diff --git a/hkexnet/consts.go b/hkexnet/consts.go
index cd90130..1bfbda0 100644
--- a/hkexnet/consts.go
+++ b/hkexnet/consts.go
@@ -95,6 +95,7 @@ const (
 	CAlgTwofish128 // golang.org/x/crypto/twofish
 	CAlgBlowfish64 // golang.org/x/crypto/blowfish
 	CAlgCryptMT1   //cryptmt using mtwist64
+	CAlgWanderer   // inhouse experimental crypto alg
 	CAlgNoneDisallowed
 )
 
diff --git a/hkexnet/hkexchan.go b/hkexnet/hkexchan.go
index 8fbf47b..fafb96e 100644
--- a/hkexnet/hkexchan.go
+++ b/hkexnet/hkexchan.go
@@ -20,9 +20,11 @@ import (
 	"hash"
 	"log"
 
+	"blitter.com/go/cryptmt"
+	"blitter.com/go/wanderer"
 	"golang.org/x/crypto/blowfish"
 	"golang.org/x/crypto/twofish"
-	"blitter.com/go/cryptmt"
+
 	// hash algos must be manually imported thusly:
 	// (Would be nice if the golang pkg docs were more clear
 	// on this...)
@@ -75,7 +77,6 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err
 		iv = keymat[aes.BlockSize : aes.BlockSize+ivlen]
 		rc = cipher.NewOFB(block, iv)
 		log.Printf("[cipher AES_256 (%d)]\n", copts)
-		break
 	case CAlgTwofish128:
 		keymat = expandKeyMat(keymat, twofish.BlockSize)
 		key = keymat[0:twofish.BlockSize]
@@ -84,7 +85,6 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err
 		iv = keymat[twofish.BlockSize : twofish.BlockSize+ivlen]
 		rc = cipher.NewOFB(block, iv)
 		log.Printf("[cipher TWOFISH_128 (%d)]\n", copts)
-		break
 	case CAlgBlowfish64:
 		keymat = expandKeyMat(keymat, blowfish.BlockSize)
 		key = keymat[0:blowfish.BlockSize]
@@ -102,11 +102,12 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err
 		iv = keymat[blowfish.BlockSize : blowfish.BlockSize+ivlen]
 		rc = cipher.NewOFB(block, iv)
 		log.Printf("[cipher BLOWFISH_64 (%d)]\n", copts)
-		break
 	case CAlgCryptMT1:
 		rc = cryptmt.NewCipher(keymat)
 		log.Printf("[cipher CRYPTMT1 (%d)]\n", copts)
-		break
+	case CAlgWanderer:
+		rc = wanderer.NewCodec(nil, nil, keymat, 3, 3)
+		log.Printf("[cipher WANDERER (%d)]\n", copts)
 	default:
 		log.Printf("[invalid cipher (%d)]\n", copts)
 		fmt.Printf("DOOFUS SET A VALID CIPHER ALG (%d)\n", copts)
@@ -123,7 +124,6 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err
 		if !halg.Available() {
 			log.Fatal("hash not available!")
 		}
-		break
 	case HmacSHA512:
 		log.Printf("[hash HmacSHA512 (%d)]\n", hopts)
 		halg := crypto.SHA512
@@ -131,7 +131,6 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err
 		if !halg.Available() {
 			log.Fatal("hash not available!")
 		}
-		break
 	default:
 		log.Printf("[invalid hmac (%d)]\n", hopts)
 		fmt.Printf("DOOFUS SET A VALID HMAC ALG (%d)\n", hopts)
diff --git a/hkexnet/hkexnet.go b/hkexnet/hkexnet.go
index ec1d7e1..7209a4e 100644
--- a/hkexnet/hkexnet.go
+++ b/hkexnet/hkexnet.go
@@ -258,6 +258,10 @@ func (hc *Conn) applyConnExtensions(extensions ...string) {
 			log.Println("[extension arg = C_CRYPTMT1]")
 			hc.cipheropts &= (0xFFFFFF00)
 			hc.cipheropts |= CAlgCryptMT1
+		case "C_WANDERER":
+			log.Println("[extension arg = C_WANDERER]")
+			hc.cipheropts &= (0xFFFFFF00)
+			hc.cipheropts |= CAlgWanderer
 		case "H_SHA256":
 			log.Println("[extension arg = H_SHA256]")
 			hc.cipheropts &= (0xFFFF00FF)
diff --git a/hkexshd/hkexshd.go b/hkexshd/hkexshd.go
index 441c0d9..f780a0b 100755
--- a/hkexshd/hkexshd.go
+++ b/hkexshd/hkexshd.go
@@ -35,12 +35,12 @@ import (
 )
 
 var (
-	version     string
-	gitCommit   string // set in -ldflags by build
-	
+	version   string
+	gitCommit string // set in -ldflags by build
+
 	useSysLogin bool
-	kcpMode string // set to a valid KCP BlockCrypt alg tag to use rather than TCP
-	
+	kcpMode     string // set to a valid KCP BlockCrypt alg tag to use rather than TCP
+
 	// Log - syslog output (with no -d)
 	Log *logger.Writer
 )