diff --git a/packages/sasl-ht-sha-256-none/index.js b/packages/sasl-ht-sha-256-none/index.js
index 591fa32f..ab8da8b6 100644
--- a/packages/sasl-ht-sha-256-none/index.js
+++ b/packages/sasl-ht-sha-256-none/index.js
@@ -1,4 +1,7 @@
+/* eslint-disable n/no-unsupported-features/node-builtins */
+
 // https://datatracker.ietf.org/doc/draft-schmaus-kitten-sasl-ht/
+// https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API
 
 export function Mechanism() {}
 
@@ -6,34 +9,31 @@ Mechanism.prototype.Mechanism = Mechanism;
 Mechanism.prototype.name = "HT-SHA-256-NONE";
 Mechanism.prototype.clientFirst = true;
 
-Mechanism.prototype.response = async function response(cred) {
-  this.password = cred.password;
-  // eslint-disable-next-line n/no-unsupported-features/node-builtins
-  const hmac = await crypto.subtle.importKey(
+Mechanism.prototype.response = async function response({ username, password }) {
+  this.key = await crypto.subtle.importKey(
     "raw",
-    new TextEncoder().encode(this.password),
+    new TextEncoder().encode(password),
+    // https://developer.mozilla.org/en-US/docs/Web/API/HmacImportParams
     { name: "HMAC", hash: "SHA-256" },
-    false,
-    ["sign", "verify"]
+    false, //extractable
+    ["sign", "verify"],
+  );
+  const digest = await crypto.subtle.sign(
+    "HMAC",
+    this.key,
+    new TextEncoder().encode("Initiator"),
   );
-  // eslint-disable-next-line n/no-unsupported-features/node-builtins
-  const digest = await crypto.subtle.sign("HMAC", hmac, new TextEncoder().encode("Initiator"));
-  const digestS = String.fromCharCode.apply(null, new Uint8Array(digest));
-  return cred.username + "\0" + digestS;
+  const digestS = String.fromCodePoint(...new Uint8Array(digest));
+  return username + "\0" + digestS;
 };
 
 Mechanism.prototype.final = async function final(data) {
-  // eslint-disable-next-line n/no-unsupported-features/node-builtins
-  const hmac = await crypto.subtle.importKey(
-    "raw",
-    new TextEncoder().encode(this.password),
-    { name: "HMAC", hash: "SHA-256" },
-    false,
-    ["sign", "verify"]
+  const digest = await crypto.subtle.sign(
+    "HMAC",
+    this.key,
+    new TextEncoder().encode("Responder"),
   );
-  // eslint-disable-next-line n/no-unsupported-features/node-builtins
-  const digest = await crypto.subtle.sign("HMAC", hmac, new TextEncoder().encode("Responder"));
-  const digestS = String.fromCharCode.apply(null, new Uint8Array(digest));
+  const digestS = String.fromCodePoint(...new Uint8Array(digest));
   if (digestS !== data) {
     throw new Error("Responder message from server was wrong");
   }