diff --git a/sshenc.sh b/sshenc.sh
index 72e9609..c1a2299 100755
--- a/sshenc.sh
+++ b/sshenc.sh
@@ -66,7 +66,7 @@ if [[ "${#public_key[@]}" > 0 ]]; then
     done
     echo "-- /keys"
 
-    if cat | openssl enc -aes-256-cbc -salt -pass file:"$temp_file_key" > "$temp_file"; then
+    if cat | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -salt -pass file:"$temp_file_key" > "$temp_file"; then
         openssl base64 -A < "$temp_file"
     fi
 
@@ -91,7 +91,7 @@ elif [[ -e "$private_key" ]]; then
     for key in "${keys[@]}"
     do
         if ((echo "$key" | openssl base64 -d -A | openssl rsautl -decrypt -ssl -inkey "$private_key" > "$temp_file") > /dev/null 2>&1); then
-            if echo "$cypher" | openssl base64 -d -A | openssl aes-256-cbc -d -pass file:"$temp_file"; then
+            if echo "$cypher" | openssl base64 -d -A | openssl aes-256-cbc -pbkdf2 -iter 100000 -d -pass file:"$temp_file"; then
                 decrypted=true
             fi
         fi