diff --git a/crossbar/router/auth/wampcra.py b/crossbar/router/auth/wampcra.py
index 496f7f36c..4674beadb 100644
--- a/crossbar/router/auth/wampcra.py
+++ b/crossbar/router/auth/wampcra.py
@@ -62,7 +62,6 @@ def _compute_challenge(self, user):
         }
         challenge: str = json.dumps(challenge_obj, ensure_ascii=False)
         secret = user['secret'].encode('utf8')
-        signature = auth.compute_wcs(secret, challenge.encode('utf8')).decode('ascii')
 
         # extra data to send to client in CHALLENGE
         extra = {'challenge': challenge}
@@ -73,6 +72,9 @@ def _compute_challenge(self, user):
             extra['salt'] = user['salt']
             extra['iterations'] = user.get('iterations', 1000)
             extra['keylen'] = user.get('keylen', 32)
+            secret = auth.derive_key(secret, extra['salt'], extra['iterations'], extra['keylen'])
+
+        signature = auth.compute_wcs(secret, challenge.encode('utf8')).decode('ascii')
 
         return extra, signature