diff --git a/p/scripts/extra.js b/p/scripts/extra.js
index edc9edd9523..6f756b39306 100644
--- a/p/scripts/extra.js
+++ b/p/scripts/extra.js
@@ -39,44 +39,53 @@ function init_crypto_form() {
 	}
 
 	crypto_form.onsubmit = function (e) {
-		if (submit_button) {
-			submit_button.disabled = true;
+		e.preventDefault();
+
+		if (!submit_button) {
+			return false;
+		}
+		submit_button.disabled = true;
+
+		if (document.getElementById('challenge').value)	{
+			// Already computed
+			return true;
 		}
-		let success = false;
 
 		const req = new XMLHttpRequest();
-		req.open('GET', './?c=javascript&a=nonce&user=' + document.getElementById('username').value, false);
+		req.open('GET', './?c=javascript&a=nonce&user=' + document.getElementById('username').value, true);
+
 		req.onerror = function () {
 			openNotification('Communication error!', 'bad');
+			submit_button.disabled = false;
 		};
-		req.send();
-		if (req.status == 200) {
-			const json = xmlHttpRequestJson(req);
-			if (!json.salt1 || !json.nonce) {
-				openNotification('Invalid user!', 'bad');
-			} else {
-				try {
-					const strong = window.Uint32Array && window.crypto && (typeof window.crypto.getRandomValues === 'function');
-					const s = dcodeIO.bcrypt.hashSync(document.getElementById('passwordPlain').value, json.salt1);
-					const c = dcodeIO.bcrypt.hashSync(json.nonce + s, strong ? dcodeIO.bcrypt.genSaltSync(4) : poormanSalt());
-					document.getElementById('challenge').value = c;
-					if (!s || !c) {
-						openNotification('Crypto error!', 'bad');
-					} else {
-						success = true;
+
+		req.onload = function () {
+			if (req.status == 200) {
+				const json = xmlHttpRequestJson(req);
+				if (!json.salt1 || !json.nonce) {
+					openNotification('Invalid user!', 'bad');
+				} else {
+					try {
+						const strong = window.Uint32Array && window.crypto && (typeof window.crypto.getRandomValues === 'function');
+						const s = dcodeIO.bcrypt.hashSync(document.getElementById('passwordPlain').value, json.salt1);
+						const c = dcodeIO.bcrypt.hashSync(json.nonce + s, strong ? dcodeIO.bcrypt.genSaltSync(4) : poormanSalt());
+						document.getElementById('challenge').value = c;
+						if (!s || !c) {
+							openNotification('Crypto error!', 'bad');
+						} else {
+							crypto_form.removeEventListener('submit', crypto_form.onsubmit);
+							crypto_form.submit();
+						}
+					} catch (ex) {
+						openNotification('Crypto exception! ' + ex, 'bad');
 					}
-				} catch (ex) {
-					openNotification('Crypto exception! ' + ex, 'bad');
 				}
+			} else {
+				req.onerror();
 			}
-		} else {
-			req.onerror();
-		}
+		};
 
-		if (submit_button) {
-			submit_button.disabled = false;
-		}
-		return success;
+		req.send();
 	};
 }
 // </crypto form (Web login)>