diff --git a/lib/bcoin/crypto.js b/lib/bcoin/crypto.js
index 50f4f172..1c000192 100644
--- a/lib/bcoin/crypto.js
+++ b/lib/bcoin/crypto.js
@@ -312,7 +312,7 @@ crypto.decipher = function decipher(data, key, iv) {
 crypto._pbkdf2 = function pbkdf2(key, salt, iter, len, alg) {
   var size = crypto.hash(alg, new Buffer(0)).length;
   var blocks = Math.ceil(len / size);
-  var out = new Buffer(blocks * size);
+  var out = new Buffer(len);
   var buf = new Buffer(salt.length + 4);
   var block = new Buffer(size);
   var pos = 0;
@@ -333,7 +333,7 @@ crypto._pbkdf2 = function pbkdf2(key, salt, iter, len, alg) {
     pos += size;
   }
 
-  return out.slice(0, len);
+  return out;
 };
 
 /**
@@ -365,7 +365,7 @@ crypto.hkdfExpand = function hkdfExpand(prk, info, len, alg) {
   if (blocks > 255)
     throw new Error('Too many blocks.');
 
-  okm = new Buffer(0);
+  okm = new Buffer(len);
 
   if (blocks === 0)
     return okm;
@@ -376,16 +376,16 @@ crypto.hkdfExpand = function hkdfExpand(prk, info, len, alg) {
   info.copy(buf, size);
   buf[buf.length - 1] = 1;
   out = crypto.hmac(alg, buf.slice(size), prk);
-  okm = out;
+  out.copy(okm, 0);
 
   for (i = 1; i < blocks; i++) {
     out.copy(buf, 0);
     buf[buf.length - 1]++;
     out = crypto.hmac(alg, buf, prk);
-    okm = Buffer.concat([okm, out]);
+    out.copy(okm, i * size);
   }
 
-  return okm.slice(0, len);
+  return okm;
 };
 
 /**