diff --git a/js/privatebin.js b/js/privatebin.js
index 6d24a580..79b2d40a 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -741,15 +741,18 @@ jQuery.PrivateBin = (function($, RawDeflate) {
         async function deriveKey(key, password, spec)
         {
             let keyArray = StrToArr(key);
-            if ((password || '').trim().length > 0) {
-                let passwordBuffer = await window.crypto.subtle.digest(
-                    {name: 'SHA-256'},
-                    StrToArr(utob(password))
-                );
-                let hexHash = Array.prototype.map.call(
-                    new Uint8Array(passwordBuffer), x => ('00' + x.toString(16)).slice(-2)
-                ).join('');
-                let passwordArray = StrToArr(hexHash),
+            if (password.length > 0) {
+                // version 1 pastes did append the passwords SHA-256 hash in hex
+                if (spec[7] === 'rawdeflate') {
+                    let passwordBuffer = await window.crypto.subtle.digest(
+                        {name: 'SHA-256'},
+                        StrToArr(utob(password))
+                    );
+                    password = Array.prototype.map.call(
+                        new Uint8Array(passwordBuffer), x => ('00' + x.toString(16)).slice(-2)
+                    ).join('');
+                }
+                let passwordArray = StrToArr(password),
                     newKeyArray = new Uint8Array(keyArray.length + passwordArray.length);
                 newKeyArray.set(keyArray, 0);
                 newKeyArray.set(passwordArray, keyArray.length);
@@ -779,7 +782,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                     length: spec[3] // can be 128, 192 or 256
                 },
                 false, // the key may not be exported
-                ['encrypt', 'decrypt'] // we use it for de- and encryption
+                ['encrypt', 'decrypt'] // we may only use it for en- and decryption
             );
         }
 
@@ -868,7 +871,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
          */
         me.decipher = async function(key, password, data)
         {
-            let adataString, encodedSpec, compression, cipherMessage;
+            let adataString, encodedSpec, cipherMessage;
             if (data instanceof Array) {
                 // version 2
                 adataString = JSON.stringify(data[1]);
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index 4bf67fbb..13a3d5e2 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -71,7 +71,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-i5UkiqPD3iKG9PN5jspS3LhMrJQz5HLDEqXuPrVTr/yKY5FpGbhY5hZ72YLU6ixElnZpW7gPDnkf8GmLSc/N4Q==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-BMDTPcsLubRhuPDWSsWRfrgNcARqphGfrYU3sW7tNJDytuPqffzVzPA5U4UvIDrw80kCYKN0eyZ0YjnjZ8tERg==" crossorigin="anonymous"></script>
 		<!--[if lt IE 10]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
 		<![endif]-->
diff --git a/tpl/page.php b/tpl/page.php
index 5c38f715..d3c652f2 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -49,7 +49,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-i5UkiqPD3iKG9PN5jspS3LhMrJQz5HLDEqXuPrVTr/yKY5FpGbhY5hZ72YLU6ixElnZpW7gPDnkf8GmLSc/N4Q==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-BMDTPcsLubRhuPDWSsWRfrgNcARqphGfrYU3sW7tNJDytuPqffzVzPA5U4UvIDrw80kCYKN0eyZ0YjnjZ8tERg==" crossorigin="anonymous"></script>
 		<!--[if lt IE 10]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
 		<![endif]-->