diff --git a/Aws/Core.hs b/Aws/Core.hs
--- a/Aws/Core.hs
+++ b/Aws/Core.hs
@@ -93,9 +93,7 @@
 import           Control.Monad.IO.Class
 import qualified Crypto.Classes           as Crypto
 import qualified Crypto.HMAC              as HMAC
-import qualified Crypto.Hash.MD5          as MD5
-import qualified Crypto.Hash.SHA1         as SHA1
-import qualified Crypto.Hash.SHA256       as SHA256
+import           Crypto.Hash.CryptoAPI    (MD5, SHA1, SHA256)
 import           Data.Attempt             (Attempt(..), FromAttempt(..))
 import           Data.ByteString          (ByteString)
 import qualified Data.ByteString          as B
@@ -132,7 +130,7 @@
     toLogText :: a -> T.Text
 
 -- | A response with metadata. Can also contain an error response, or an internal error, via 'Attempt'.
--- 
+--
 -- Response forms a Writer-like monad.
 data Response m a = Response { responseMetadata :: m
                              , responseResult :: Attempt a }
@@ -154,7 +152,7 @@
 mapMetadata :: (m -> n) -> Response m a -> Response n a
 mapMetadata f (Response m a) = Response (f m) a
 
---multiResponse :: Monoid m => Response m a -> Response [m] a -> 
+--multiResponse :: Monoid m => Response m a -> Response [m] a ->
 
 instance Monoid m => Monad (Response m) where
     return x = Response mempty (Success x)
@@ -174,9 +172,9 @@
                               -> ResourceT IO a
 
 -- | Class for types that AWS HTTP responses can be parsed into.
--- 
+--
 -- The request is also passed for possibly required additional metadata.
--- 
+--
 -- Note that for debugging, there is an instance for 'L.ByteString'.
 class Monoid (ResponseMetadata resp) => ResponseConsumer req resp where
     -- | Metadata associated with a response. Typically there is one metadata type for each AWS service.
@@ -200,9 +198,9 @@
     listResponse :: resp -> [item]
 
 -- | Associates a request type and a response type in a bi-directional way.
--- 
+--
 -- This allows the type-checker to infer the response type when given the request type and vice versa.
--- 
+--
 -- Note that the actual request generation and response parsing resides in 'SignQuery' and 'ResponseConsumer'
 -- respectively.
 class (SignQuery r, ResponseConsumer r a, Loggable (ResponseMetadata a))
@@ -224,33 +222,33 @@
     deriving (Show)
 
 -- | The file where access credentials are loaded, when using 'loadCredentialsDefault'.
--- 
+--
 -- Value: /<user directory>/@/.aws-keys@
 credentialsDefaultFile :: MonadIO io => io FilePath
 credentialsDefaultFile = liftIO $ (</> ".aws-keys") <$> getHomeDirectory
 
 -- | The key to be used in the access credential file that is loaded, when using 'loadCredentialsDefault'.
--- 
+--
 -- Value: @default@
 credentialsDefaultKey :: T.Text
 credentialsDefaultKey = "default"
 
 -- | Load credentials from a (text) file given a key name.
--- 
+--
 -- The file consists of a sequence of lines, each in the following format:
--- 
+--
 -- @keyName awsKeyID awsKeySecret@
 loadCredentialsFromFile :: MonadIO io => FilePath -> T.Text -> io (Maybe Credentials)
 loadCredentialsFromFile file key = liftIO $ do
   contents <- map T.words . T.lines <$> T.readFile file
-  return $ do 
+  return $ do
     [_key, keyID, secret] <- find (hasKey key) contents
     return Credentials { accessKeyID = T.encodeUtf8 keyID, secretAccessKey = T.encodeUtf8 secret }
       where
         hasKey _ [] = False
         hasKey k (k2 : _) = k == k2
 
--- | Load credentials from the environment variables @AWS_ACCESS_KEY_ID@ and @AWS_ACCESS_KEY_SECRET@ 
+-- | Load credentials from the environment variables @AWS_ACCESS_KEY_ID@ and @AWS_ACCESS_KEY_SECRET@
 --   (or @AWS_SECRET_ACCESS_KEY@), if possible.
 loadCredentialsFromEnv :: MonadIO io => io (Maybe Credentials)
 loadCredentialsFromEnv = liftIO $ do
@@ -261,10 +259,10 @@
   return (Credentials <$> (T.encodeUtf8 . T.pack <$> keyID) <*> (T.encodeUtf8 . T.pack <$> secret))
 
 -- | Load credentials from environment variables if possible, or alternatively from a file with a given key name.
--- 
+--
 -- See 'loadCredentialsFromEnv' and 'loadCredentialsFromFile' for details.
 loadCredentialsFromEnvOrFile :: MonadIO io => FilePath -> T.Text -> io (Maybe Credentials)
-loadCredentialsFromEnvOrFile file key = 
+loadCredentialsFromEnvOrFile file key =
   do
     envcr <- loadCredentialsFromEnv
     case envcr of
@@ -273,10 +271,10 @@
 
 -- | Load credentials from environment variables if possible, or alternative from the default file with the default
 -- key name.
--- 
+--
 -- Default file: /<user directory>/@/.aws-keys@
 -- Default key name: @default@
--- 
+--
 -- See 'loadCredentialsFromEnv' and 'loadCredentialsFromFile' for details.
 loadCredentialsDefault :: MonadIO io => io (Maybe Credentials)
 loadCredentialsDefault = do
@@ -334,7 +332,7 @@
         -- | Request body content type.
       , sqContentType :: Maybe B.ByteString
         -- | Request body content MD5.
-      , sqContentMd5 :: Maybe MD5.MD5
+      , sqContentMd5 :: Maybe MD5
         -- | Additional Amazon "amz" headers.
       , sqAmzHeaders :: HTTP.RequestHeaders
         -- | Additional non-"amz" headers.
@@ -380,8 +378,8 @@
                            PostQuery -> Just "application/x-www-form-urlencoded; charset=utf-8"
                            _ -> sqContentType
 
--- | Create a URI fro a 'SignedQuery' object. 
--- 
+-- | Create a URI fro a 'SignedQuery' object.
+--
 -- Unused / incompatible fields will be silently ignored.
 queryToUri :: SignedQuery -> B.ByteString
 queryToUri SignedQuery{..}
@@ -448,7 +446,7 @@
 class SignQuery request where
     -- | Additional information, like API endpoints and service-specific preferences.
     type ServiceConfiguration request :: * {- Query Type -} -> *
-    
+
     -- | Create a 'SignedQuery' from a request, additional 'Info', and 'SignatureData'.
     signQuery :: request -> ServiceConfiguration request queryType -> SignatureData -> SignedQuery
 
@@ -464,14 +462,14 @@
 amzHash HmacSHA256 = "HmacSHA256"
 
 -- | Create a signature. Usually, AWS wants a specifically constructed string to be signed.
--- 
+--
 -- The signature is a HMAC-based hash of the string and the secret access key.
 signature :: Credentials -> AuthorizationHash -> B.ByteString -> B.ByteString
 signature cr ah input = Base64.encode sig
     where
       sig = case ah of
-              HmacSHA1 -> computeSig (undefined :: SHA1.SHA1)
-              HmacSHA256 -> computeSig (undefined :: SHA256.SHA256)
+              HmacSHA1 -> computeSig (undefined :: SHA1)
+              HmacSHA256 -> computeSig (undefined :: SHA256)
       computeSig :: Crypto.Hash c d => d -> B.ByteString
       computeSig t = Serialize.encode (HMAC.hmac' key input `asTypeOf` t)
       key :: HMAC.MacKey c d
@@ -488,11 +486,11 @@
 
 -- | @queryList f prefix xs@ constructs a query list from a list of elements @xs@, using a common prefix @prefix@,
 -- and a transformer function @f@.
--- 
+--
 -- A dot (@.@) is interspersed between prefix and generated key.
--- 
+--
 -- Example:
--- 
+--
 -- @queryList swap \"pfx\" [(\"a\", \"b\"), (\"c\", \"d\")]@ evaluates to @[(\"pfx.b\", \"a\"), (\"pfx.d\", \"c\")]@
 -- (except with ByteString instead of String, of course).
 queryList :: (a -> [(B.ByteString, B.ByteString)]) -> B.ByteString -> [a] -> [(B.ByteString, B.ByteString)]
@@ -614,7 +612,7 @@
 
 -- | Create a complete 'HTTPResponseConsumer' from a simple function that takes a 'Cu.Cursor' to XML in the response
 -- body.
--- 
+--
 -- This function is highly recommended for any services that parse relatively short XML responses. (If status and response
 -- headers are required, simply take them as function parameters, and pass them through to this function.)
 xmlCursorConsumer ::
diff --git a/Aws/S3/Commands/PutObject.hs b/Aws/S3/Commands/PutObject.hs
--- a/Aws/S3/Commands/PutObject.hs
+++ b/Aws/S3/Commands/PutObject.hs
@@ -5,9 +5,9 @@
 import           Aws.S3.Core
 import           Control.Applicative
 import           Control.Arrow         (second)
+import           Crypto.Hash.CryptoAPI (MD5)
 import           Data.ByteString.Char8 ({- IsString -})
 import           Data.Maybe
-import qualified Crypto.Hash.MD5       as MD5
 import qualified Data.ByteString.Char8 as B
 import qualified Data.CaseInsensitive  as CI
 import qualified Data.Conduit          as C
@@ -22,7 +22,7 @@
   poCacheControl :: Maybe T.Text,
   poContentDisposition :: Maybe T.Text,
   poContentEncoding :: Maybe T.Text,
-  poContentMD5 :: Maybe MD5.MD5,
+  poContentMD5 :: Maybe MD5,
   poExpires :: Maybe Int,
   poAcl :: Maybe CannedAcl,
   poStorageClass :: Maybe StorageClass,
diff --git a/Aws/S3/Core.hs b/Aws/S3/Core.hs
--- a/Aws/S3/Core.hs
+++ b/Aws/S3/Core.hs
@@ -4,6 +4,7 @@
 import           Control.Arrow                  ((***))
 import           Control.Monad
 import           Control.Monad.IO.Class
+import           Crypto.Hash.CryptoAPI (MD5)
 import           Data.Attempt                   (Attempt(..))
 import           Data.Conduit                   (($$+-))
 import           Data.Function
@@ -19,7 +20,6 @@
 import qualified Blaze.ByteString.Builder.Char8 as Blaze8
 import qualified Control.Exception              as C
 import qualified Control.Failure                as F
-import qualified Crypto.Hash.MD5                as MD5
 import qualified Data.ByteString                as B
 import qualified Data.ByteString.Char8          as B8
 import qualified Data.ByteString.Base64         as Base64
@@ -33,8 +33,8 @@
 import qualified Text.XML                       as XML
 import qualified Text.XML.Cursor                as Cu
 
-data S3Authorization 
-    = S3AuthorizationHeader 
+data S3Authorization
+    = S3AuthorizationHeader
     | S3AuthorizationQuery
     deriving (Show)
 
@@ -57,7 +57,7 @@
 
 instance DefaultServiceConfiguration (S3Configuration NormalQuery) where
   defServiceConfig = s3 HTTPS s3EndpointUsClassic False
-  
+
   debugServiceConfig = s3 HTTP s3EndpointUsClassic False
 
 instance DefaultServiceConfiguration (S3Configuration UriOnlyQuery) where
@@ -80,8 +80,8 @@
 s3EndpointApNorthEast = "s3-ap-northeast-1.amazonaws.com"
 
 s3 :: Protocol -> B.ByteString -> Bool -> S3Configuration qt
-s3 protocol endpoint uri 
-    = S3Configuration { 
+s3 protocol endpoint uri
+    = S3Configuration {
          s3Protocol = protocol
        , s3Endpoint = endpoint
        , s3RequestStyle = BucketStyle
@@ -131,7 +131,7 @@
       , s3QSubresources :: HTTP.Query
       , s3QQuery :: HTTP.Query
       , s3QContentType :: Maybe B.ByteString
-      , s3QContentMd5 :: Maybe MD5.MD5
+      , s3QContentMd5 :: Maybe MD5
       , s3QAmzHeaders :: HTTP.RequestHeaders
       , s3QOtherHeaders :: HTTP.RequestHeaders
       , s3QRequestBody :: Maybe (HTTP.RequestBody (C.ResourceT IO))
diff --git a/aws.cabal b/aws.cabal
--- a/aws.cabal
+++ b/aws.cabal
@@ -1,5 +1,5 @@
 Name:                aws
-Version:             0.7.6.3
+Version:             0.7.6.4
 Synopsis:            Amazon Web Services (AWS) for Haskell
 Description:         Bindings for Amazon Web Services (AWS), with the aim of supporting all AWS services. To see a high level overview of the library, see the README at <https://github.com/aristidb/aws/blob/master/README.org>.
 Homepage:            http://github.com/aristidb/aws
@@ -20,7 +20,7 @@
 Source-repository this
   type: git
   location: https://github.com/aristidb/aws.git
-  tag: 0.7.6.3
+  tag: 0.7.6.4
 
 Source-repository head
   type: git
@@ -74,7 +74,8 @@
                        conduit              >= 0.5     && < 1.1,
                        containers           >= 0.4,
                        crypto-api           >= 0.9,
-                       cryptohash           >= 0.6     && < 0.9,
+                       cryptohash           >= 0.6     && < 0.10,
+                       cryptohash-cryptoapi == 0.1.*,
                        directory            >= 1.0     && < 1.3,
                        failure              >= 0.2.0.1 && < 0.3,
                        filepath             >= 1.1     && < 1.4,
