diff --git a/src/ZEO/auth/auth_digest.py b/src/ZEO/auth/auth_digest.py
index a16e0db8f..9eabfe376 100644
--- a/src/ZEO/auth/auth_digest.py
+++ b/src/ZEO/auth/auth_digest.py
@@ -48,12 +48,12 @@
 def get_random_bytes(n=8):
     if os.path.exists("/dev/urandom"):
         f = open("/dev/urandom", 'rb')
-        s = f.read(n)
+        b = f.read(n)
         f.close()
     else:
         L = [chr(random.randint(0, 255)) for i in range(n)]
-        s = "".join(L)
-    return s
+        b = b"".join(L)
+    return b
 
 def hexdigest(s):
     return sha1(s.encode()).hexdigest()
@@ -76,7 +76,8 @@ def session_key(h_up, nonce):
     # HMAC wants a 64-byte key.  We don't want to use h_up
     # directly because it would never change over time.  Instead
     # use the hash plus part of h_up.
-    return sha1("%s:%s" % (h_up, nonce)).digest() + h_up[:44]
+    return (sha1(("%s:%s" % (h_up, nonce)).encode('latin-1')).digest() +
+            h_up.encode('utf-8')[:44])
 
 class StorageClass(ZEOStorage):
     def set_database(self, database):
@@ -93,7 +94,7 @@ def _get_nonce(self):
         # RFC 2069 recommends a nonce of the form
         # H(client-IP ":" time-stamp ":" private-key)
         dig = sha1()
-        dig.update(str(self.connection.addr))
+        dig.update(str(self.connection.addr).encode('latin-1'))
         dig.update(self._get_time())
         dig.update(self.noncekey)
         return dig.hexdigest()
diff --git a/src/ZEO/tests/auth_plaintext.py b/src/ZEO/tests/auth_plaintext.py
index e36989322..9bba99d04 100644
--- a/src/ZEO/tests/auth_plaintext.py
+++ b/src/ZEO/tests/auth_plaintext.py
@@ -26,7 +26,8 @@
 from ZEO.auth.base import Client, Database
 
 def session_key(username, realm, password):
-    return sha1("%s:%s:%s" % (username, realm, password)).hexdigest()
+    key = "%s:%s:%s" % (username, realm, password)
+    return sha1(key.encode('utf-8')).hexdigest().encode('ascii')
 
 class StorageClass(ZEOStorage):
 
@@ -36,7 +37,7 @@ def auth(self, username, password):
         except LookupError:
             return 0
 
-        password_dig = sha1(password).hexdigest()
+        password_dig = sha1(password.encode('utf-8')).hexdigest()
         if dbpw == password_dig:
             self.connection.setSessionKey(session_key(username,
                                                       self.database.realm,
diff --git a/src/ZEO/zrpc/smac.py b/src/ZEO/zrpc/smac.py
index eb81335e7..6834190d6 100644
--- a/src/ZEO/zrpc/smac.py
+++ b/src/ZEO/zrpc/smac.py
@@ -147,7 +147,7 @@ def hack():
             self.__hmac_send = hmac.HMAC(sesskey, digestmod=ZEO.hash)
             self.__hmac_recv = hmac.HMAC(sesskey, digestmod=ZEO.hash)
             if False:
-                yield ''
+                yield b''
 
         self.message_output(hack())