diff --git a/sasl/Cargo.toml b/sasl/Cargo.toml
index 91527116..10c12e99 100644
--- a/sasl/Cargo.toml
+++ b/sasl/Cargo.toml
@@ -24,6 +24,7 @@ rand_os = "0.1"
 sha-1 = "0.8"
 sha2 = "0.8"
 hmac = "0.7"
+pbkdf2 = { version = "0.3", default-features = false }
 
 [dependencies.openssl]
 version = "0.10.7"
diff --git a/sasl/src/common/scram.rs b/sasl/src/common/scram.rs
index 681524b2..405afafb 100644
--- a/sasl/src/common/scram.rs
+++ b/sasl/src/common/scram.rs
@@ -1,6 +1,5 @@
 use hmac::{Hmac, Mac};
-use openssl::hash::MessageDigest;
-use openssl::pkcs5::pbkdf2_hmac;
+use pbkdf2::pbkdf2;
 use rand_os::{
     rand_core::{Error as RngError, RngCore},
     OsRng,
@@ -72,14 +71,7 @@ impl ScramProvider for Sha1 {
         match *password {
             Password::Plain(ref plain) => {
                 let mut result = vec![0; 20];
-                pbkdf2_hmac(
-                    plain.as_bytes(),
-                    salt,
-                    iterations,
-                    MessageDigest::sha1(),
-                    &mut result,
-                )
-                .unwrap();
+                pbkdf2::<Hmac<Sha1_hash>>(plain.as_bytes(), salt, iterations, &mut result);
                 Ok(result)
             }
             Password::Pbkdf2 {
@@ -141,14 +133,7 @@ impl ScramProvider for Sha256 {
         match *password {
             Password::Plain(ref plain) => {
                 let mut result = vec![0; 32];
-                pbkdf2_hmac(
-                    plain.as_bytes(),
-                    salt,
-                    iterations,
-                    MessageDigest::sha256(),
-                    &mut result,
-                )
-                .unwrap();
+                pbkdf2::<Hmac<Sha256_hash>>(plain.as_bytes(), salt, iterations, &mut result);
                 Ok(result)
             }
             Password::Pbkdf2 {