diff --git a/libp2p/Host.cpp b/libp2p/Host.cpp
index 67a701eb3..b0bf097fb 100644
--- a/libp2p/Host.cpp
+++ b/libp2p/Host.cpp
@@ -419,8 +419,8 @@ void PeerHandshake::transition(boost::system::error_code _ech)
 		{
 			clog(NetConnect) << "devp2p.connect.ingress recving auth";
 			// ingress: rx auth
-			authCipher.resize(321);
-			ba::async_read(*socket, ba::buffer(authCipher, 321), [this, self](boost::system::error_code ec, std::size_t)
+			authCipher.resize(307);
+			ba::async_read(*socket, ba::buffer(authCipher, 307), [this, self](boost::system::error_code ec, std::size_t)
 			{
 				if (ec)
 					transition(ec);
@@ -457,8 +457,8 @@ void PeerHandshake::transition(boost::system::error_code _ech)
 		{
 			clog(NetConnect) << "devp2p.connect.egress recving ack";
 			// egress: rx ack
-			ackCipher.resize(225);
-			ba::async_read(*socket, ba::buffer(ackCipher, 225), [this, self](boost::system::error_code ec, std::size_t)
+			ackCipher.resize(210);
+			ba::async_read(*socket, ba::buffer(ackCipher, 210), [this, self](boost::system::error_code ec, std::size_t)
 			{
 				if (ec)
 					transition(ec);
@@ -532,14 +532,22 @@ void PeerHandshake::transition(boost::system::error_code _ech)
 		bytesConstRef(&ingressCipher).copyTo(keyMaterial.cropped(h256::size, ingressCipher.size()));
 		k->ingressMac = sha3(keyMaterial);
 		
+		
+		
+		
 		// This test will be replaced with protocol-capabilities information (was Hello packet)
 		// TESTING: send encrypt magic sequence
 		bytes magic {0x22,0x40,0x08,0x91};
+		
+		
+		// rlpx encrypt
 		encryptSymNoAuth(k->encryptK, &magic, k->magicCipherAndMac, h128());
 		k->magicCipherAndMac.resize(k->magicCipherAndMac.size() + 32);
 		sha3mac(k->egressMac.ref(), &magic, k->egressMac.ref());
 		k->egressMac.ref().copyTo(bytesRef(&k->magicCipherAndMac).cropped(k->magicCipherAndMac.size() - 32, 32));
 		
+		
+		
 		clog(NetConnect) << "devp2p.connect.egress txrx magic sequence";
 		k->recvdMagicCipherAndMac.resize(k->magicCipherAndMac.size());
 		
diff --git a/test/crypto.cpp b/test/crypto.cpp
index 4a9a9dc80..ebe8db6c5 100644
--- a/test/crypto.cpp
+++ b/test/crypto.cpp
@@ -228,6 +228,42 @@ BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1)
 	}
 }
 
+BOOST_AUTO_TEST_CASE(rlpx_sha3_norestart)
+{
+	CryptoPP::SHA3_256 ctx;
+	bytes input(asBytes("test"));
+	ctx.Update(input.data(), 4);
+	CryptoPP::SHA3_256 ctxCopy(ctx);
+	bytes interimDigest(32);
+	ctx.Final(interimDigest.data());
+	ctx.Update(input.data(), 4);
+	bytes firstDigest(32);
+	ctx.Final(firstDigest.data());
+	BOOST_REQUIRE(interimDigest == firstDigest);
+	
+	ctxCopy.Update(input.data(), 4);
+	bytes finalDigest(32);
+	ctxCopy.Final(interimDigest.data());
+	BOOST_REQUIRE(interimDigest != finalDigest);
+	
+	// we can do this another way -- copy the context for final
+	ctxCopy.Update(input.data(), 4);
+	ctxCopy.Update(input.data(), 4);
+	CryptoPP::SHA3_256 finalCtx(ctxCopy);
+	bytes finalDigest2(32);
+	finalCtx.Final(finalDigest2.data());
+	BOOST_REQUIRE(finalDigest2 == interimDigest);
+	ctxCopy.Update(input.data(), 4);
+	bytes finalDigest3(32);
+	finalCtx.Final(finalDigest3.data());
+	BOOST_REQUIRE(finalDigest2 != finalDigest3);
+}
+
+BOOST_AUTO_TEST_CASE(rlpx_updatemac_aesecb_sha3)
+{
+	
+}
+
 BOOST_AUTO_TEST_CASE(ecies_interop_test)
 {
 	CryptoPP::SHA256 sha256ctx;