diff --git a/src/client/ClientCredentials.c b/src/client/ClientCredentials.c
index 433d97c..324d8cb 100644
--- a/src/client/ClientCredentials.c
+++ b/src/client/ClientCredentials.c
@@ -1,5 +1,5 @@
 #include "client.h"
-#include "tlibc/string/StringBuilder.h"
+#include "tlibc/collections/List.h"
 
 void ClientCredentials_destroy(ClientCredentials* cred){
     if(!cred)
@@ -22,18 +22,19 @@ Result(void) ClientCredentials_tryConstruct(ClientCredentials* cred,
     cred->username = str_copy(username);
 
     // concat password and username
-    StringBuilder sb = StringBuilder_alloc(username.size + password.size + 1);
-    Defer(StringBuilder_destroy(&sb));
-    StringBuilder_append_str(&sb, password);
-    StringBuilder_append_str(&sb, username);
-    Array(u8) password_and_username = str_castTo_Array(StringBuilder_getStr(&sb));
+    List(u8) data_to_hash = List_alloc_size(password.size + username.size + PASSWORD_HASH_SIZE);
+    Defer(free(data_to_hash.data));
+    List_push_size(&data_to_hash, password.data, password.size);
+    List_push_size(&data_to_hash, username.data, username.size);
     
     // lvl 1 hash - is used as AES key for user data
     cred->user_data_key = Array_alloc(u8, PASSWORD_HASH_SIZE);
-    hash_password(password_and_username, cred->user_data_key.data, __PASSWORD_HASH_LVL_ITERATIONS);
+    hash_password(List_castTo_Array(data_to_hash), cred->user_data_key.data, __PASSWORD_HASH_LVL_ROUNDS);
+    // concat lvl 1 hash to data_to_hash
+    List_push_size(&data_to_hash, cred->user_data_key.data, cred->user_data_key.size);
     // lvl 2 hash - is used for authentification
     cred->token = Array_alloc(u8, PASSWORD_HASH_SIZE);
-    hash_password(cred->user_data_key, cred->token.data, __PASSWORD_HASH_LVL_ITERATIONS);
+    hash_password(List_castTo_Array(data_to_hash), cred->token.data, __PASSWORD_HASH_LVL_ROUNDS);
 
     AESBlockEncryptor_construct(&cred->user_data_aes_enc, cred->user_data_key, AESBlockEncryptor_DEFAULT_CLASS);
     AESBlockDecryptor_construct(&cred->user_data_aes_dec, cred->user_data_key, AESBlockDecryptor_DEFAULT_CLASS);
diff --git a/src/cryptography/cryptography.h b/src/cryptography/cryptography.h
index a88260e..468febc 100755
--- a/src/cryptography/cryptography.h
+++ b/src/cryptography/cryptography.h
@@ -12,11 +12,10 @@
 /// @brief hashes password multiple times using its own hash as salt 
 /// @param password some byte array 
 /// @param out_buffer u8[PASSWORD_HASH_SIZE]
-/// @param iterations number of iterations
-void hash_password(Array(u8) password, u8* out_buffer, i32 iterations);
+/// @param rounds number of rounds
+void hash_password(Array(u8) password, u8* out_buffer, i32 rounds);
 #define PASSWORD_HASH_SIZE 32
-
-#define __PASSWORD_HASH_LVL_ITERATIONS 1e5
+#define PASSWORD_HASH_LVL_ROUNDS 1e5
 
 //////////////////////////////////////////////////////////////////////////////
 //                                                                          //