diff --git a/src/cli.rs b/src/cli.rs
index 451f9d5..1584be6 100644
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -9,21 +9,19 @@ use structopt::StructOpt;
 
 use ctap::{FidoCredential, FidoErrorKind};
 
-use std::io::{Read, Write};
+use std::io::Write;
 use std::str::FromStr;
 use std::thread;
 use std::time::Duration;
 
 use std::borrow::Cow;
 use std::collections::HashSet;
-use std::fs::File;
+
 use std::time::SystemTime;
 
 pub use cli_args::Args;
-use failure::ResultExt;
-use std::collections::hash_map::RandomState;
+
 use std::iter::FromIterator;
-use std::path::PathBuf;
 
 fn read_pin() -> Fido2LuksResult<String> {
     util::read_password("Authenticator PIN", false)
@@ -96,9 +94,13 @@ pub fn read_password_pin_prefixed(
         Some(ref pin) if read.len() > pin.len() => {
             read.chars().skip(pin.len() + 1).collect::<String>()
         }
-        _ => String::new(),
+        Some(_) => String::new(),
+        _ => read
+            .chars()
+            .skip(read.chars().next().map(|c| c == separator).unwrap_or(false) as usize)
+            .collect::<String>(),
     };
-    Ok((pin, util::sha256(&[password.as_bytes()])))
+    Ok((dbg!(pin), util::sha256(&[dbg!(password).as_bytes()])))
 }
 
 pub fn parse_cmdline() -> Args {
@@ -231,7 +233,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
                             (None, secret.salt.obtain_sha256(&phelper)?)
                         }
 
-                        (phelper, pin, _, _) => (
+                        (_phelper, pin, _, _) => (
                             if pin { Some(read_pin()?) } else { None },
                             match &secret.password_helper {
                                 None | Some(PasswordHelper::Stdin) => {
@@ -597,19 +599,27 @@ mod test {
     #[test]
     fn test_read_password_pin_prefixed() {
         assert_eq!(
-            read_password_pin_prefixed(|| OK("1234:test")),
-            Ok((Some("1234".to_string()), util::sha256(&["test".as_bytes()])))
+            read_password_pin_prefixed(|| Ok("1234:test".into())).unwrap(),
+            (Some("1234".to_string()), util::sha256(&["test".as_bytes()]))
         );
         assert_eq!(
-            read_password_pin_prefixed(|| OK(":test")),
-            Ok((None, util::sha256(&["test".as_bytes()])))
+            read_password_pin_prefixed(|| Ok(":test".into())).unwrap(),
+            (None, util::sha256(&["test".as_bytes()]))
         );
         assert_eq!(
-            read_password_pin_prefixed(|| OK("1234::test")),
-            Ok((
+            read_password_pin_prefixed(|| Ok("1234::test".into())).unwrap(),
+            (
                 Some("1234".to_string()),
                 util::sha256(&[":test".as_bytes()])
-            ))
+            )
+        );
+        assert_eq!(
+            read_password_pin_prefixed(|| Ok("1234".into())).unwrap(),
+            (Some("1234".to_string()), util::sha256(&["".as_bytes()]))
+        );
+        assert_eq!(
+            read_password_pin_prefixed(|| Ok(":test".into())).unwrap(),
+            (None, util::sha256(&["test".as_bytes()]))
         );
     }
 }
diff --git a/src/cli_args/config.rs b/src/cli_args/config.rs
index d2ef46c..cde093f 100644
--- a/src/cli_args/config.rs
+++ b/src/cli_args/config.rs
@@ -198,7 +198,7 @@ mod test {
     fn input_salt_obtain() {
         assert_eq!(
             SecretInput::String("abc".into())
-                .obtain(&PasswordHelper::Stdin)
+                .obtain_sha256(&PasswordHelper::Stdin)
                 .unwrap(),
             [
                 186, 120, 22, 191, 143, 1, 207, 234, 65, 65, 64, 222, 93, 174, 34, 35, 176, 3, 97,