diff --git a/src/de/deadlocker8/budgetmaster/logic/Helpers.java b/src/de/deadlocker8/budgetmaster/logic/Helpers.java
index a3761e796fd6ad0bd0a435ffe141d0d397e9fa34..46cbd7e69215357f7aad1354fc9e775767fcc054 100644
--- a/src/de/deadlocker8/budgetmaster/logic/Helpers.java
+++ b/src/de/deadlocker8/budgetmaster/logic/Helpers.java
@@ -9,6 +9,7 @@ import java.time.format.DateTimeFormatter;
 public class Helpers
 {
 	public static final DecimalFormat NUMBER_FORMAT = new DecimalFormat("0.00");
+	public static final String SALT = "ny9/Y+G|WrJ,82|oIYQQ X %i-sq#4,uA-qKPtwFPnw+s(k2`rV)^-a1|t{D3Z>S";
 	
 	public static String getURLEncodedString(String input)
 	{
diff --git a/src/de/deadlocker8/budgetmaster/ui/SettingsController.java b/src/de/deadlocker8/budgetmaster/ui/SettingsController.java
index c477c8574241863b1a7f5801b941efaa8736222d..b59ac2dedbe534a3ab3ab8f4869bd6d72c011d47 100644
--- a/src/de/deadlocker8/budgetmaster/ui/SettingsController.java
+++ b/src/de/deadlocker8/budgetmaster/ui/SettingsController.java
@@ -4,6 +4,7 @@ import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Optional;
 
+import de.deadlocker8.budgetmaster.logic.Helpers;
 import de.deadlocker8.budgetmaster.logic.ServerConnection;
 import de.deadlocker8.budgetmaster.logic.Settings;
 import de.deadlocker8.budgetmaster.logic.Utils;
@@ -27,6 +28,7 @@ import logger.Logger;
 import tools.AlertGenerator;
 import tools.BASE58Type;
 import tools.ConvertTo;
+import tools.HashUtils;
 import tools.RandomCreations;
 import tools.Worker;
 
@@ -128,7 +130,7 @@ public class SettingsController
 					if(controller.getSettings() != null)
 					{
 						controller.getSettings().setUrl(url);
-						controller.getSettings().setSecret(secret);
+						controller.getSettings().setSecret(HashUtils.hash(secret, Helpers.SALT));
 						controller.getSettings().setCurrency(currency);
 						controller.getSettings().setRestActivated(radioButtonRestActivated.isSelected());
 						controller.getSettings().setTrustedHosts(trustedHosts);
@@ -137,7 +139,7 @@ public class SettingsController
 					{
 						Settings settings = new Settings();
 						settings.setUrl(url);
-						settings.setSecret(secret);
+						settings.setSecret(HashUtils.hash(secret, Helpers.SALT));
 						settings.setCurrency(currency);
 						settings.setRestActivated(radioButtonRestActivated.isSelected());
 						settings.setTrustedHosts(trustedHosts);
diff --git a/src/de/deadlocker8/budgetmasterserver/server/SparkServer.java b/src/de/deadlocker8/budgetmasterserver/server/SparkServer.java
index 62aea0bf86195a23219742d1af73105f4d776270..0b47774b2edfef2f779f49321665d32101dedead 100644
--- a/src/de/deadlocker8/budgetmasterserver/server/SparkServer.java
+++ b/src/de/deadlocker8/budgetmasterserver/server/SparkServer.java
@@ -17,6 +17,7 @@ import org.joda.time.DateTime;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 
+import de.deadlocker8.budgetmaster.logic.Helpers;
 import de.deadlocker8.budgetmasterserver.main.DatabaseHandler;
 import de.deadlocker8.budgetmasterserver.main.Settings;
 import de.deadlocker8.budgetmasterserver.server.category.CategoryAdd;
@@ -39,6 +40,7 @@ import de.deadlocker8.budgetmasterserver.server.updater.RepeatingPaymentUpdater;
 import logger.Logger;
 import spark.Spark;
 import spark.route.RouteOverview;
+import tools.HashUtils;
 
 public class SparkServer
 {	
@@ -78,7 +80,7 @@ public class SparkServer
 
 			String clientSecret = request.queryMap("secret").value();
 
-			if(clientSecret == null || !clientSecret.equals(settings.getServerSecret()))
+			if(clientSecret == null || !clientSecret.equals(HashUtils.hash(settings.getServerSecret(), Helpers.SALT)))
 			{
 				halt(401, "Unauthorized");
 			}