diff --git a/README.org b/README.org
index bd42e52d1..f100cdd6e 100644
--- a/README.org
+++ b/README.org
@@ -22,8 +22,8 @@ Call it an FTP client, an S3 viewer or a Dropbox like web app, Nuage leverages y
 - emacs keybindings `;)`
 
 * What about my credentials?
-Credentials are stored in your browser in a http only cookie encrypted using aes-256-ctr and aren't persistent in the server disk at all.
-The "remember me" feature relies on localstorage to store your credentials encrypted using aes-256-ctr.
+Credentials are stored in your browser in a http only cookie encrypted using aes-256-cbc and aren't persistent in the server disk at all.
+The "remember me" feature relies on localstorage to store your credentials encrypted using aes-256-cbc.
 
 Note that on the FTP and sFTP, sessions connections aren't destroyed on every request but are reused and killed after 2 minutes. The reasoning is connections are expensive to create and this trick make the entire application feel much much faster for users who tries to navigate.
 
diff --git a/client/utilities/crypto.js b/client/utilities/crypto.js
index ea492ab8f..6718dacd7 100644
--- a/client/utilities/crypto.js
+++ b/client/utilities/crypto.js
@@ -1,5 +1,5 @@
 import crypto from 'crypto';
-const algorithm = 'aes-256-ctr';
+const algorithm = 'aes-256-cbc';
 
 export function encrypt(obj, key){
     const cipher = crypto.createCipher(algorithm, key);
diff --git a/server/utils/crypto.js b/server/utils/crypto.js
index 83c8483b9..368195f64 100644
--- a/server/utils/crypto.js
+++ b/server/utils/crypto.js
@@ -1,21 +1,21 @@
-var crypto = require('crypto'),
-    algorithm = 'aes-256-ctr',
-    password = process.env.SECRET_KEY || '123';
+const crypto = require('crypto'),
+    algorithm = 'aes-256-cbc',
+    password = require('../../config.js')['server_secret'];
 
 module.exports = {
     encrypt: function(obj){
         obj.date = new Date().getTime();
-        let text = JSON.stringify(obj);
-        var cipher = crypto.createCipher(algorithm,password)
-        var crypted = cipher.update(text,'utf8','base64')
+        const text = JSON.stringify(obj);
+        const cipher = crypto.createCipher(algorithm, password);
+        let crypted = cipher.update(text, 'utf8', 'base64');
         crypted += cipher.final('base64');
         return crypted;
     },
     decrypt: function(text){
         var dec;
         try{
-            var decipher = crypto.createDecipher(algorithm,password)
-            dec = decipher.update(text,'base64','utf8')
+            const decipher = crypto.createDecipher(algorithm, password);
+            dec = decipher.update(text, 'base64', 'utf8');
             dec += decipher.final('utf8');
             dec = JSON.parse(dec);
         }catch(err){