diff --git a/code/app.py b/code/app.py
index c361818..bf2a550 100644
--- a/code/app.py
+++ b/code/app.py
@@ -7,7 +7,6 @@ from datetime import datetime
 from flask import Flask, render_template, jsonify, current_app, Response, \
     redirect, url_for, request, g, session, send_file, send_from_directory
 from werkzeug.utils import secure_filename
-import hashlib
 import zipfile
 from multiprocessing import Process
 from revprox import ReverseProxied
@@ -78,7 +77,7 @@ def authenticate(name):
         return render_template('authenticate.html',name=name)
     if request.method == 'POST':
         user_password = request.form['password'].encode('utf-8')
-        session[name] = password_hash(user_password)
+        session[name] = password_hash(user_password, app.secret_key)
         return redirect(url_for('list_view',name=name))
 
 @app.route('/upload/<name>/<password>', methods=['POST'])
diff --git a/code/flees-manager.py b/code/flees-manager.py
index 076a4b1..8425b3a 100755
--- a/code/flees-manager.py
+++ b/code/flees-manager.py
@@ -101,7 +101,7 @@ def add_share(shares, config, opts):
     if opts.password:
         if opts.plain:
             share['pass_plain'] = opts.password
-        share['pass_hash'] =  password_hash(opts.password)
+        share['pass_hash'] =  password_hash(opts.password, config['app_secret_key'])
     if opts.expire:
         try:
             date_object = datetime.strptime(opts.expire,"%Y-%m-%d %H:%M")
@@ -165,7 +165,7 @@ def modify_share(shares, config, opts):
     # ADD/Change a password
         if opts.plain:
             share['pass_plain'] = opts.password
-        share['pass_hash'] = password_hash(opts.password)
+        share['pass_hash'] = password_hash(opts.password, config['app_secret_key'])
 
     if opts.expire:
         if opts.expire == "":
diff --git a/code/utils/crypt.py b/code/utils/crypt.py
index 4ee9b7d..e4f7d42 100644
--- a/code/utils/crypt.py
+++ b/code/utils/crypt.py
@@ -44,11 +44,13 @@ def get_direct_token(share, filename):
     )
 
 
-def password_hash(string):
+def password_hash(string, salt=""):
     if type(string) == str:
         string = string.encode("utf-8")
+    if type(salt) == str:
+        salt = salt.encode("utf-8")
     return hashlib.sha1(
-        string
+        string+salt
     ).hexdigest()
 
 
diff --git a/code/utils/utils.py b/code/utils/utils.py
index ec0bf54..5b0e0ce 100644
--- a/code/utils/utils.py
+++ b/code/utils/utils.py
@@ -1,5 +1,4 @@
 import os
-import hashlib
 from datetime import datetime
 from flask import current_app as app