diff --git a/core/lib/Drupal/Component/Utility/Crypt.php b/core/lib/Drupal/Component/Utility/Crypt.php
index 7791b05a1a76d5dd4bd9f2300e1b965475f458d5..45f3a80a24d8c193ec350c12e48a6d3caad4cf98 100644
--- a/core/lib/Drupal/Component/Utility/Crypt.php
+++ b/core/lib/Drupal/Component/Utility/Crypt.php
@@ -28,10 +28,13 @@ class Crypt {
    * @return string
    *   A randomly generated string.
    *
-   * @todo Deprecate in favor of random_bytes().
-   *   https://www.drupal.org/node/3054311
+   * @deprecated in Drupal 8.8.0 and will be removed before Drupal 9.0.0.
+   *   Use PHP's built-in random_bytes() function instead.
+   *
+   * @see https://www.drupal.org/node/3054488
    */
   public static function randomBytes($count) {
+    @trigger_error(__CLASS__ . '::randomBytes() is deprecated in Drupal 8.8.0 and will be removed before Drupal 9.0.0. Use PHP\'s built-in random_bytes() function instead. See https://www.drupal.org/node/3054488', E_USER_DEPRECATED);
     return random_bytes($count);
   }
 
@@ -107,7 +110,7 @@ public static function hashEquals($known_string, $user_string) {
    * @see \Drupal\Component\Utility\Crypt::randomBytes()
    */
   public static function randomBytesBase64($count = 32) {
-    return str_replace(['+', '/', '='], ['-', '_', ''], base64_encode(static::randomBytes($count)));
+    return str_replace(['+', '/', '='], ['-', '_', ''], base64_encode(random_bytes($count)));
   }
 
 }
diff --git a/core/lib/Drupal/Component/Uuid/Php.php b/core/lib/Drupal/Component/Uuid/Php.php
index e6d2d6b7b96fe1ce65b21c80fd8caf503918da43..579e3ef3d8688f6b87873e94ce3c2205b61f7b3a 100644
--- a/core/lib/Drupal/Component/Uuid/Php.php
+++ b/core/lib/Drupal/Component/Uuid/Php.php
@@ -2,8 +2,6 @@
 
 namespace Drupal\Component\Uuid;
 
-use Drupal\Component\Utility\Crypt;
-
 /**
  * Generates a UUID v4 (RFC 4122 section 4.4) using PHP code.
  *
@@ -17,7 +15,7 @@ class Php implements UuidInterface {
    */
   public function generate() {
     // Obtain a random string of 32 hex characters.
-    $hex = bin2hex(Crypt::randomBytes(16));
+    $hex = bin2hex(random_bytes(16));
 
     // The variable names $time_low, $time_mid, $time_hi_and_version,
     // $clock_seq_hi_and_reserved, $clock_seq_low, and $node correlate to
diff --git a/core/lib/Drupal/Component/Uuid/composer.json b/core/lib/Drupal/Component/Uuid/composer.json
index b63bf96f8eab0d2e743cfbc202d04ff12c3b0c15..67c13893e5a3f02529b345ca70676d97c341fc8d 100644
--- a/core/lib/Drupal/Component/Uuid/composer.json
+++ b/core/lib/Drupal/Component/Uuid/composer.json
@@ -9,8 +9,7 @@
     "source": "https://www.drupal.org/project/drupal/git-instructions"
   },
   "require": {
-    "php": ">=7.0.8",
-    "drupal/core-utility": "^8.2"
+    "php": ">=7.0.8"
   },
   "autoload": {
     "psr-4": {
diff --git a/core/lib/Drupal/Core/Password/PhpassHashedPassword.php b/core/lib/Drupal/Core/Password/PhpassHashedPassword.php
index 75083e2b5d5b6219aea92c982ea9dfe182ba5b61..2868c56f1cfad2c9c5ee28cbff047bc887a2baae 100644
--- a/core/lib/Drupal/Core/Password/PhpassHashedPassword.php
+++ b/core/lib/Drupal/Core/Password/PhpassHashedPassword.php
@@ -108,7 +108,7 @@ protected function generateSalt() {
     // We encode the final log2 iteration count in base 64.
     $output .= static::$ITOA64[$this->countLog2];
     // 6 bytes is the standard salt for a portable phpass hash.
-    $output .= $this->base64Encode(Crypt::randomBytes(6), 6);
+    $output .= $this->base64Encode(random_bytes(6), 6);
     return $output;
   }
 
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 47771e2e61de922cb496ab5fda4be89421145e4d..6f46ca3b0e74c566828546400bfbea61afb965b5 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -314,7 +314,7 @@ function user_password($length = 10) {
   for ($i = 0; $i < $length; $i++) {
     do {
       // Find a secure random number within the range needed.
-      $index = ord(Crypt::randomBytes(1));
+      $index = ord(random_bytes(1));
     } while ($index > $len);
 
     // Each iteration, pick a random character from the
diff --git a/core/tests/Drupal/Tests/Component/Utility/CryptTest.php b/core/tests/Drupal/Tests/Component/Utility/CryptTest.php
index 80208ef294f52ac69af244a8fb5bfe3b2b3e35d5..233c1bfad201542f93f85a02f7438283128f610c 100644
--- a/core/tests/Drupal/Tests/Component/Utility/CryptTest.php
+++ b/core/tests/Drupal/Tests/Component/Utility/CryptTest.php
@@ -18,17 +18,11 @@ class CryptTest extends TestCase {
    * Tests random byte generation.
    *
    * @covers ::randomBytes
-   *
-   * @see \Drupal\Tests\Component\Utility\CryptRandomFallbackTest::testRandomBytesFallback
+   * @expectedDeprecation Drupal\Component\Utility\Crypt::randomBytes() is deprecated in Drupal 8.8.0 and will be removed before Drupal 9.0.0. Use PHP's built-in random_bytes() function instead. See https://www.drupal.org/node/3054488
+   * @group legacy
    */
   public function testRandomBytes() {
-    for ($i = 1; $i < 10; $i++) {
-      $count = rand(10, 10000);
-      // Check that different values are being generated.
-      $this->assertNotEquals(Crypt::randomBytes($count), Crypt::randomBytes($count));
-      // Check the length.
-      $this->assertEquals(strlen(Crypt::randomBytes($count)), $count);
-    }
+    $this->assertSame(16, strlen(Crypt::randomBytes(16)));
   }
 
   /**