diff --git a/Aws/Core.hs b/Aws/Core.hs
--- a/Aws/Core.hs
+++ b/Aws/Core.hs
@@ -100,9 +100,10 @@
 import           Control.Monad
 import           Control.Monad.IO.Class
 import           Control.Monad.Trans.Resource (ResourceT, MonadThrow (throwM))
-import           Crypto.Hash
+import qualified Crypto.Hash              as CH
+import qualified Crypto.MAC.HMAC          as CMH
 import qualified Data.Aeson               as A
-import           Data.Byteable
+import qualified Data.ByteArray           as ByteArray
 import           Data.ByteString          (ByteString)
 import qualified Data.ByteString          as B
 import qualified Data.ByteString.Base16   as Base16
@@ -442,7 +443,7 @@
         -- | Request body content type.
       , sqContentType :: !(Maybe B.ByteString)
         -- | Request body content MD5.
-      , sqContentMd5 :: !(Maybe (Digest MD5))
+      , sqContentMd5 :: !(Maybe (CH.Digest CH.MD5))
         -- | Additional Amazon "amz" headers.
       , sqAmzHeaders :: !HTTP.RequestHeaders
         -- | Additional non-"amz" headers.
@@ -481,7 +482,7 @@
 
       , HTTP.requestHeaders = catMaybes [ checkDate (\d -> ("Date", fmtRfc822Time d)) sqDate
                                         , fmap (\c -> ("Content-Type", c)) contentType
-                                        , fmap (\md5 -> ("Content-MD5", Base64.encode $ toBytes md5)) sqContentMd5
+                                        , fmap (\md5 -> ("Content-MD5", Base64.encode $ ByteArray.convert md5)) sqContentMd5
                                         , fmap (\auth -> ("Authorization", auth)) mauth]
                               ++ sqAmzHeaders
                               ++ sqOtherHeaders
@@ -604,10 +605,8 @@
 signature cr ah input = Base64.encode sig
     where
       sig = case ah of
-              HmacSHA1 -> computeSig SHA1
-              HmacSHA256 -> computeSig SHA256
-      computeSig :: HashAlgorithm a => a -> ByteString
-      computeSig t = toBytes (hmacAlg t (secretAccessKey cr) input)
+              HmacSHA1 -> ByteArray.convert (CMH.hmac (secretAccessKey cr) input :: CMH.HMAC CH.SHA1)
+              HmacSHA256 -> ByteArray.convert (CMH.hmac (secretAccessKey cr) input :: CMH.HMAC CH.SHA256)
 
 -- | Use this to create the Authorization header to set into 'sqAuthorization'.
 -- See <http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html>: you must create the
@@ -623,11 +622,11 @@
     let ref = v4SigningKeys $ signatureCredentials sd
         date = fmtTime "%Y%m%d" $ signatureTime sd
         mkHmac k i = case ah of
-                        HmacSHA1 -> toBytes (hmac k i :: HMAC SHA1)
-                        HmacSHA256 -> toBytes (hmac k i :: HMAC SHA256)
+                        HmacSHA1 -> ByteArray.convert (CMH.hmac k i :: CMH.HMAC CH.SHA1)
+                        HmacSHA256 -> ByteArray.convert (CMH.hmac k i :: CMH.HMAC CH.SHA256)
         mkHash i = case ah of
-                        HmacSHA1 -> toBytes (hash i :: Digest SHA1)
-                        HmacSHA256 -> toBytes (hash i :: Digest SHA256)
+                        HmacSHA1 -> ByteArray.convert (CH.hash i :: CH.Digest CH.SHA1)
+                        HmacSHA256 -> ByteArray.convert (CH.hash i :: CH.Digest CH.SHA256)
         alg = case ah of
                     HmacSHA1 -> "AWS4-HMAC-SHA1"
                     HmacSHA256 -> "AWS4-HMAC-SHA256"
diff --git a/Aws/DynamoDb/Core.hs b/Aws/DynamoDb/Core.hs
--- a/Aws/DynamoDb/Core.hs
+++ b/Aws/DynamoDb/Core.hs
@@ -120,14 +120,14 @@
 import           Control.Monad
 import           Control.Monad.Trans
 import           Control.Monad.Trans.Resource (throwM)
-import           Crypto.Hash
+import qualified Crypto.Hash                  as CH
 import           Data.Aeson
 import qualified Data.Aeson                   as A
 import           Data.Aeson.Types             (Pair, parseEither)
 import qualified Data.Aeson.Types             as A
 import qualified Data.Attoparsec.ByteString   as AttoB (endOfInput)
 import qualified Data.Attoparsec.Text         as Atto
-import           Data.Byteable
+import qualified Data.ByteArray               as ByteArray
 import qualified Data.ByteString.Base16       as Base16
 import qualified Data.ByteString.Base64       as Base64
 import qualified Data.ByteString.Char8        as B
@@ -848,7 +848,7 @@
         sigTime = fmtTime "%Y%m%dT%H%M%SZ" $ signatureTime sd
 
         bodyLBS = A.encode body
-        bodyHash = Base16.encode $ toBytes (hashlazy bodyLBS :: Digest SHA256)
+        bodyHash = Base16.encode $ ByteArray.convert (CH.hashlazy bodyLBS :: CH.Digest CH.SHA256)
 
         -- for some reason AWS doesn't want the x-amz-security-token in the canonical request
         amzHeaders = [ ("x-amz-date", sigTime)
diff --git a/Aws/S3/Commands/DeleteObjects.hs b/Aws/S3/Commands/DeleteObjects.hs
--- a/Aws/S3/Commands/DeleteObjects.hs
+++ b/Aws/S3/Commands/DeleteObjects.hs
@@ -2,6 +2,7 @@
 
 import           Aws.Core
 import           Aws.S3.Core
+import qualified Crypto.Hash          as CH
 import qualified Data.Map             as M
 import           Data.Maybe
 import qualified Data.Text            as T
@@ -11,7 +12,6 @@
 import qualified Text.XML             as XML
 import qualified Text.XML.Cursor      as Cu
 import           Text.XML.Cursor      (($/), (&|))
-import           Crypto.Hash
 import qualified Data.ByteString.Char8 as B
 import           Data.ByteString.Char8 ({- IsString -})
 import           Control.Applicative     ((<$>))
@@ -70,7 +70,7 @@
       , s3QSubresources = HTTP.toQuery [("delete" :: B.ByteString, Nothing :: Maybe B.ByteString)]
       , s3QQuery        = []
       , s3QContentType  = Nothing
-      , s3QContentMd5   = Just $ hashlazy dosBody
+      , s3QContentMd5   = Just $ CH.hashlazy dosBody
       , s3QObject       = Nothing
       , s3QAmzHeaders   = maybeToList $ (("x-amz-mfa", ) . T.encodeUtf8) <$> dosMultiFactorAuthentication
       , s3QOtherHeaders = []
diff --git a/Aws/S3/Commands/Multipart.hs b/Aws/S3/Commands/Multipart.hs
--- a/Aws/S3/Commands/Multipart.hs
+++ b/Aws/S3/Commands/Multipart.hs
@@ -8,7 +8,7 @@
 import           Control.Monad
 import           Control.Monad.IO.Class
 import           Control.Monad.Trans.Resource
-import           Crypto.Hash
+import qualified Crypto.Hash           as CH
 import           Data.ByteString.Char8 ({- IsString -})
 import           Data.Conduit
 import qualified Data.Conduit.List     as CL
@@ -129,7 +129,7 @@
   , upPartNumber :: Integer
   , upUploadId :: T.Text
   , upContentType :: Maybe B8.ByteString
-  , upContentMD5 :: Maybe (Digest MD5)
+  , upContentMD5 :: Maybe (CH.Digest CH.MD5)
   , upServerSideEncryption :: Maybe ServerSideEncryption
   , upRequestBody  :: HTTP.RequestBody
   , upExpect100Continue :: Bool -- ^ Note: Requires http-client >= 0.4.10
diff --git a/Aws/S3/Commands/PutObject.hs b/Aws/S3/Commands/PutObject.hs
--- a/Aws/S3/Commands/PutObject.hs
+++ b/Aws/S3/Commands/PutObject.hs
@@ -6,7 +6,7 @@
 import           Aws.S3.Core
 import           Control.Applicative
 import           Control.Arrow         (second)
-import           Crypto.Hash
+import qualified Crypto.Hash           as CH
 import           Data.ByteString.Char8 ({- IsString -})
 import           Data.Maybe
 import qualified Data.ByteString.Char8 as B
@@ -23,7 +23,7 @@
   poCacheControl :: Maybe T.Text,
   poContentDisposition :: Maybe T.Text,
   poContentEncoding :: Maybe T.Text,
-  poContentMD5 :: Maybe (Digest MD5),
+  poContentMD5 :: Maybe (CH.Digest CH.MD5),
   poExpires :: Maybe Int,
   poAcl :: Maybe CannedAcl,
   poStorageClass :: Maybe StorageClass,
diff --git a/Aws/S3/Core.hs b/Aws/S3/Core.hs
--- a/Aws/S3/Core.hs
+++ b/Aws/S3/Core.hs
@@ -6,8 +6,6 @@
 import           Control.Monad
 import           Control.Monad.IO.Class
 import           Control.Monad.Trans.Resource   (MonadThrow, throwM)
-import           Crypto.Hash
-import           Data.Byteable
 import           Data.Conduit                   (($$+-))
 import           Data.Function
 import           Data.Functor                   ((<$>))
@@ -25,6 +23,8 @@
 import qualified Blaze.ByteString.Builder       as Blaze
 import qualified Blaze.ByteString.Builder.Char8 as Blaze8
 import qualified Control.Exception              as C
+import qualified Crypto.Hash                    as CH
+import qualified Data.ByteArray                 as ByteArray
 import qualified Data.ByteString                as B
 import qualified Data.ByteString.Char8          as B8
 import qualified Data.ByteString.Base64         as Base64
@@ -147,7 +147,7 @@
       , s3QSubresources :: HTTP.Query
       , s3QQuery :: HTTP.Query
       , s3QContentType :: Maybe B.ByteString
-      , s3QContentMd5 :: Maybe (Digest MD5)
+      , s3QContentMd5 :: Maybe (CH.Digest CH.MD5)
       , s3QAmzHeaders :: HTTP.RequestHeaders
       , s3QOtherHeaders :: HTTP.RequestHeaders
 #if MIN_VERSION_http_conduit(2, 0, 0)
@@ -223,7 +223,7 @@
       iamTok = maybe [] (\x -> [("x-amz-security-token", x)]) (iamToken signatureCredentials)
       stringToSign = Blaze.toByteString . mconcat . intersperse (Blaze8.fromChar '\n') . concat  $
                        [[Blaze.copyByteString $ httpMethod s3QMethod]
-                       , [maybe mempty (Blaze.copyByteString . Base64.encode . toBytes) s3QContentMd5]
+                       , [maybe mempty (Blaze.copyByteString . Base64.encode . ByteArray.convert) s3QContentMd5]
                        , [maybe mempty Blaze.copyByteString s3QContentType]
                        , [Blaze.copyByteString $ case ti of
                                                    AbsoluteTimestamp time -> fmtRfc822Time time
diff --git a/CHANGELOG.md b/CHANGELOG.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
+0.18 series
+-----------
+
+-   0.18
+    -   Switch from cryptohash to cryptonite
+    -   Loosen boundaries for http-types and conduit-extra
+
 0.17 series
 -----------
 
diff --git a/aws.cabal b/aws.cabal
--- a/aws.cabal
+++ b/aws.cabal
@@ -1,5 +1,5 @@
 Name:                aws
-Version:             0.17.1
+Version:             0.18
 Synopsis:            Amazon Web Services (AWS) for Haskell
 Description:         Bindings for Amazon Web Services (AWS), with the aim of supporting all AWS services. To see a high level overview of the library, see the README at <https://github.com/aristidb/aws/blob/master/README.md>.
 Homepage:            http://github.com/aristidb/aws
@@ -19,7 +19,7 @@
 Source-repository this
   type: git
   location: https://github.com/aristidb/aws.git
-  tag: 0.17.1
+  tag: 0.18
 
 Source-repository head
   type: git
@@ -124,15 +124,16 @@
                        case-insensitive     >= 0.2     && < 1.3,
                        cereal               >= 0.3     && < 0.6,
                        conduit              >= 1.1     && < 1.3,
-                       conduit-extra        >= 1.1     && < 1.2,
+                       conduit-extra        >= 1.1     && < 1.3,
                        containers           >= 0.4,
-                       cryptohash           >= 0.11    && < 0.12,
+                       cryptonite           >= 0.11,
                        data-default         >= 0.5.3   && < 0.8,
                        directory            >= 1.0     && < 2.0,
                        filepath             >= 1.1     && < 1.5,
                        http-conduit         >= 2.1     && < 2.3,
-                       http-types           >= 0.7     && < 0.10,
+                       http-types           >= 0.7     && < 1.0,
                        lifted-base          >= 0.1     && < 0.3,
+                       memory,
                        monad-control        >= 0.3,
                        mtl                  == 2.*,
                        network              == 2.*,
