diff --git a/src/crypt.c b/src/crypt.c
index 220b92c..ac09beb 100644
--- a/src/crypt.c
+++ b/src/crypt.c
@@ -113,12 +113,13 @@ unsigned char *crypt_hello(const crypt_key_t *const own) {
         return NULL;
     }
 
-    if (crypto_sign_detached(hello+CRYPT_PKEY_HEXLEN, NULL, (const unsigned char *)hello, CRYPT_PKEY_HEXLEN, own->sign_sec) == -1) {
+    randombytes_buf(hello+CRYPT_PKEY_HEXLEN, CRYPT_NONCEHALF_LEN);
+
+    if (crypto_sign_detached(hello+CRYPT_PKEY_HEXLEN+CRYPT_NONCEHALF_LEN, NULL, (const unsigned char *)hello, CRYPT_PKEY_HEXLEN+CRYPT_NONCEHALF_LEN, own->sign_sec) == -1) {
         free(hello);
         return NULL;
     }
 
-    randombytes_buf(hello+CRYPT_PKEY_HEXLEN+CRYPT_SIGN_LEN, CRYPT_NONCEHALF_LEN);
 
     return hello;
 }
@@ -127,7 +128,7 @@ int crypt_hello_verify(const unsigned char *const hello, crypt_key_t *const remo
     if (crypt_key_from_hex_public(remote, (const char *const)hello) == -1)
         return -1;
 
-    if (crypto_sign_verify_detached(hello+CRYPT_PKEY_HEXLEN, (const unsigned char *const)hello, CRYPT_PKEY_HEXLEN, remote->sign_pub))
+    if (crypto_sign_verify_detached(hello+CRYPT_PKEY_HEXLEN+CRYPT_NONCEHALF_LEN, (const unsigned char *const)hello, CRYPT_PKEY_HEXLEN+CRYPT_NONCEHALF_LEN, remote->sign_pub))
         return -1;
 
     return 0;