diff --git a/data/agent/agent.ps1 b/data/agent/agent.ps1
index a883a46..9ac51a0 100644
--- a/data/agent/agent.ps1
+++ b/data/agent/agent.ps1
@@ -523,7 +523,8 @@ function Invoke-Empire {
         $AES.Key = $encoding.GetBytes($SessionKey);
         $AES.IV = $IV;
         $ciphertext = $IV + ($AES.CreateEncryptor()).TransformFinalBlock($bytes, 0, $bytes.Length);
-        $hmac = New-Object System.Security.Cryptography.HMACMD5;
+        # append the MAC
+        $hmac = New-Object System.Security.Cryptography.HMACSHA1;
         $hmac.Key = $encoding.GetBytes($SessionKey);
         $ciphertext + $hmac.ComputeHash($ciphertext);
     } 
@@ -532,9 +533,9 @@ function Invoke-Empire {
         param ($inBytes)
         if($inBytes.Length -gt 32){
             # Verify the MAC
-            $mac = $inBytes[-16..-1];
-            $inBytes = $inBytes[0..($inBytes.length - 17)];
-            $hmac = New-Object System.Security.Cryptography.HMACMD5;
+            $mac = $inBytes[-20..-1];
+            $inBytes = $inBytes[0..($inBytes.length - 21)];
+            $hmac = New-Object System.Security.Cryptography.HMACSHA1;
             $hmac.Key = $encoding.GetBytes($SessionKey);
             $expected = $hmac.ComputeHash($inBytes);
             if (@(Compare-Object $mac $expected -sync 0).Length -ne 0){
diff --git a/lib/common/encryption.py b/lib/common/encryption.py
index f9fa1b9..156909d 100644
--- a/lib/common/encryption.py
+++ b/lib/common/encryption.py
@@ -76,7 +76,7 @@ def aes_encrypt_then_mac(key, data):
     Encrypt the data then calculate HMAC over the ciphertext.
     """
     data = aes_encrypt(key, data)
-    mac = hmac.new(str(key), data, hashlib.md5).digest()
+    mac = hmac.new(str(key), data, hashlib.sha1).digest()
     return data + mac
 
 
@@ -95,10 +95,10 @@ def verify_hmac(key, data):
     """
     Verify the HMAC supplied in the data with the given key.
     """
-    if len(data) > 16:
-        mac = data[-16:]
-        data = data[:-16]
-        expected = hmac.new(str(key), data, hashlib.md5).digest()
+    if len(data) > 20:
+        mac = data[-20:]
+        data = data[:-20]
+        expected = hmac.new(str(key), data, hashlib.sha1).digest()
         # Double HMAC to prevent timing attacks. hmac.compare_digest() is
         # preferable, but only available since Python 2.7.7.
         return hmac.new(str(key), expected).digest() == hmac.new(str(key), mac).digest()
@@ -111,7 +111,7 @@ def aes_decrypt_and_verify(key, data):
     Decrypt the data, but only if it has a valid MAC.
     """
     if len(data) > 32 and verify_hmac(key, data):
-        return aes_decrypt(key, data[:-16])
+        return aes_decrypt(key, data[:-20])
 
     raise Exception("Invalid ciphertext received.")