diff --git a/src/auth.c b/src/auth.c
index 535eacc..e63dc26 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -919,46 +919,24 @@ int dnsauth(struct clientparam * param){
 }
 
 int strongauth(struct clientparam * param){
-	struct passwords * pwl;
+	static char dummy;
 	unsigned char buf[256];
+	char cryptpw[65] = {0};
 
-
-	if(!param->username) return 4;
-	pthread_mutex_lock(&pwl_mutex);
-	for(pwl = conf.pwl; pwl; pwl=pwl->next){
-		if(!strcmp((char *)pwl->user, (char *)param->username)) switch(pwl->pwtype) {
-			case CL:
-				if(!pwl->password || !*pwl->password){
-					break;
-				}
-				else if (!param->pwtype && param->password && !strcmp((char *)param->password, (char *)pwl->password)){
-					break;
-				}
-				pthread_mutex_unlock(&pwl_mutex);
-				return 6;
+	if (!param->username) return 4;
+	if (!param->pwtype && param->password) {
+		if (pw_table.ihashtable && hashresolv(&pw_table, param, &dummy, NULL))
+			return 0;
+		if (pwnt_table.ihashtable && hashresolv(&pwnt_table, param, &dummy, NULL))
+			return 0;
 #ifndef NOCRYPT
-			case CR:
-				if(param->password && !param->pwtype && !strcmp((char *)pwl->password, (char *)mycrypt(param->password, pwl->password,buf))) {
-					break;
-				}
-				pthread_mutex_unlock(&pwl_mutex);
-				return 7;
-			case NT:
-				if(param->password && !param->pwtype && !memcmp(pwl->password, ntpwdhash(buf,param->password, 1), 32)) {
-					break;
-				}
-				pthread_mutex_unlock(&pwl_mutex);
-				return 8;
-#endif				
-			default:
-				pthread_mutex_unlock(&pwl_mutex);
-				return 999;
+		if (pwcr_table.ihashtable && hashresolv(&pwcr_table, param, cryptpw, NULL)) {
+			if (!strcmp(cryptpw, (char *)mycrypt(param->password, (unsigned char *)cryptpw, buf)))
+				return 0;
+			return 7;
 		}
-		else continue;
-		pthread_mutex_unlock(&pwl_mutex);
-		return 0;
+#endif
 	}
-	pthread_mutex_unlock(&pwl_mutex);
 	return 5;
 }
 
diff --git a/src/conf.c b/src/conf.c
index 3ba6c9c..f431d86 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -533,46 +533,45 @@ static int h_auth(int argc, unsigned char **argv){
 }
 
 static int h_users(int argc, unsigned char **argv){
-  int j;
-  unsigned char *arg;
-  struct passwords *pwl = NULL;
+    static char dummy;
+    int j;
+    unsigned char *arg;
+    char *pw[2];
 
-	for (j = 1; j<argc; j++) {
-		if(!(pwl = myalloc(sizeof(struct passwords)))) {
-			return(21);
-		}
-		memset(pwl, 0, sizeof(struct passwords));
+    for (j = 1; j < argc; j++) {
+        arg = (unsigned char *)strchr((char *)argv[j], ':');
+        if (!arg) continue;
+        *arg = 0;
+        pw[0] = (char *)argv[j];
 
-		arg = (unsigned char *)strchr((char *)argv[j], ':');
-		if(!arg||!arg[1]||!arg[2]||arg[3]!=':')	{
-			pwl->user = (unsigned char *)mystrdup((char *)argv[j]);
-			pwl->pwtype = SYS;
-		}
-		else {
-			*arg = 0;
-			pwl->user = (unsigned char *)mystrdup((char *)argv[j]);
+        if (arg[1] && arg[2] && arg[3] == ':') {
+            pw[1] = (char *)(arg + 4);
+            if (arg[1] == 'N' && arg[2] == 'T') {
+                if (!pwnt_table.ihashtable && inithashtable(&pwnt_table, 16, 32, 1048576))
+                    return 3;
+                hashadd(&pwnt_table, pw, &dummy, MAX_COUNTER_TIME);
+                continue;
+            }
+            if (arg[1] == 'C' && arg[2] == 'R') {
+                if (!pwcr_table.ihashtable && inithashtable(&pwcr_table, 16, 32, 1048576))
+                    return 3;
+                hashadd(&pwcr_table, pw[0], pw[1], MAX_COUNTER_TIME);
+                continue;
+            }
+            if (arg[1] == 'C' && arg[2] == 'L') {
+                /* fall through to CL handling below */
+            } else {
+                continue;
+            }
+        } else {
+            pw[1] = (char *)(arg + 1);
+        }
 
-			if((arg[1] == 'C' && arg[2] == 'L' && (pwl->pwtype = CL)) ||
-				(arg[1] == 'C' && arg[2] == 'R' && (pwl->pwtype = CR)) ||
-				(arg[1] == 'N' && arg[2] == 'T' && (pwl->pwtype = NT)) ||
-				(arg[1] == 'L' && arg[2] == 'M' && (pwl->pwtype = LM))){
-				pwl->password = (unsigned char *)mystrdup((char *)arg+4);
-			}
-			else {
-				pwl->password = (unsigned char *) mystrdup((char *)arg + 1);
-				pwl->pwtype = UN;
-			}
-			if(!pwl->password) return 3;
-		}
-		if(!pwl->user) return 21;
-		pthread_mutex_lock(&pwl_mutex);
-		pwl->next = conf.pwl;
-		conf.pwl = pwl;
-		pthread_mutex_unlock(&pwl_mutex);
-
-
-	}
-	return 0;
+        if (!pw_table.ihashtable && inithashtable(&pw_table, 16, 32, 1048576))
+            return 3;
+        hashadd(&pw_table, pw, &dummy, MAX_COUNTER_TIME);
+    }
+    return 0;
 }
 
 static int h_maxconn(int argc, unsigned char **argv){
@@ -1852,7 +1851,6 @@ void freeconf(struct extparam *confp){
  struct bandlim * blout;
  struct connlim * cl;
  struct trafcount * tc;
- struct passwords *pw;
  struct ace *acl;
  struct filemon *fm;
  int counterd, archiverc;
@@ -1886,11 +1884,9 @@ void freeconf(struct extparam *confp){
  confp->connlimiter = NULL;
  pthread_mutex_unlock(&connlim_mutex);
 
- pthread_mutex_lock(&pwl_mutex);
- pw = confp->pwl;
- confp->pwl = NULL;
- pthread_mutex_unlock(&pwl_mutex);
-
+ destroyhashtable(&pw_table);
+ destroyhashtable(&pwnt_table);
+ destroyhashtable(&pwcr_table);
 
  confp->logfunc = lognone;
  logformat = confp->logformat;
@@ -1935,7 +1931,6 @@ void freeconf(struct extparam *confp){
 
  
  freeacl(acl);
- freepwl(pw);
  for(; bl; bl = (struct bandlim *) itfree(bl, bl->next)) freeacl(bl->ace);
  for(; blout; blout = (struct bandlim *) itfree(blout, blout->next))freeacl(blout->ace);
  for(; cl; cl = (struct connlim *) itfree(cl, cl->next)) freeacl(cl->ace);
diff --git a/src/hash.c b/src/hash.c
index c004592..eced1fe 100644
--- a/src/hash.c
+++ b/src/hash.c
@@ -24,11 +24,12 @@ void destroyhashtable(struct hashtable *ht){
 	ht->hashvalues = NULL;
     }
     if(ht->hashhashvalues){
-	myfree(ht->hashvalues);
-	ht->hashvalues = NULL;
+	myfree(ht->hashhashvalues);
+	ht->hashhashvalues = NULL;
     }
     ht->poolsize = 0;
     ht->tablesize = 0;
+    ht->ihashempty = 0;
     pthread_mutex_unlock(&hash_mutex);
 }
 
@@ -62,8 +63,8 @@ int inithashtable(struct hashtable *ht, unsigned tablesize, unsigned poolsize, u
 	ht->hashvalues = NULL;
     }
     if(ht->hashhashvalues){
-	myfree(ht->hashvalues);
-	ht->hashvalues = NULL;
+	myfree(ht->hashhashvalues);
+	ht->hashhashvalues = NULL;
     }
     ht->poolsize = 0;
     ht->tablesize = 0;
@@ -315,9 +316,14 @@ void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
 
 
 
+static void user2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
+    struct clientparam *param = (struct clientparam *)index;
+    blake2b(hash, ht->hash_size, param->username, strlen((const char *)param->username), NULL, 0);
+}
+
 struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 12};
 struct hashtable dns6_table = {char_index2hash, char_index2hash, 16, 12};
 struct hashtable auth_table = {param2hash_add, param2hash_search, sizeof(struct authcache), 12};
 struct hashtable pw_table = {pw2hash_add, pw2hash_search, 0, 12};
 struct hashtable pwnt_table = {pwnt2hash_add, pwnt2hash_search, 0, 12};
-struct hashtable pwcr_table = {char_index2hash, char_index2hash, 64, 12};
+struct hashtable pwcr_table = {char_index2hash, user2hash_search, 64, 12};
diff --git a/src/structures.h b/src/structures.h
index 1e18356..f189551 100644
--- a/src/structures.h
+++ b/src/structures.h
@@ -779,6 +779,9 @@ struct hashtable {
 extern struct hashtable dns_table;
 extern struct hashtable dns6_table;
 extern struct hashtable auth_table;
+extern struct hashtable pw_table;
+extern struct hashtable pwnt_table;
+extern struct hashtable pwcr_table;
 
 struct authcache {
         unsigned char username[64];