diff --git a/lib/src/ssss.dart b/lib/src/ssss.dart
index 219e525..cb2b3ff 100644
--- a/lib/src/ssss.dart
+++ b/lib/src/ssss.dart
@@ -5,7 +5,6 @@ import 'package:encrypt/encrypt.dart';
 import 'package:crypto/crypto.dart';
 import 'package:base58check/base58.dart';
 import 'package:password_hash/password_hash.dart';
-import 'package:random_string/random_string.dart';
 
 import 'client.dart';
 import 'account_data.dart';
@@ -243,8 +242,7 @@ class SSSS {
       print('[SSSS] Warn: No devices');
       return;
     }
-    final requestId =
-        randomString(512) + DateTime.now().millisecondsSinceEpoch.toString();
+    final requestId = client.generateUniqueTransactionId();
     final request = _ShareRequest(
       requestId: requestId,
       type: type,
@@ -298,12 +296,22 @@ class SSSS {
       // receiving a secret we asked for
       print('[SSSS] Received shared secret...');
       if (event.sender != client.userID ||
-          !pendingShareRequests.containsKey(event.content['request_id'])) {
+          !pendingShareRequests.containsKey(event.content['request_id']) ||
+          event.encryptedContent == null) {
         print('[SSSS] Not by us or unknown request');
         return; // we have no idea what we just received
       }
       final request = pendingShareRequests[event.content['request_id']];
-      // alright, as we received a known request id we know that it must have originated from a trusted source
+      // alright, as we received a known request id, let's check if the sender is valid
+      final device = request.devices.firstWhere(
+          (d) =>
+              d.userId == event.sender &&
+              d.curve25519Key == event.encryptedContent['sender_key'],
+          orElse: () => null);
+      if (device == null) {
+        print('[SSSS] Someone else replied?');
+        return; // someone replied whom we didn't send the share request to
+      }
       pendingShareRequests.remove(request.requestId);
       if (!(event.content['secret'] is String)) {
         print('[SSSS] Secret wasn\'t a string');
diff --git a/lib/src/utils/device_keys_list.dart b/lib/src/utils/device_keys_list.dart
index c20cac6..211e2a3 100644
--- a/lib/src/utils/device_keys_list.dart
+++ b/lib/src/utils/device_keys_list.dart
@@ -261,15 +261,16 @@ abstract class SignedKey {
     return false;
   }
 
-  void setVerified(bool newVerified, [bool sign = true]) {
+  Future<void> setVerified(bool newVerified, [bool sign = true]) {
     _verified = newVerified;
     if (sign && client.crossSigning.signable([this])) {
       // sign the key!
       client.crossSigning.sign([this]);
     }
+    return Future.value();
   }
 
-  void setBlocked(bool newBlocked);
+  Future<void> setBlocked(bool newBlocked);
 
   Map<String, dynamic> toJson() {
     final data = Map<String, dynamic>.from(content);
@@ -291,16 +292,16 @@ class CrossSigningKey extends SignedKey {
       userId != null && publicKey != null && keys != null && ed25519Key != null;
 
   @override
-  void setVerified(bool newVerified, [bool sign = true]) {
+  Future<void> setVerified(bool newVerified, [bool sign = true]) {
     super.setVerified(newVerified, sign);
-    client.database?.setVerifiedUserCrossSigningKey(
+    return client.database?.setVerifiedUserCrossSigningKey(
         newVerified, client.id, userId, publicKey);
   }
 
   @override
-  void setBlocked(bool newBlocked) {
+  Future<void> setBlocked(bool newBlocked) {
     blocked = newBlocked;
-    client.database?.setBlockedUserCrossSigningKey(
+    return client.database?.setBlockedUserCrossSigningKey(
         newBlocked, client.id, userId, publicKey);
   }
 
@@ -351,14 +352,14 @@ class DeviceKeys extends SignedKey {
       ed25519Key != null;
 
   @override
-  void setVerified(bool newVerified, [bool sign = true]) {
+  Future<void> setVerified(bool newVerified, [bool sign = true]) {
     super.setVerified(newVerified, sign);
-    client.database
+    return client.database
         ?.setVerifiedUserDeviceKey(newVerified, client.id, userId, deviceId);
   }
 
   @override
-  void setBlocked(bool newBlocked) {
+  Future<void> setBlocked(bool newBlocked) {
     blocked = newBlocked;
     for (var room in client.rooms) {
       if (!room.encrypted) continue;
@@ -366,7 +367,7 @@ class DeviceKeys extends SignedKey {
         room.clearOutboundGroupSession();
       }
     }
-    client.database
+    return client.database
         ?.setBlockedUserDeviceKey(newBlocked, client.id, userId, deviceId);
   }
 
diff --git a/lib/src/utils/key_verification.dart b/lib/src/utils/key_verification.dart
index 4f171f8..1088ff4 100644
--- a/lib/src/utils/key_verification.dart
+++ b/lib/src/utils/key_verification.dart
@@ -1,5 +1,4 @@
 import 'dart:typed_data';
-import 'package:random_string/random_string.dart';
 import 'package:canonical_json/canonical_json.dart';
 import 'package:pedantic/pedantic.dart';
 import 'package:olm/olm.dart' as olm;
@@ -147,8 +146,7 @@ class KeyVerification {
 
   Future<void> start() async {
     if (room == null) {
-      transactionId =
-          randomString(512) + DateTime.now().millisecondsSinceEpoch.toString();
+      transactionId = client.generateUniqueTransactionId();
     }
     if (client.crossSigning.enabled &&
         !(await client.crossSigning.isCached()) &&
diff --git a/test/room_key_request_test.dart b/test/room_key_request_test.dart
index 5ff83c3..fa6229f 100644
--- a/test/room_key_request_test.dart
+++ b/test/room_key_request_test.dart
@@ -136,7 +136,7 @@ void main() {
     matrix.setUserId('@alice:example.com'); // we need to pretend to be alice
     FakeMatrixApi.calledEndpoints.clear();
     await matrix.userDeviceKeys['@alice:example.com'].deviceKeys['OTHERDEVICE']
-        .setVerified(true, matrix);
+        .setVerified(true);
     // test a successful share
     var event = ToDeviceEvent(
         sender: '@alice:example.com',