diff --git a/crypto.go b/crypto.go
index 5bbf703..11e5212 100644
--- a/crypto.go
+++ b/crypto.go
@@ -278,7 +278,7 @@ func newDecryptionReader(r *io.SectionReader, f *File) (io.Reader, error) {
 	salt := saltpwvv[:saltLen]
 	pwvv := saltpwvv[saltLen : saltLen+2]
 	// generate keys
-	decKey, authKey, pwv := generateKeys(f.password, salt, keyLen)
+	decKey, authKey, pwv := generateKeys(f.Password(), salt, keyLen)
 	// check password verifier (pwv)
 	// Change to use crypto/subtle for constant time comparison
 	if !checkPasswordVerification(pwv, pwvv) {
diff --git a/crypto_test.go b/crypto_test.go
index 8190338..bfdd445 100644
--- a/crypto_test.go
+++ b/crypto_test.go
@@ -7,6 +7,10 @@ import (
 	"testing"
 )
 
+var pwFn = func() []byte {
+	return []byte("golang")
+}
+
 // Test simple password reading.
 func TestPasswordSimple(t *testing.T) {
 	file := "hello-aes.zip"
@@ -26,7 +30,7 @@ func TestPasswordSimple(t *testing.T) {
 	if f.Method != 0 {
 		t.Errorf("Expected %s to have its Method set to 0.", file)
 	}
-	f.SetPassword([]byte("golang"))
+	f.Password = pwFn
 	rc, err := f.Open()
 	if err != nil {
 		t.Errorf("Expected to open the readcloser: %v.", err)
@@ -57,7 +61,7 @@ func TestPasswordHelloWorldAes(t *testing.T) {
 		if !f.IsEncrypted() {
 			t.Errorf("Expected %s to be encrypted.", f.FileInfo().Name)
 		}
-		f.SetPassword([]byte("golang"))
+		f.Password = pwFn
 		rc, err := f.Open()
 		if err != nil {
 			t.Errorf("Expected to open readcloser: %v", err)
@@ -87,7 +91,7 @@ func TestPasswordMacbethAct1(t *testing.T) {
 		if !f.IsEncrypted() {
 			t.Errorf("Expected %s to be encrypted.", f.Name)
 		}
-		f.SetPassword([]byte("golang"))
+		f.Password = pwFn
 		rc, err := f.Open()
 		if err != nil {
 			t.Errorf("Expected to open readcloser: %v", err)
@@ -127,7 +131,7 @@ func TestPasswordAE1BadCRC(t *testing.T) {
 		if !f.IsEncrypted() {
 			t.Errorf("Expected zip to be encrypted")
 		}
-		f.SetPassword([]byte("golang"))
+		f.Password = pwFn
 		rc, err := f.Open()
 		if err != nil {
 			t.Errorf("Expected the readcloser to open.")
@@ -158,7 +162,7 @@ func TestPasswordTamperedData(t *testing.T) {
 		if !f.IsEncrypted() {
 			t.Errorf("Expected zip to be encrypted")
 		}
-		f.SetPassword([]byte("golang"))
+		f.Password = pwFn
 		rc, err := f.Open()
 		if err != nil {
 			t.Errorf("Expected the readcloser to open.")
diff --git a/struct.go b/struct.go
index 6d7f1a7..95f4593 100644
--- a/struct.go
+++ b/struct.go
@@ -94,15 +94,14 @@ type FileHeader struct {
 	Comment            string
 
 	// encryption fields
-	password    []byte
+	Password    PasswordFn // The password to use when reading/writing
 	ae          uint16
 	aesStrength byte
 }
 
-// SetPassword must be called before calling Open on the file.
-func (f *FileHeader) SetPassword(password []byte) {
-	f.password = password
-}
+// PasswordFn is a function that returns the password
+// as a byte slice
+type PasswordFn func() []byte
 
 // IsEncrypted indicates whether this file's data is encrypted.
 func (f *FileHeader) IsEncrypted() bool {