diff --git a/ktvmanager/lib/encryption.py b/ktvmanager/lib/encryption.py
index e1ae823..521ce63 100644
--- a/ktvmanager/lib/encryption.py
+++ b/ktvmanager/lib/encryption.py
@@ -1,30 +1,26 @@
 import os
-import hashlib
-from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+from Crypto.Cipher import AES
+from Crypto.Protocol.KDF import PBKDF2
+from Crypto.Random import get_random_bytes
 
 SECRET = "BBLBTV-DNS-PASSWORDS"
-KEY = hashlib.sha256(SECRET.encode()).digest()
-ALGORITHM = "aes-256-gcm"
-IV_LENGTH = 16
-AUTH_TAG_LENGTH = 16
+SALT_SIZE = 16
+KEY_SIZE = 32
+ITERATIONS = 100000
 
 def encrypt_password(clear_string):
-    iv = os.urandom(IV_LENGTH)
-    aesgcm = AESGCM(KEY)
-    
-    ciphertext_and_tag = aesgcm.encrypt(iv, clear_string.encode(), None)
-    ciphertext = ciphertext_and_tag[:-AUTH_TAG_LENGTH]
-    tag = ciphertext_and_tag[-AUTH_TAG_LENGTH:]
-    
-    return (iv + tag + ciphertext).hex()
+    salt = get_random_bytes(SALT_SIZE)
+    key = PBKDF2(SECRET, salt, dkLen=KEY_SIZE, count=ITERATIONS)
+    cipher = AES.new(key, AES.MODE_GCM)
+    ciphertext, tag = cipher.encrypt_and_digest(clear_string.encode())
+    return (salt + cipher.nonce + tag + ciphertext).hex()
 
 def decrypt_password(encrypted_string):
     data = bytes.fromhex(encrypted_string)
-    
-    iv = data[:IV_LENGTH]
-    tag = data[IV_LENGTH:IV_LENGTH + AUTH_TAG_LENGTH]
-    ciphertext = data[IV_LENGTH + AUTH_TAG_LENGTH:]
-    
-    aesgcm = AESGCM(KEY)
-    decrypted_bytes = aesgcm.decrypt(iv, ciphertext + tag, None)
-    return decrypted_bytes.decode()
+    salt = data[:SALT_SIZE]
+    nonce = data[SALT_SIZE:SALT_SIZE + 16]
+    tag = data[SALT_SIZE + 16:SALT_SIZE + 32]
+    ciphertext = data[SALT_SIZE + 32:]
+    key = PBKDF2(SECRET, salt, dkLen=KEY_SIZE, count=ITERATIONS)
+    cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
+    return cipher.decrypt_and_verify(ciphertext, tag).decode()