diff --git a/src/Yesod/Auth/DeskCom.hs b/src/Yesod/Auth/DeskCom.hs
--- a/src/Yesod/Auth/DeskCom.hs
+++ b/src/Yesod/Auth/DeskCom.hs
@@ -13,7 +13,6 @@
     ) where
 
 import Control.Applicative ((<$>))
-import Crypto.Hash.CryptoAPI (SHA1)
 import Data.Default (Default(..))
 import Data.Monoid ((<>))
 import Data.Text (Text)
@@ -21,11 +20,11 @@
 import Yesod.Auth
 import Yesod.Core
 import qualified Crypto.Cipher.AES as AES
-import qualified Crypto.Classes as Crypto
 import qualified Crypto.Hash.SHA1 as SHA1
-import qualified Crypto.HMAC as HMAC
 import qualified Crypto.Padding as Padding
-import qualified Crypto.Random.AESCtr as CPRNG
+import qualified "crypto-random" Crypto.Random
+import Crypto.Hash (hmac, SHA1, Digest, hmacGetDigest)
+import Data.Byteable (toBytes)
 import qualified Data.Aeson as A
 import qualified Data.ByteString as B
 import qualified Data.ByteString.Lazy as BL
@@ -46,7 +45,7 @@
   -- 'deskComCreateCreds'.  We recommend caching the resulting
   -- 'DeskComCredentials' value on your foundation data type
   -- since creating it is an expensive operation.
-  deskComCredentials :: master -> DeskComCredentials
+  deskComCredentials :: HandlerT master IO DeskComCredentials
 
   -- | Gather information that should be given to Desk.com about
   -- an user.  Please see 'DeskComUser' for more information
@@ -107,7 +106,7 @@
 deskComCreateCreds site domain apiKey = DeskComCredentials site domain aesKey hmacKey
   where
     -- Yes, I know, Desk.com's crypto is messy.
-    aesKey  = AES.initKey . B.take 16 . SHA1.hash . TE.encodeUtf8 $ apiKey <> site
+    aesKey  = AES.initAES . B.take 16 . SHA1.hash . TE.encodeUtf8 $ apiKey <> site
     hmacKey = TE.encodeUtf8 apiKey
 
 
@@ -116,7 +115,7 @@
   DeskComCredentials
     { dccSite    :: !T.Text
     , dccDomain  :: !T.Text
-    , dccAesKey  :: !AES.Key
+    , dccAesKey  :: !AES.AES
     , dccHmacKey :: !B.ByteString -- HMAC.MacKey ?????? SHA1
     }
 
@@ -216,8 +215,7 @@
 -- | Redirect the user to the main Desk.com portal.
 redirectToPortal :: YesodDeskCom master => HandlerT DeskCom (HandlerT master IO) ()
 redirectToPortal = do
-  y <- lift getYesod
-  let DeskComCredentials {..} = deskComCredentials y
+  DeskComCredentials {..} <- lift deskComCredentials
   redirect $ T.concat [ "http://", dccDomain, "/" ]
 
 
@@ -228,7 +226,7 @@
 redirectToMultipass uid = do
   -- Get generic info.
   y <- lift getYesod
-  let DeskComCredentials {..} = deskComCredentials y
+  DeskComCredentials {..} <- lift deskComCredentials
 
   -- Get the expires timestamp.
   expires <- TI.addUTCTime (deskComTokenTimeout y) <$> liftIO TI.getCurrentTime
@@ -240,7 +238,7 @@
               Explicit x     -> return x
 
   -- Generate an IV.
-  iv@(AES.IV ivBS) <- deskComRandomIV
+  iv <- deskComRandomIV
 
   -- Create Multipass token.
   let toStrict = B.concat . BL.toChunks
@@ -250,14 +248,14 @@
       encrypt
         = deskComEncode                     -- encode as modified base64url
         . AES.encryptCBC dccAesKey iv       -- encrypt with AES128-CBC
-        . (ivBS <>)                         -- prepend the IV
+        . (iv <>)                           -- prepend the IV
         . Padding.padPKCS5 16               -- PKCS#5 padding
         . toStrict . A.encode . A.object    -- encode as JSON
       sign
-        = B64.encode . Crypto.encode        -- encode as normal base64 (why??? =[)
-        . HMAC.hmac' hmacKey                -- sign using HMAC-SHA1
-      hmacKey :: HMAC.MacKey ctx SHA1
-      hmacKey = HMAC.MacKey dccHmacKey
+        = B64.encode                        -- encode as normal base64 (why??? =[)
+        . (toBytes :: Digest SHA1 -> B.ByteString)
+        . hmacGetDigest
+        . hmac dccHmacKey                   -- sign using HMAC-SHA1
       multipass = encrypt $
                     "uid"            A..= userId  :
                     "expires"        A..= expires :
@@ -277,9 +275,9 @@
 
 
 -- | Randomly generate an IV.
-deskComRandomIV :: HandlerT DeskCom (HandlerT master IO) AES.IV
+deskComRandomIV :: HandlerT DeskCom (HandlerT master IO) B.ByteString
 deskComRandomIV = do
   var <- deskComCprngVar <$> getYesod
   liftIO $ I.atomicModifyIORef var $
-    \g -> let (bs, g') = CPRNG.genRandomBytes 16 g
-          in (g', g' `seq` AES.IV bs)
+    \g -> let (bs, g') = Crypto.Random.cprgGenerate 16 g
+          in (g', g' `seq` bs)
diff --git a/yesod-auth-deskcom.cabal b/yesod-auth-deskcom.cabal
--- a/yesod-auth-deskcom.cabal
+++ b/yesod-auth-deskcom.cabal
@@ -1,5 +1,5 @@
 Name:                yesod-auth-deskcom
-Version:             1.2.1
+Version:             1.4.0
 Synopsis:            Desk.com remote authentication support for Yesod apps.
 Homepage:            https://github.com/prowdsponsor/yesod-auth-deskcom
 License:             BSD3
@@ -33,21 +33,22 @@
   Build-depends:   base                 >= 4.3     && < 5
                  , time                 >= 1.1     && < 2
                  , template-haskell
-                 , transformers         >= 0.1.3   && < 0.4
+                 , transformers         >= 0.1.3   && < 0.5
                  , bytestring           >= 0.9
-                 , text                 >= 0.7     && < 0.12
+                 , text                 >= 0.7     && < 1.3
                  , data-default
                  , base64-bytestring    >= 1.0
                  , cryptohash           >= 0.6
-                 , cryptohash-cryptoapi >= 0.1
                  , cipher-aes           >= 0.1
-                 , cprng-aes            >= 0.3
+                 , cprng-aes            >= 0.5
                  , crypto-api           >= 0.10
+                 , crypto-random        >= 0.0.8   && < 0.1
                  , aeson                >= 0.6
                  , http-conduit
                  , http-types           >= 0.7
-                 , yesod-core           == 1.2.*
-                 , yesod-auth           == 1.2.*
+                 , yesod-core           == 1.4.*
+                 , yesod-auth           == 1.4.*
+                 , byteable
 
   Exposed-modules: Yesod.Auth.DeskCom
   Other-modules: Yesod.Auth.DeskCom.Data
@@ -58,6 +59,7 @@
     GADTs
     MultiParamTypeClasses
     OverloadedStrings
+    PackageImports
     QuasiQuotes
     RecordWildCards
     TemplateHaskell
