diff --git a/src/lib.rs b/src/lib.rs
index f4d7867..238be78 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -79,11 +79,12 @@ impl PamFido2Luks {
                 .collect();
             let credentials: Vec<&FidoCredential> = credentials.iter().collect();
             if !credentials.is_empty() {
+                let salt = util::sha256(&[password.as_bytes()]);
                 let secret = util::sha256(&[
-                    password.as_bytes(),
+                    &salt,
                     &perform_challenge(
                         &credentials[..],
-                        &util::sha256(&[password.as_bytes()]),
+                        &salt,
                         Duration::from_secs(15),
                         pin.map(AsRef::as_ref),
                     )?