diff --git a/cli_create.sh b/cli_create.sh
index 4529c8e..31f1cdc 100644
--- a/cli_create.sh
+++ b/cli_create.sh
@@ -3,33 +3,33 @@ set -euo pipefail
 
 deps=(curl jq)
 for cmd in "${deps[@]}"; do
-	which ${cmd} >/dev/null || {
-		echo "'${cmd}' util is required for this script"
-		exit 1
-	}
+  which ${cmd} >/dev/null || {
+    echo "'${cmd}' util is required for this script"
+    exit 1
+  }
 done
 
 # Get secret from CLI argument
 SECRET=${1:-}
 [[ -n $SECRET ]] || {
-	echo "Usage: $0 'secret to share'"
-	exit 1
+  echo "Usage: $0 'secret to share'"
+  exit 1
 }
 
 # Generate a random 8 character password
 pass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 8 || true)
 
 # Encrypt the secret
-ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -md md5 2>/dev/null)
+ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 2>/dev/null)
 
 # Create a secret and extract the secret ID
 id=$(
-	curl -sSf \
-		-X POST \
-		-H 'content-type: application/json' \
-		-d "$(jq --arg secret "${ciphertext}" -cn '{"secret": $secret}')" \
-		https://ots.fyi/api/create |
-		jq -r '.secret_id'
+  curl -sSf \
+    -X POST \
+    -H 'content-type: application/json' \
+    -d "$(jq --arg secret "${ciphertext}" -cn '{"secret": $secret}')" \
+    https://ots.fyi/api/create |
+    jq -r '.secret_id'
 )
 
 # Display URL to user
diff --git a/cli_get.sh b/cli_get.sh
index 137fa93..03ce712 100644
--- a/cli_get.sh
+++ b/cli_get.sh
@@ -3,17 +3,17 @@ set -euo pipefail
 
 deps=(curl jq)
 for cmd in "${deps[@]}"; do
-	which ${cmd} >/dev/null || {
-		echo "'${cmd}' util is required for this script"
-		exit 1
-	}
+  which ${cmd} >/dev/null || {
+    echo "'${cmd}' util is required for this script"
+    exit 1
+  }
 done
 
 # Get URL from CLI argument
 url="${1:-}"
 [[ -n $url ]] || {
-	echo "Usage: $0 'URL to get the secret'"
-	exit 1
+  echo "Usage: $0 'URL to get the secret'"
+  exit 1
 }
 # normalize url and extract parts
 url="${url/|/%7C}"
@@ -25,4 +25,4 @@ geturl="${host}/api/get/${id}"
 
 # fetch secret and decrypt to STDOUT
 curl -sSf "${geturl}" | jq -r ".secret" |
-	openssl aes-256-cbc -base64 -pass "pass:${pass}" -md md5 -d 2>/dev/null
+  openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 -d 2>/dev/null