		$key = $this->_key_prefix.$session_id;
 
 		$this->_memcached->replace($this->_lock_key, time(), 300);
-		if ($this->_fingerprint !== ($fingerprint = md5($session_data)))
+		if ($this->_fingerprint !== ($fingerprint = sha256($session_data)))
 		{
 			if ($this->_memcached->set($key, $session_data, $this->_config['expiration']))
 			{
diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php
index 269dfcd..e861782 100644
--- a/system/libraries/Session/drivers/Session_redis_driver.php
+++ b/system/libraries/Session/drivers/Session_redis_driver.php
@@ -222,7 +222,7 @@ public function read($session_id)
 				? $this->_key_exists = TRUE
 				: $session_data = '';
 
-			$this->_fingerprint = md5($session_data);
+			$this->_fingerprint = sha256($session_data);
 			return $session_data;
 		}
 
@@ -259,7 +259,7 @@ public function write($session_id, $session_data)
 		}
 
 		$this->_redis->{$this->_setTimeout_name}($this->_lock_key, 300);
-		if ($this->_fingerprint !== ($fingerprint = md5($session_data)) OR $this->_key_exists === FALSE)
+		if ($this->_fingerprint !== ($fingerprint = sha256($session_data)) OR $this->_key_exists === FALSE)
 		{
 			if ($this->_redis->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration']))
 			{