diff --git a/generate-password.py b/generate-password.py
index 0b611d7e2..7aaab2297 100644
--- a/generate-password.py
+++ b/generate-password.py
@@ -18,7 +18,7 @@ if password1 == password2:
     hashed = scrypt.hash(password=password1,
                            salt=salt,
                            N=16384,
-                           r=16,
+                           r=8,
                            p=1,
                            buflen=32)
 
diff --git a/src/app.py b/src/app.py
index ac8a4f186..831d4db50 100644
--- a/src/app.py
+++ b/src/app.py
@@ -65,7 +65,7 @@ def verify_password(hex_hashed_password, guessed_password):
     hashed = scrypt.hash(password=guessed_password,
                          salt=salt,
                          N=16384,
-                         r=16,
+                         r=8,
                          p=1,
                          buflen=32)
 
diff --git a/static/js/encryption.js b/static/js/encryption.js
index b97107ee6..ceef6f821 100644
--- a/static/js/encryption.js
+++ b/static/js/encryption.js
@@ -32,14 +32,43 @@ let globalLastEncryptionOperationDate = null;
 
 function deriveEncryptionKey(password) {
     // why this is done is explained here: https://github.com/ricmoo/scrypt-js - "Encoding notes"
-    const normalizedPassword = password.normalize('NFKC');
-    const salt = "dc73b57736511340f132e4b5521d178afa6311c45e0c25e6a9339038507852a6";
+    const verificationSalt = "dc73b57736511340f132e4b5521d178afa6311c45e0c25e6a9339038507852a6";
 
+    const verificationPromise = computeScrypt(password, verificationSalt, (key, resolve, reject) => {
+        $.ajax({
+            url: baseUrl + 'password/verify',
+            type: 'POST',
+            data: JSON.stringify({
+                password: sha256(key)
+            }),
+            contentType: "application/json",
+            success: function (result) {
+                if (result.valid) {
+                    resolve();
+                }
+                else {
+                    alert("Wrong password");
+
+                    reject();
+                }
+            }
+        });
+    });
+
+    const encryptionKeySalt = "2503bfc386bc028772f803887eaaf4d4a5c1019036873e4ba5de79a4efb7e8d8";
+
+    const encryptionKeyPromise = computeScrypt(password, encryptionKeySalt, (key, resolve, reject) => resolve(key));
+
+    return Promise.all([ verificationPromise, encryptionKeyPromise ]).then(results => results[1]);
+}
+
+function computeScrypt(password, salt, callback) {
+    const normalizedPassword = password.normalize('NFKC');
     const passwordBuffer = new buffer.SlowBuffer(normalizedPassword);
     const saltBuffer = new buffer.SlowBuffer(salt);
 
     // this settings take ~500ms on my laptop
-    const N = 16384, r = 16, p = 1;
+    const N = 16384, r = 8, p = 1;
     // 32 byte key - AES 256
     const dkLen = 32;
 
@@ -55,24 +84,7 @@ function deriveEncryptionKey(password) {
             else if (key) {
                 console.log("Computation took " + (new Date().getTime() - startedDate.getTime()) + "ms");
 
-                $.ajax({
-                    url: baseUrl + 'password/verify',
-                    type: 'POST',
-                    data: JSON.stringify({
-                        password: sha256(key)
-                    }),
-                    contentType: "application/json",
-                    success: function (result) {
-                        if (result.valid) {
-                            resolve(key);
-                        }
-                        else {
-                            alert("Wrong password");
-
-                            reject();
-                        }
-                    }
-                });
+                callback(key, resolve, reject);
             }
             else {
                 // update UI with progress complete