diff --git a/auth.ts b/auth.ts
index 4f2ec3d..7ebb84c 100644
--- a/auth.ts
+++ b/auth.ts
@@ -1,12 +1,12 @@
 import getEnv from "@/lib/env-entry"
-import CryptoJS from "crypto-js"
+import bcrypt from "bcrypt"
 import NextAuth from "next-auth"
 import CredentialsProvider from "next-auth/providers/credentials"
 
 export const { handlers, signIn, signOut, auth } = NextAuth({
   secret:
     process.env.AUTH_SECRET ??
-    CryptoJS.MD5(`this_is_nezha_dash_web_secret_${getEnv("SitePassword")}`).toString(),
+    bcrypt.hashSync(`this_is_nezha_dash_web_secret_${getEnv("SitePassword")}`, 10),
   trustHost: (process.env.AUTH_TRUST_HOST as boolean | undefined) ?? true,
   providers: [
     CredentialsProvider({
diff --git a/bun.lockb b/bun.lockb
index 020eed3..fe72373 100755
Binary files a/bun.lockb and b/bun.lockb differ
diff --git a/package.json b/package.json
index 3ac254d..8012089 100644
--- a/package.json
+++ b/package.json
@@ -26,10 +26,12 @@
     "@radix-ui/react-switch": "^1.1.3",
     "@radix-ui/react-tooltip": "^1.1.8",
     "@trivago/prettier-plugin-sort-imports": "^5.2.2",
+    "@types/bcrypt": "^5.0.2",
     "@types/crypto-js": "^4.2.2",
     "@types/d3-geo": "^3.1.0",
     "@types/luxon": "^3.4.2",
     "babel-plugin-react-compiler": "^19.0.0-beta-e552027-20250112",
+    "bcrypt": "^5.1.1",
     "caniuse-lite": "^1.0.30001707",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",