diff --git a/chrome_addon/compat.js b/chrome_addon/compat.js
index 0abf3aa..58da9eb 100644
--- a/chrome_addon/compat.js
+++ b/chrome_addon/compat.js
@@ -19,6 +19,7 @@
 
 function getPref(key)
 {
+    // Inspired from https://github.com/akiomik/chrome-storage-promise/
     var promise = new Promise((resolve, reject) => {
         chrome.storage.local.get(key, (items) => {
             let err = chrome.runtime.lastError;
diff --git a/chrome_addon/lib/main.js b/chrome_addon/lib/main.js
index 27bfd9f..17253ec 100644
--- a/chrome_addon/lib/main.js
+++ b/chrome_addon/lib/main.js
@@ -18,7 +18,7 @@
 */
 
 var DEBUG = true;
-var protocol_version = 3;
+var protocol_version = 4;
 
 SERVER = {OK : 0, FAILED : 1, RESTART_REQUEST : 2};
 
@@ -47,14 +47,24 @@ function debug(s)
 	console.log(s);
 }
 
-function generate_request(domain, login, mkey)
+async function generate_request(domain, login, mkey, iv, old)
 {
-    var v = "@@" + domain + ";" + login;
-    debug("will encrypt " + v);
-    //debug("with " + a2hex(mkey));
-    enc = encrypt(mkey, v);
-    //debug("res " + a2hex(enc));
-
+    if (old)
+    {
+	var v = "@@" + domain + ";" + login;
+	debug("will encrypt " + v);
+	enc = encrypt_ecb(mkey, v);
+    }
+    else
+    {
+	var v = domain + ";" + login;
+	debug("will encrypt " + v);
+	while ((v.length % 16))
+	    v += "\0";
+	hash = await digest(v);
+	v += hash.slice(8, 24);
+	enc = encrypt_cbc(mkey, iv, v);
+    }
     return enc;
 }
 
@@ -68,23 +78,43 @@ async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
 
     pbkdf2_level = await getPref("pbkdf2_level");
 
-    mkey = pbkdf2(mkey, salt, pbkdf2_level);
+    global_iv = await simple_pbkdf2(salt, mkey, pbkdf2_level);
+    global_iv = global_iv.slice(0, 16);
+    mkey = crypto_pbkdf2(mkey, salt, pbkdf2_level);
 
+    debug("global_iv " + a2hex(global_iv));
+    
     keys = "";
-    for(a=0, b=logins.length; a<logins.length; a++)
+    for(key_index=0, a=0; a<logins.length; a++, key_index++)
     {
-	enc = await generate_request(domain, logins[a], mkey);
+	enc = await generate_request(domain, logins[a], mkey, global_iv, 0);
 	keys += (keys.length != 0) ? "&" : "";
-	keys += "k" + a + "=" + a2hex(enc);
+	keys += "k" + key_index + "=" + a2hex(enc);
 
 	if (wdomain != "")
 	{
-	    enc = await generate_request(wdomain, logins[a], mkey);
+	    enc = await generate_request(wdomain, logins[a], mkey, global_iv, 0);
 	    keys += (keys.length != 0) ? "&" : "";
-		keys += "k" + (b++) + "=" + a2hex(enc);
+	    keys += "k" + (++key_index) + "=" + a2hex(enc);
 	}
     }
 
+    if (await getPref("crypto_v1_compatible"))
+    {
+	for(a=0; a<logins.length; a++, key_index++)
+	{
+	    enc = await generate_request(domain, logins[a], mkey, global_iv, 1);
+	    keys += (keys.length != 0) ? "&" : "";
+	    keys += "k" + key_index + "=" + a2hex(enc);
+
+	    if (wdomain != "")
+	    {
+		enc = await generate_request(wdomain, logins[a], mkey, global_iv, 1);
+		keys += (keys.length != 0) ? "&" : "";
+		keys += "k" + (++key_index) + "=" + a2hex(enc);
+	    }
+	}
+    }
     debug("Keys " + keys);
 
     var gPassRequest = new XMLHttpRequest();
@@ -96,6 +126,7 @@ async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
 	var ciphered_password = "";
 	var server_pbkdf2_level = 0;
 	var server_version = 0;
+	var matched_key = 0;
 
 	var r = this.responseText.split("\n");
 	debug("resp " + r);
@@ -143,13 +174,18 @@ async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
 			break;
 		    case 3:
 			// Version 3 : nothing special to do
+		    case 4:
+			// Version 3 : nothing special to do
 			break;
 		    }
 		}
 		break;
+	   case "matched_key":
+		matched_key = params[1];
 	    case "pass":
 		ciphered_password = params[1];
 		break;
+	    case "pkdbf2_level":
 	    case "pbkdf2_level": 
 		server_pbkdf2_level = parseInt(params[1].match(/\d+/)[0], 10);
 		if (server_pbkdf2_level != NaN &&
@@ -180,10 +216,20 @@ async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
 	if (ciphered_password != "")
 	{
 	    debug("Ciphered password : " + ciphered_password);
-	    clear_password = await decrypt(mkey, hex2a(ciphered_password));
-	    // Remove trailing \0 and salt
-	    clear_password = clear_password.replace(/\0*$/, "");
-	    clear_password = clear_password.substr(0, clear_password.length-3);
+	    if (matched_key < logins.length)
+	    {
+		clear_password = await decrypt_cbc(mkey, global_iv, hex2a(ciphered_password));
+		clear_password = clear_password.replace(/\0*$/, "");
+		clear_password = clear_password.substr(3, clear_password.length);
+	    }
+	    else
+		// Crypto v1
+	    {
+		clear_password = await decrypt_ecb(mkey, hex2a(ciphered_password));
+		// Remove trailing \0 and salt
+		clear_password = clear_password.replace(/\0*$/, "");
+		clear_password = clear_password.substr(0, clear_password.length-3);
+	    }
 	    debug("Clear password " + clear_password);
 	    field.value = clear_password;
 	    // Remove gPass event listener and submit again with clear password
@@ -321,6 +367,9 @@ function on_sumbit(e)
 	    if (password.indexOf("@@") != 0 && password.indexOf("@_") != 0)
 		continue;
 
+	    // Remove current value to limit master key stealing
+	    field.value = "";
+	    
 	    mkey = password.substring(2);
 
 	    e.preventDefault();
@@ -328,22 +377,21 @@ function on_sumbit(e)
 	    var ret = ask_server(form, field, logins, domain, wdomain, mkey, (password.indexOf("@@") == 0));
 
 	    ret.then(function(ret){
-	    switch(ret)
-	    {
-	    case SERVER.OK:
-		break;
-	    case SERVER.FAILED:
-		if (logins !== all_logins)
+		switch(ret)
 		{
-		    /*ret = */ask_server(form, field, all_logins, domain, wdomain, mkey, (password.indexOf("@@") == 0));
-		    /*if (ret == SERVER.OK)
-			break;};*/
-		}
-		break;
-	    case SERVER.RESTART_REQUEST:
-		i = -1; // Restart loop
-		break;
-	    }});
+		    case SERVER.OK:
+		    break;
+		    case SERVER.FAILED:
+		    if (logins !== all_logins)
+		    {
+			ask_server(form, field, all_logins, domain, wdomain, mkey, (password.indexOf("@@") == 0));
+		    }
+		    break;
+		    case SERVER.RESTART_REQUEST:
+		    i = -1; // Restart loop
+		    break;
+		    }
+		});
 	}
     }
 
@@ -373,15 +421,17 @@ document_loaded(document);
 
 async function self_test()
 {
-    mkey = pbkdf2("password", "salt", 4096);
-    res = await encrypt(mkey, "DDDDDDDDDDDDDDDD");
-    reference = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
+    mkey = crypto_pbkdf2("password", "salt", 4096);
+    res = await encrypt_ecb(mkey, "DDDDDDDDDDDDDDDD");
+    
+    reference = new Uint8Array([0xc4, 0x76, 0x01, 0x07, 0xa1, 0xc0, 0x2f, 0x22, 0xee, 0xbe, 0x60,
+				0xff, 0x65, 0x33, 0x5b, 0x9e]);
     if (res != ab2str(reference))
     {
-    	console.log("Self test ERROR ! ");
+    	console.log("Self test ERROR !");
     }
     else
-    	console.log("All is OK ! ");
+    	console.log("Self test OK !");
 }
 
-// self_test();
+self_test();
diff --git a/chrome_addon/lib/misc.js b/chrome_addon/lib/misc.js
index 4d12317..14ea1f3 100644
--- a/chrome_addon/lib/misc.js
+++ b/chrome_addon/lib/misc.js
@@ -18,7 +18,8 @@
 */
 
 var default_preferences = {"pbkdf2_level": 1000,
-			   "account_url": "https://gpass-demo.soutade.fr/demo"};
+			   "account_url": "https://gpass-demo.soutade.fr/demo",
+			   "crypto_v1_compatible": true};
 
 var browser = browser || chrome;
 var crypto = crypto || window.crypto;
@@ -52,18 +53,12 @@ function str2ab(str) {
     return bufView;
 }
 
-function returnResult(result) { return result;}
-function onError(error) { console.error(error); }
-
-function pbkdf2(mkey, salt, level)
+function crypto_pbkdf2(mkey, salt, level)
 {
-    debug("Process pbkdf2 with " + mkey);
-
     AESCBC = {
         name: "AES-CBC",
         length: 256,
     }
-    level=1000;
 
     var key = str2ab(mkey);
     return crypto.subtle.importKey("raw", key, {name: "PBKDF2"}, false, ["deriveBits", "deriveKey"])
@@ -87,21 +82,52 @@ function pbkdf2(mkey, salt, level)
 	});
 }
 
-function _encrypt(mkey, data)
+function simple_pbkdf2(mkey, salt, level)
+{
+    AESCBC = {
+        name: "AES-CBC",
+        length: 256,
+    }
+
+    var key = str2ab(mkey);
+    return crypto.subtle.importKey("raw", key, {name: "PBKDF2"}, false, ["deriveBits", "deriveKey"])
+	.then(function(key){
+            //sha-256
+            return crypto.subtle.deriveKey({
+		name: "PBKDF2",
+		salt: str2ab(salt),
+		iterations: level,
+		hash: "SHA-256",
+            }, key, AESCBC, true, ["unwrapKey", "wrapKey"])
+		.then(function(key) {
+		    return crypto.subtle.exportKey("raw", key)
+			.then(function (key) {
+			    return ab2str(key);
+			});
+		})
+		.catch(function(err){
+		    console.log("Error derive key " + err);
+		});
+	})
+	.catch(function(err) {
+	    console.log("Error import key" + err);
+	});
+}
+
+function _encrypt(mkey, iv, data)
 {
     while ((data.length % 16))
 	data += "\0";
     
     debug("Encrypt " + data);
+    debug("Encrypt " + iv.length);
 
     data = str2ab(data);
 
-    nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
-
     promise = mkey.then(function(mkey){
     	return crypto.subtle.encrypt({
             name: "AES-CBC",
-            iv: nulliv
+            iv: iv
     	}, mkey, data)})
     	.then(function(encrypted) {
     	    return ab2str(encrypted);
@@ -113,13 +139,14 @@ function _encrypt(mkey, data)
     return promise;
 }
 
-async function _decrypt(mkey, data)
+async function _decrypt(mkey, iv, data)
 {
     while ((data.length % 16))
 	data += "\0";
 
+    nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
     pkcs7_padding = new Uint8Array([16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16]);
-    pkcs7_padding = await _encrypt(mkey, ab2str(pkcs7_padding));
+    pkcs7_padding = await _encrypt(mkey, nulliv, ab2str(pkcs7_padding));
 
     debug("Decrypt " + data);
 
@@ -130,7 +157,7 @@ async function _decrypt(mkey, data)
     promise = mkey.then(function(mkey){
     	return crypto.subtle.decrypt({
             name: "AES-CBC",
-            iv: nulliv
+            iv: iv
     	}, mkey, data)})
     	.then(function(decrypted) {
     	    return ab2str(decrypted);
@@ -142,36 +169,63 @@ async function _decrypt(mkey, data)
     return promise;
 }
 
-async function encrypt(mkey, data)
+async function encrypt_ecb(mkey, data)
 {
     var result = "";
     
+    nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
+
     while (data.length > 16)
     {
-	res = await _encrypt(mkey, data.slice(0, 16));
+	res = await _encrypt(mkey, nulliv, data.slice(0, 16));
 	// Remove PKCS7 padding
 	result += res.slice(0, 16);
 	data = data.slice(16);
     }
-    res = await _encrypt(mkey, data);
+    res = await _encrypt(mkey, nulliv, data);
     result += res.slice(0, 16);
 
     return result;
 }
 
-async function decrypt(mkey, data)
+async function decrypt_ecb(mkey, data)
 {
     var result = "";
     
+    nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
+
     while (data.length > 16)
     {
-	res = await _decrypt(mkey, data.slice(0, 16));
+	res = await _decrypt(mkey, nulliv, data.slice(0, 16));
 	// Remove PKCS7 padding
 	result += res.slice(0, 16);
 	data = data.slice(16);
     }
-    res = await _decrypt(mkey, data);
+    res = await _decrypt(mkey, nulliv, data);
     result += res.slice(0, 16);
 
     return result;
 }
+
+async function encrypt_cbc(mkey, iv, data)
+{
+    var result = await _encrypt(mkey, str2ab(iv), data);
+    
+    // Remove PKCS7 padding
+    return result.slice(0, result.length-16);
+}
+
+async function decrypt_cbc(mkey, iv, data)
+{
+    var result = await _decrypt(mkey, str2ab(iv), data);
+
+    // Remove PKCS7 padding
+    return result.slice(0, result.length-16);    
+}
+
+async function digest(data)
+{
+    return crypto.subtle.digest("SHA-256", str2ab(data)).then(function (hash) {
+	return ab2str(hash);
+    });
+}
diff --git a/chrome_addon/options.html b/chrome_addon/options.html
index e369a5f..07d56fd 100644
--- a/chrome_addon/options.html
+++ b/chrome_addon/options.html
@@ -10,6 +10,9 @@
     <br/>
     <b>PBKDF2 level</b> Number of iterations used to derivate master key <input id="pbkdf2" type="number"/><br />
     <br/>
+    <br/>
+    <b>Crypto v1 compatible </b> Compatible with old crypto schema (AES ECB). Use it for encrypted passwords with server <= 0.7 <input id="crypto_v1_compatible" type="checkbox"/><br />
+    <br/>
     <input type="button" id="save" value="Save"/>
 
     <script type="text/javascript" src="options.js">
diff --git a/chrome_addon/options.js b/chrome_addon/options.js
index a9ebceb..8936b9c 100644
--- a/chrome_addon/options.js
+++ b/chrome_addon/options.js
@@ -1,13 +1,16 @@
 var default_preferences = {"pbkdf2_level": 1000,
-			   "account_url": "https://gpass-demo.soutade.fr/demo"};
+			   "account_url": "https://gpass-demo.soutade.fr/demo",
+			   "crypto_v1_compatible": true};
 
 function save() {
     var account_url = document.getElementById('account_url').value;
     var pbkdf2 = document.getElementById('pbkdf2').value;
+    var crypto_v1_compatible = document.getElementById('crypto_v1_compatible').checked;
 
     chrome.storage.local.set({
 	'account_url': account_url,
 	'pbkdf2': pbkdf2,
+	'crypto_v1_compatible': crypto_v1_compatible,
     }, function() {
 	alert('Saved');
     });
@@ -23,9 +26,15 @@ chrome.storage.local.get(null, function(prefs) {
 	pbkdf2 = default_preferences['pbkdf2_level'];
     else
 	pbkdf2 = prefs['pbkdf2_level'];
+
+    if (!prefs.hasOwnProperty("crypto_v1_compatible"))
+	crypto_v1_compatible = default_preferences['crypto_v1_compatible'];
+    else
+	crypto_v1_compatible = prefs['crypto_v1_compatible'];
     
     document.getElementById('account_url').value = account_url;
     document.getElementById('pbkdf2').value = pbkdf2;
+    document.getElementById('crypto_v1_compatible').checked = crypto_v1_compatible;
 });
 
 document.getElementById('save').addEventListener("click", save);