diff --git a/src/crypto/crypto.cc b/src/crypto/crypto.cc
index f9d0404..134014a 100644
--- a/src/crypto/crypto.cc
+++ b/src/crypto/crypto.cc
@@ -250,15 +250,13 @@ const string Session::encrypt( const Message & plaintext )
   return plaintext.nonce.cc_str() + text;
 }
 
-const Message Session::decrypt( const string & ciphertext )
+const Message Session::decrypt( const char *str, size_t len )
 {
-  if ( ciphertext.size() < 24 ) {
+  if ( len < 24 ) {
     throw CryptoException( "Ciphertext must contain nonce and tag." );
   }
 
-  const char *str = ciphertext.data();
-
-  int body_len = ciphertext.size() - 8;
+  int body_len = len - 8;
   int pt_len = body_len - 16;
 
   if ( pt_len < 0 ) { /* super-assertion that pt_len does not equal AE_INVALID */
diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index 736b43d..a356c9a 100644
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -151,7 +151,10 @@ namespace Crypto {
     ~Session();
     
     const string encrypt( const Message & plaintext );
-    const Message decrypt( const string & ciphertext );
+    const Message decrypt( const char *str, size_t len );
+    const Message decrypt( const string & ciphertext ) {
+      return decrypt( ciphertext.data(), ciphertext.size() );
+    }
     
     Session( const Session & );
     Session & operator=( const Session & );
diff --git a/src/network/network.cc b/src/network/network.cc
index 87d8afd..730a4db 100644
--- a/src/network/network.cc
+++ b/src/network/network.cc
@@ -513,7 +513,7 @@ string Connection::recv_one( int sock_to_recv, bool nonblocking )
     }
   }
 
-  Packet p( session.decrypt( string( msg_payload, received_len ) ) );
+  Packet p( session.decrypt( msg_payload, received_len ) );
 
   dos_assert( p.direction == (server ? TO_SERVER : TO_CLIENT) ); /* prevent malicious playback to sender */