diff --git a/js/crypto.js b/js/crypto.js
index a90e9465..420c7aad 100644
--- a/js/crypto.js
+++ b/js/crypto.js
@@ -331,18 +331,22 @@ window.textsecure.crypto = function() {
 	}
 
 	testing_only.HKDF = function(input, salt, info) {
-		// Specific implementation of RFC 5869 that only returns exactly 64 bytes
+		// Specific implementation of RFC 5869 that only returns the first 3 32-byte chunks
+		// TODO: We dont always need the third chunk, we might skip it
 		return HmacSHA256(salt, input).then(function(PRK) {
 			var infoBuffer = new ArrayBuffer(info.byteLength + 1 + 32);
 			var infoArray = new Uint8Array(infoBuffer);
 			infoArray.set(new Uint8Array(info), 32);
 			infoArray[infoArray.length - 1] = 1;
-			// TextSecure implements a slightly tweaked version of RFC 5869: the 0 and 1 should be 1 and 2 here
 			return HmacSHA256(PRK, infoBuffer.slice(32)).then(function(T1) {
 				infoArray.set(new Uint8Array(T1));
 				infoArray[infoArray.length - 1] = 2;
 				return HmacSHA256(PRK, infoBuffer).then(function(T2) {
-					return [ T1, T2 ];
+					infoArray.set(new Uint8Array(T2));
+					infoArray[infoArray.length - 1] = 3;
+					return HmacSHA256(PRK, infoBuffer).then(function(T3) {
+						return [ T1, T2, T3 ];
+					});
 				});
 			});
 		});
@@ -686,8 +690,7 @@ window.textsecure.crypto = function() {
 					macInput.set(new Uint8Array(messageProtoArray), 33*2 + 1);
 
 					return verifyMAC(macInput.buffer, keys[1], mac).then(function() {
-						var counter = intToArrayBuffer(message.counter);
-						return window.textsecure.subtle.decrypt({name: "AES-CTR", counter: counter}, keys[0], toArrayBuffer(message.ciphertext))
+						return window.textsecure.subtle.decrypt({name: "AES-CBC", iv: keys[2].slice(0, 16)}, keys[0], toArrayBuffer(message.ciphertext))
 									.then(function(paddedPlaintext) {
 
 							paddedPlaintext = new Uint8Array(paddedPlaintext);
@@ -816,8 +819,7 @@ window.textsecure.crypto = function() {
 					msg.counter = chain.chainKey.counter;
 					msg.previousCounter = session.currentRatchet.previousCounter;
 
-					var counter = intToArrayBuffer(chain.chainKey.counter);
-					return window.textsecure.subtle.encrypt({name: "AES-CTR", counter: counter}, keys[0], paddedPlaintext.buffer).then(function(ciphertext) {
+					return window.textsecure.subtle.encrypt({name: "AES-CBC", iv: keys[2].slice(0, 16)}, keys[0], paddedPlaintext.buffer).then(function(ciphertext) {
 						msg.ciphertext = ciphertext;
 						var encodedMsg = toArrayBuffer(msg.encode());