diff --git a/component/generater/cmd.go b/component/generater/cmd.go
index ad219880..fdf14855 100644
--- a/component/generater/cmd.go
+++ b/component/generater/cmd.go
@@ -51,12 +51,13 @@ func Main(args []string) {
 		if len(args) > 1 {
 			seed = args[1]
 		}
-		seedBase64, clientBase64, err := encryption.GenMLKEM768(seed)
+		seedBase64, clientBase64, hash11Base64, err := encryption.GenMLKEM768(seed)
 		if err != nil {
 			panic(err)
 		}
 		fmt.Println("Seed: " + seedBase64)
 		fmt.Println("Client: " + clientBase64)
+		fmt.Println("Hash11: " + hash11Base64)
 	case "vless-x25519":
 		var privateKey string
 		if len(args) > 1 {
@@ -66,7 +67,7 @@ func Main(args []string) {
 		if err != nil {
 			panic(err)
 		}
-		fmt.Println("PrivateKey:" + privateKeyBase64)
-		fmt.Println("Password:" + passwordBase64)
+		fmt.Println("PrivateKey: " + privateKeyBase64)
+		fmt.Println("Password: " + passwordBase64)
 	}
 }
diff --git a/listener/inbound/vless_test.go b/listener/inbound/vless_test.go
index b58c9752..4ac9654b 100644
--- a/listener/inbound/vless_test.go
+++ b/listener/inbound/vless_test.go
@@ -89,7 +89,7 @@ func TestInboundVless_TLS(t *testing.T) {
 }
 
 func TestInboundVless_Encryption(t *testing.T) {
-	seedBase64, clientBase64, err := encryption.GenMLKEM768("")
+	seedBase64, clientBase64, _, err := encryption.GenMLKEM768("")
 	if err != nil {
 		t.Fatal(err)
 		return
diff --git a/transport/vless/encryption/key.go b/transport/vless/encryption/key.go
index 94b650e4..c1cab173 100644
--- a/transport/vless/encryption/key.go
+++ b/transport/vless/encryption/key.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 
 	"github.com/metacubex/utls/mlkem"
+	"golang.org/x/crypto/sha3"
 )
 
 const MLKEM768SeedLength = mlkem.SeedSize
@@ -14,7 +15,7 @@ const MLKEM768ClientLength = mlkem.EncapsulationKeySize768
 const X25519PasswordSize = 32
 const X25519PrivateKeySize = 32
 
-func GenMLKEM768(seedStr string) (seedBase64, clientBase64 string, err error) {
+func GenMLKEM768(seedStr string) (seedBase64, clientBase64, hash11Base64 string, err error) {
 	var seed [MLKEM768SeedLength]byte
 	if len(seedStr) > 0 {
 		s, _ := base64.RawURLEncoding.DecodeString(seedStr)
@@ -31,9 +32,11 @@ func GenMLKEM768(seedStr string) (seedBase64, clientBase64 string, err error) {
 	}
 
 	key, _ := mlkem.NewDecapsulationKey768(seed[:])
-	pub := key.EncapsulationKey()
+	client := key.EncapsulationKey().Bytes()
+	hash32 := sha3.Sum256(client)
 	seedBase64 = base64.RawURLEncoding.EncodeToString(seed[:])
-	clientBase64 = base64.RawURLEncoding.EncodeToString(pub.Bytes())
+	clientBase64 = base64.RawURLEncoding.EncodeToString(client)
+	hash11Base64 = base64.RawURLEncoding.EncodeToString(hash32[:11])
 	return
 }