diff --git a/Makefile b/Makefile
index fc2efd0..3ab910d 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-VERSION := 0.9.3
+VERSION := 0.9.4
 .PHONY: lint vis clean common client server passwd subpkgs install uninstall reinstall
 
 ## Tag version of binaries with build info wrt.
diff --git a/xsnet/chan.go b/xsnet/chan.go
index 819083d..6e5a0f3 100644
--- a/xsnet/chan.go
+++ b/xsnet/chan.go
@@ -105,9 +105,11 @@ func (hc *Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err er
 		log.Printf("[cipher BLOWFISH_64 (%d)]\n", copts)
 	case CAlgCryptMT1:
 		rc = cryptmt.New(nil, nil, keymat)
+		//NOTE: this alg is not based on block cipher, no IV
 		log.Printf("[cipher CRYPTMT1 (%d)]\n", copts)
 	case CAlgHopscotch:
 		rc = hopscotch.New(nil, nil, 4, keymat)
+		//NOTE: this alg is not based on block cipher, no IV
 		log.Printf("[cipher HOPSCOTCH (%d)]\n", copts)
 	case CAlgChaCha20_12:
 		keymat = expandKeyMat(keymat, chacha.KeySize)
@@ -152,7 +154,7 @@ func (hc *Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err er
 		//os.Exit(1)
 	}
 
-	if err != nil {
+	if err == nil && ivlen > 0 {
 		// Feed the IV into the hmac: all traffic in the connection must
 		// feed its data into the hmac afterwards, so both ends can xor
 		// that with the stream to detect corruption.