diff --git a/src/lib/libutil/bcrypt_pbkdf.c b/src/lib/libutil/bcrypt_pbkdf.c
index a3dc2775..22725e69 100644
--- a/src/lib/libutil/bcrypt_pbkdf.c
+++ b/src/lib/libutil/bcrypt_pbkdf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bcrypt_pbkdf.c,v 1.5 2013/12/22 03:29:07 tedu Exp $ */
+/* $OpenBSD: bcrypt_pbkdf.c,v 1.6 2014/01/31 16:56:32 tedu Exp $ */
 /*
  * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
  *
@@ -87,9 +87,9 @@ bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out)
 	}
 
 	/* zap */
-	memset(ciphertext, 0, sizeof(ciphertext));
-	memset(cdata, 0, sizeof(cdata));
-	memset(&state, 0, sizeof(state));
+	explicit_bzero(ciphertext, sizeof(ciphertext));
+	explicit_bzero(cdata, sizeof(cdata));
+	explicit_bzero(&state, sizeof(state));
 }
 
 int
@@ -155,8 +155,8 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
 	}
 
 	/* zap */
-	memset(&ctx, 0, sizeof(ctx));
-	memset(out, 0, sizeof(out));
+	explicit_bzero(&ctx, sizeof(ctx));
+	explicit_bzero(out, sizeof(out));
 
 	return 0;
 }
diff --git a/src/lib/libutil/pkcs5_pbkdf2.c b/src/lib/libutil/pkcs5_pbkdf2.c
index f7207650..2d07ea03 100644
--- a/src/lib/libutil/pkcs5_pbkdf2.c
+++ b/src/lib/libutil/pkcs5_pbkdf2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pkcs5_pbkdf2.c,v 1.5 2014/01/18 07:12:04 jsing Exp $	*/
+/*	$OpenBSD: pkcs5_pbkdf2.c,v 1.6 2014/01/31 16:56:32 tedu Exp $	*/
 
 /*-
  * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -111,11 +111,11 @@ pkcs5_pbkdf2(const char *pass, size_t pass_len, const uint8_t *salt,
 		key += r;
 		key_len -= r;
 	};
-	bzero(asalt, salt_len + 4);
+	explicit_bzero(asalt, salt_len + 4);
 	free(asalt);
-	bzero(d1, sizeof(d1));
-	bzero(d2, sizeof(d2));
-	bzero(obuf, sizeof(obuf));
+	explicit_bzero(d1, sizeof(d1));
+	explicit_bzero(d2, sizeof(d2));
+	explicit_bzero(obuf, sizeof(obuf));
 
 	return 0;
 }