diff --git a/Cargo.toml b/Cargo.toml
index 44ccf407..69ad86c2 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -12,7 +12,7 @@ Library to support the reading and writing of zip files.
 edition = "2021"
 
 [dependencies]
-aes = { version = "0.7.5", optional = true }
+aes = { version = "0.8.2", optional = true }
 byteorder = "1.4.3"
 bzip2 = { version = "0.4.3", optional = true }
 constant_time_eq = { version = "0.2.5", optional = true }
diff --git a/src/aes.rs b/src/aes.rs
index 8997705c..c42a05ca 100644
--- a/src/aes.rs
+++ b/src/aes.rs
@@ -9,7 +9,7 @@ use crate::types::AesMode;
 use constant_time_eq::constant_time_eq;
 use hmac::{Hmac, Mac};
 use sha1::Sha1;
-use std::io::{self, Read};
+use std::io::{self, Error, ErrorKind, Read};
 
 /// The length of the password verifcation value in bytes
 const PWD_VERIFY_LENGTH: usize = 2;
@@ -84,7 +84,8 @@ impl<R: Read> AesReader<R> {
         let mut derived_key: Vec<u8> = vec![0; derived_key_len];
 
         // use PBKDF2 with HMAC-Sha1 to derive the key
-        pbkdf2::pbkdf2::<Hmac<Sha1>>(password, &salt, ITERATION_COUNT, &mut derived_key);
+        pbkdf2::pbkdf2::<Hmac<Sha1>>(password, &salt, ITERATION_COUNT, &mut derived_key)
+            .map_err(|e| Error::new(ErrorKind::InvalidInput, e))?;
         let decrypt_key = &derived_key[0..key_length];
         let hmac_key = &derived_key[key_length..key_length * 2];
         let pwd_verify = &derived_key[derived_key_len - 2..];
@@ -165,8 +166,8 @@ impl<R: Read> Read for AesReaderValid<R> {
             // use constant time comparison to mitigate timing attacks
             if !constant_time_eq(computed_auth_code, &read_auth_code) {
                 return Err(
-                    io::Error::new(
-                        io::ErrorKind::InvalidData,
+                    Error::new(
+                        ErrorKind::InvalidData,
                         "Invalid authentication code, this could be due to an invalid password or errors in the data"
                     )
                 );
diff --git a/src/aes_ctr.rs b/src/aes_ctr.rs
index 0f34335c..1c252584 100644
--- a/src/aes_ctr.rs
+++ b/src/aes_ctr.rs
@@ -4,10 +4,12 @@
 //! different byte order (little endian) than NIST (big endian).
 //! See [AesCtrZipKeyStream](./struct.AesCtrZipKeyStream.html) for more information.
 
+use aes::cipher;
+use aes::cipher::{BlockCipher, BlockEncrypt};
 use aes::cipher::generic_array::GenericArray;
-use aes::{BlockEncrypt, NewBlockCipher};
 use byteorder::WriteBytesExt;
 use std::{any, fmt};
+use cipher::KeyInit;
 
 /// Internal block size of an AES cipher.
 const AES_BLOCK_SIZE: usize = 16;
@@ -27,7 +29,7 @@ pub trait AesKind {
     /// Key type.
     type Key: AsRef<[u8]>;
     /// Cipher used to decrypt.
-    type Cipher;
+    type Cipher: KeyInit;
 }
 
 impl AesKind for Aes128 {
@@ -82,7 +84,7 @@ where
 impl<C> AesCtrZipKeyStream<C>
 where
     C: AesKind,
-    C::Cipher: NewBlockCipher,
+    C::Cipher: BlockCipher,
 {
     /// Creates a new zip variant AES-CTR key stream.
     ///
@@ -151,13 +153,14 @@ fn xor(dest: &mut [u8], src: &[u8]) {
 mod tests {
     use super::{Aes128, Aes192, Aes256, AesCipher, AesCtrZipKeyStream, AesKind};
     use aes::{BlockEncrypt, NewBlockCipher};
+    use aes::cipher::{BlockCipher, BlockEncrypt};
 
     /// Checks whether `crypt_in_place` produces the correct plaintext after one use and yields the
     /// cipertext again after applying it again.
     fn roundtrip<Aes>(key: &[u8], ciphertext: &mut [u8], expected_plaintext: &[u8])
     where
         Aes: AesKind,
-        Aes::Cipher: NewBlockCipher + BlockEncrypt,
+        Aes::Cipher: BlockCipher + BlockEncrypt,
     {
         let mut key_stream = AesCtrZipKeyStream::<Aes>::new(key);