diff --git a/server/decrypt.go b/server/decrypt.go
index 3ff37e3738bfa7bfa6c7401e29c73017eec37b54..819335582875758e9d92b23cf0f55cba1c7ed853 100644
--- a/server/decrypt.go
+++ b/server/decrypt.go
@@ -1,14 +1,31 @@
 package server
 
 import (
+	"errors"
+
 	"github.com/miscreant/miscreant/go"
 	"golang.org/x/crypto/scrypt"
 )
 
+const (
+	scryptN = 32768
+	scryptR = 8
+	scryptP = 1
+	keyLen  = 64
+	saltLen = 32
+)
+
 func decrypt(data, pw []byte) ([]byte, error) {
+	// The KDF salt is prepended to the encrypted key.
+	if len(data) < saltLen {
+		return nil, errors.New("short data")
+	}
+	salt := data[:saltLen]
+	data = data[saltLen:]
+
 	// Apply the key derivation function to the password to obtain
 	// a 64 byte key.
-	dk, err := scrypt.Key(pw, nil, 16384, 1, 8, 64)
+	dk, err := scrypt.Key(pw, salt, scryptN, scryptR, scryptP, keySize)
 	if err != nil {
 		return nil, err
 	}