diff --git a/src/object/manifest.c b/src/object/manifest.c
index de150a72..a50e2889 100644
--- a/src/object/manifest.c
+++ b/src/object/manifest.c
@@ -1,3 +1,5 @@
+#include <stdlib.h>
+
 #include "object/manifest.h"
 
 #include "algorithm.h"
@@ -192,8 +194,8 @@ build_rpp(struct Manifest *mft, struct rpki_uri *notif,
     struct rpki_uri *mft_uri, struct rpp **pp)
 {
 	char const *tal;
-	int i;
-	struct FileAndHash *fah;
+	int i, j;
+	struct FileAndHash *fah, *tmpfah;
 	struct rpki_uri *uri;
 	int error;
 
@@ -201,6 +203,15 @@ build_rpp(struct Manifest *mft, struct rpki_uri *notif,
 
 	tal = tal_get_file_name(validation_tal(state_retrieve()));
 
+	/* Fisher-Yates shuffle with modulo bias */
+	srand(time(NULL) ^ getpid());
+	for (i = 0; i < mft->fileList.list.count; i++) {
+		j = rand() % mft->fileList.list.count;
+		tmpfah = mft->fileList.list.array[j];
+		mft->fileList.list.array[j] = mft->fileList.list.array[i];
+		mft->fileList.list.array[i] = tmpfah;
+	}
+
 	for (i = 0; i < mft->fileList.list.count; i++) {
 		fah = mft->fileList.list.array[i];