diff --git a/CHANGES b/CHANGES
index 5ead42c..aad5b9a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2.9.5 2016-10-13
+- add auth_aes128_md5 and auth_aes128_sha1
+
 2.9.4 2016-10-11
 - sync client version
 
diff --git a/shadowsocks/obfsplugin/auth.py b/shadowsocks/obfsplugin/auth.py
index a720065..dad22aa 100644
--- a/shadowsocks/obfsplugin/auth.py
+++ b/shadowsocks/obfsplugin/auth.py
@@ -1395,8 +1395,8 @@ class auth_aes128_sha1(auth_base):
         encryptor = encrypt.Encryptor(to_bytes(base64.b64encode(self.server_info.key)) + self.salt, 'aes-128-cbc', b'\x00' * 16)
         data = uid + encryptor.encrypt(data)[16:]
         data += hmac.new(mac_key, data, self.hashfunc).digest()[:4]
-        check_head = os.urandom(3)
-        check_head += hmac.new(mac_key, check_head, self.hashfunc).digest()[:4]
+        check_head = os.urandom(1)
+        check_head += hmac.new(mac_key, check_head, self.hashfunc).digest()[:6]
         data = check_head + data + os.urandom(rnd_len) + buf
         data += hmac.new(self.user_key, data, self.hashfunc).digest()[:4]
         return data
@@ -1483,8 +1483,8 @@ class auth_aes128_sha1(auth_base):
             if len(self.recv_buf) < 7:
                 return (b'', False)
             mac_key = self.server_info.recv_iv + self.server_info.key
-            sha1data = hmac.new(mac_key, self.recv_buf[:3], self.hashfunc).digest()[:4]
-            if sha1data != self.recv_buf[3:7]:
+            sha1data = hmac.new(mac_key, self.recv_buf[:1], self.hashfunc).digest()[:6]
+            if sha1data != self.recv_buf[1:7]:
                 if self.method == self.no_compatible_method:
                     if len(self.recv_buf) < 31 + self.extra_wait_size:
                         return (b'', False)
diff --git a/shadowsocks/tcprelay.py b/shadowsocks/tcprelay.py
index 271e47a..19a4af8 100644
--- a/shadowsocks/tcprelay.py
+++ b/shadowsocks/tcprelay.py
@@ -129,6 +129,7 @@ class TCPRelayHandler(object):
         server_info.obfs_param = config['obfs_param']
         server_info.iv = self._encryptor.cipher_iv
         server_info.recv_iv = b''
+        server_info.key_str = common.to_bytes(config['password'])
         server_info.key = self._encryptor.cipher_key
         server_info.head_len = 30
         server_info.tcp_mss = 1460
@@ -144,6 +145,7 @@ class TCPRelayHandler(object):
         server_info.obfs_param = ''
         server_info.iv = self._encryptor.cipher_iv
         server_info.recv_iv = b''
+        server_info.key_str = common.to_bytes(config['password'])
         server_info.key = self._encryptor.cipher_key
         server_info.head_len = 30
         server_info.tcp_mss = 1460
diff --git a/shadowsocks/udprelay.py b/shadowsocks/udprelay.py
index 6f59527..5e49ff4 100644
--- a/shadowsocks/udprelay.py
+++ b/shadowsocks/udprelay.py
@@ -907,6 +907,7 @@ class UDPRelay(object):
         server_info.obfs_param = ''
         server_info.iv = b''
         server_info.recv_iv = b''
+        server_info.key_str = common.to_bytes(config['password'])
         server_info.key = encrypt.encrypt_key(self._password, self._method)
         server_info.head_len = 30
         server_info.tcp_mss = 1440
diff --git a/shadowsocks/version.py b/shadowsocks/version.py
index be92758..73fcd12 100644
--- a/shadowsocks/version.py
+++ b/shadowsocks/version.py
@@ -16,5 +16,5 @@
 # under the License.
 
 def version():
-    return '2.9.4 update 2016-10-11'
+    return '2.9.5 2016-10-13'