diff --git a/SSU.cpp b/SSU.cpp
index 94dbcfb7..5509b96e 100644
--- a/SSU.cpp
+++ b/SSU.cpp
@@ -20,7 +20,7 @@ namespace ssu
 	{
 	}
 
-	void SSUSession::CreateAESKey (uint8_t * pubKey, uint8_t * aesKey) // TODO: move it to base class for NTCP and SSU
+	void SSUSession::CreateAESandMacKey (uint8_t * pubKey, uint8_t * aesKey, uint8_t * macKey)
 	{
 		CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
 		CryptoPP::SecByteBlock secretKey(dh.AgreedValueLength());
@@ -34,9 +34,13 @@ namespace ssu
 		{
 			aesKey[0] = 0;
 			memcpy (aesKey + 1, secretKey, 31);
+			memcpy (macKey, secretKey + 31, 32);
 		}	
-		else	
+		else
+		{	
 			memcpy (aesKey, secretKey, 32);
+			memcpy (macKey, secretKey + 32, 32);
+		}
 	}		
 
 	void SSUSession::ProcessNextMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint)
@@ -172,7 +176,7 @@ namespace ssu
 				SSUHeader * header = (SSUHeader *)buf;
 				if ((header->flag >> 4) == expectedPayloadType)
 				{
-					CreateAESKey (buf + sizeof (SSUHeader), m_SessionKey);	
+					CreateAESandMacKey (buf + sizeof (SSUHeader), m_SessionKey, m_MacKey);	
 					return true;				
 				}
 				else
diff --git a/SSU.h b/SSU.h
index 1dcf536e..2c797804 100644
--- a/SSU.h
+++ b/SSU.h
@@ -63,7 +63,7 @@ namespace ssu
 
 		private:
 
-			void CreateAESKey (uint8_t * pubKey, uint8_t * aesKey); // TODO: shouldn't be here
+			void CreateAESandMacKey (uint8_t * pubKey, uint8_t * aesKey, uint8_t * macKey); 
 
 			void ProcessSessionRequest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
 			void SendSessionRequest ();
@@ -83,7 +83,7 @@ namespace ssu
 			SessionState m_State;	
 			CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption m_Encryption;	
 			CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption m_Decryption;	
-			uint8_t m_SessionKey[32];
+			uint8_t m_SessionKey[32], m_MacKey[32];
 	};
 
 	class SSUServer