diff --git a/src/bayou.rs b/src/bayou.rs
index fe05e13..cc83667 100644
--- a/src/bayou.rs
+++ b/src/bayou.rs
@@ -9,7 +9,6 @@ use k2v_client::{BatchDeleteOp, BatchReadOp, Filter, K2vClient, K2vValue};
 use rusoto_s3::{
     DeleteObjectRequest, GetObjectRequest, ListObjectsV2Request, PutObjectRequest, S3Client, S3,
 };
-use rusoto_signature::Region;
 
 use crate::cryptoblob::*;
 use crate::login::Credentials;
diff --git a/src/cryptoblob.rs b/src/cryptoblob.rs
index 5b22ac1..395ae21 100644
--- a/src/cryptoblob.rs
+++ b/src/cryptoblob.rs
@@ -5,7 +5,7 @@ use anyhow::{anyhow, Result};
 use serde::{Deserialize, Serialize};
 use zstd::stream::{decode_all as zstd_decode, encode_all as zstd_encode};
 
-use sodiumoxide::crypto::box_ as publicbox;
+//use sodiumoxide::crypto::box_ as publicbox;
 use sodiumoxide::crypto::secretbox::xsalsa20poly1305 as secretbox;
 
 pub use sodiumoxide::crypto::box_::{
diff --git a/src/login/static_provider.rs b/src/login/static_provider.rs
index 3ef8d89..cc0c8cb 100644
--- a/src/login/static_provider.rs
+++ b/src/login/static_provider.rs
@@ -32,8 +32,7 @@ impl LoginProvider for StaticLoginProvider {
         match self.users.get(username) {
             None => bail!("User {} does not exist", username),
             Some(u) => {
-                if u.password != password {
-                    // TODO cryptographic password compare
+                if !verify_password(password, &u.password) {
                     bail!("Wrong password");
                 }
                 let bucket = u
@@ -56,7 +55,7 @@ impl LoginProvider for StaticLoginProvider {
                     (Some(m), Some(s)) => {
                         let master_key = Key::from_slice(&base64::decode(m)?)
                             .ok_or(anyhow!("Invalid master key"))?;
-                        let secret_key = SecretKey::from_slice(&base64::decode(m)?)
+                        let secret_key = SecretKey::from_slice(&base64::decode(s)?)
                             .ok_or(anyhow!("Invalid secret key"))?;
                         CryptoKeys::open_without_password(&storage, &master_key, &secret_key).await?
                     }
diff --git a/src/mailbox.rs b/src/mailbox.rs
index 8a90eb1..a20ca15 100644
--- a/src/mailbox.rs
+++ b/src/mailbox.rs
@@ -2,7 +2,6 @@ use anyhow::Result;
 use k2v_client::K2vClient;
 use rand::prelude::*;
 use rusoto_s3::S3Client;
-use rusoto_signature::Region;
 
 use crate::bayou::Bayou;
 use crate::cryptoblob::Key;
diff --git a/src/main.rs b/src/main.rs
index cf26ae1..04c0705 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -8,7 +8,6 @@ mod time;
 mod uidindex;
 
 use std::path::PathBuf;
-use std::sync::Arc;
 
 use anyhow::{bail, Result};
 use clap::{Parser, Subcommand};
@@ -18,8 +17,7 @@ use rusoto_signature::Region;
 
 use config::*;
 use cryptoblob::*;
-use login::{ldap_provider::*, static_provider::*, *};
-use mailbox::Mailbox;
+use login::{static_provider::*, *};
 use server::Server;
 
 #[derive(Parser, Debug)]