diff --git a/src/controllers/wallet.controller.ts b/src/controllers/wallet.controller.ts
index 2ad3d46..42decac 100644
--- a/src/controllers/wallet.controller.ts
+++ b/src/controllers/wallet.controller.ts
@@ -5,6 +5,7 @@ import { router } from 'decorators/router'
 import { Wallet } from 'modules/Wallet'
 import { WalletExt } from 'modules/WalletExt'
 import { customAlphabet } from 'nanoid'
+import { genRandomString, sha3_256, sha512 } from 'utils/security.util'
 
 const nanoid = customAlphabet('1234567890abcdef', 10)
 
@@ -15,8 +16,9 @@ class WalletController extends BaseController {
     let record = await Wallet.insertOrUpdate({ account: user.id }, {})
     let data: any = { oid: user.id }
     if (record.nweRecord) {
-      record.salt = nanoid()
-      record.is = nanoid(12)
+      record.salt = nanoid(16)
+      const key = sha3_256(sha512(genRandomString(16), genRandomString(12)).passwordHash)
+      record.key = key
       record.nweRecord = false
       await record.save()
     }
@@ -48,18 +50,15 @@ class WalletController extends BaseController {
   @router('post /wallet/info')
   async uploadWalletInfo(req, res) {
     let user = req.user
-    let { key, address } = req.params
-    if (!key && !address) {
+    let { address } = req.params
+    if (!address) {
       throw new ZError(10, 'no data to save')
     }
-    let record = await Wallet.insertOrUpdate({ account: user.id }, {})
-    if (key) {
-      record.key = key
-    }
-
-    if (address) {
-      record.address = address
+    let record = await Wallet.findOne({ account: user.id })
+    if (!record) {
+      throw new ZError(11, 'no record found')
     }
+    record.address = address
     await record.save()
     return {}
   }
diff --git a/src/modules/Wallet.ts b/src/modules/Wallet.ts
index fff61f1..d389330 100644
--- a/src/modules/Wallet.ts
+++ b/src/modules/Wallet.ts
@@ -19,12 +19,6 @@ class WalletClass extends BaseModule {
 
   @prop()
   public address: string
-
-  /**
-   * 钱包客户端存储的密码
-   */
-  @prop()
-  public is: string
   /**
    * 用于客户端生成密钥时的加盐
    */
@@ -37,7 +31,6 @@ class WalletClass extends BaseModule {
   public toJson() {
     return {
       key: this.key,
-      is: this.is,
       salt: this.salt,
     }
   }
diff --git a/src/utils/security.util.ts b/src/utils/security.util.ts
index 2444c12..c99aa42 100644
--- a/src/utils/security.util.ts
+++ b/src/utils/security.util.ts
@@ -34,6 +34,12 @@ export function sha512(password: string, salt: string) {
   }
 }
 
+export function sha3_256(str: string) {
+  let hash = crypto.createHash('sha3-256')
+  hash.update(str)
+  return hash.digest('hex')
+}
+
 export function genRandomString(length: number) {
   return crypto
     .randomBytes(Math.ceil(length / 2))