diff --git a/daemon/worker.c b/daemon/worker.c
index a23c4994b..2697ea653 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -1671,14 +1671,14 @@ worker_create(struct daemon* daemon, int id, int* ports, int n)
 		(((unsigned int)worker->thread_num)<<17);
 		/* shift thread_num so it does not match out pid bits */
 	if(!(worker->rndstate = ub_initstate(seed, daemon->rand))) {
-		seed = 0;
+		explicit_bzero(&seed, sizeof(seed));
 		log_err("could not init random numbers.");
 		tube_delete(worker->cmd);
 		free(worker->ports);
 		free(worker);
 		return NULL;
 	}
-	seed = 0;
+	explicit_bzero(&seed, sizeof(seed));
 #ifdef USE_DNSTAP
 	if(daemon->cfg->dnstap) {
 		log_assert(daemon->dtenv != NULL);
diff --git a/doc/Changelog b/doc/Changelog
index 1a695bc35..38efef4ad 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+13 September 2018: Wouter
+	- Fix seed for random backup code to use explicit zero when wiped.
+
 11 September 2018: Wouter
 	- Fixed unused return value warnings in contrib/fastrpz.patch for
 	  asprintf.