diff --git a/source/bforce/prot_binkp.c b/source/bforce/prot_binkp.c
index 2f4b629..b6dac29 100644
--- a/source/bforce/prot_binkp.c
+++ b/source/bforce/prot_binkp.c
@@ -140,6 +140,7 @@ int binkp_loop(s_binkp_state *bstate) {
                     return PRC_ERROR;
                 }
                 writebuf[1] = block_length&0xff;
+                // TODO: FIX unprotected mode
                 if (bstate->mode==bmode_transfer && bstate->remote_data->options&BINKP_OPT_CRYPT)
                     encrypt_buf(writebuf, have_to_write, bstate->remote_data->keys_out);
             }
@@ -209,6 +210,7 @@ int binkp_loop(s_binkp_state *bstate) {
                 log("read: remote socket shutdown");
                 return PRC_REMOTEABORTED;
             }
+            // TODO: FIX unprotected mode
             if (bstate->mode==bmode_transfer && bstate->remote_data->options & BINKP_OPT_CRYPT) {
                 decrypt_buf(readbuf+read_pos, n, bstate->remote_data->keys_in);
                 } else {
@@ -520,27 +522,47 @@ case 3: // send password on outgoing or pw confirmation on incoming
 
 
 case 4:
+        char *p;
+        char pbuf[32];
+        int pwset = 0;
+        
         if (bstate->mode==bmode_incoming_handshake) {
             DEB((D_24554, "incoming handshake is complete"));
             bstate->complete = true;
-            char *p;
-            char pbuf[32];
+            
             for (i=0;i<state.n_remoteaddr;i++)
                 if( !session_get_password(state.remoteaddrs[i].addr, pbuf, sizeof(pbuf)) ){
+					pwset = 1;
                     init_keys(bstate->remote_data->keys_in, pbuf?pbuf:"-");
                     init_keys(bstate->remote_data->keys_out,  "-");
                     for (p=pbuf?pbuf:"-"; *p; p++)
                         update_keys(bstate->remote_data->keys_out, (int)*p);
                 }
+            //TODO: FIX incoming options 
         }
         else {
+			//TODO: Fix outgoing options
             DEB((D_24554, "outgoing handshake: everything is sent"));
+            for (i=0;i<state.n_remoteaddr;i++)
+                if( !session_get_password(state.remoteaddrs[i].addr, pbuf, sizeof(pbuf)) ){
+                    pwset = 1;
+                }
+           
         }
+        // We have password-protected link. Remote options are already set,
+        // Now we determine how to CRYPT or not to CRYPT our file transfer
+        // Our CRYPT flag is always sent, so if the other side have CRYPT
+        // and link is password is set - The CRYPT must be
+        // Literally: if we have no pass -> drop the CRYPT flag
+        if ( !pwset ) {
+			DEB((D_24554, "binkp handshake: password NOT set, dropping CRYPT"));
+			bstate->remote_data->options &= !BINKP_OPT_CRYPT;	
+		}
         return 2;
         }
 
     }
-    else if (bstate->mode == bmode_transfer) {
+else if (bstate->mode == bmode_transfer) {
 
         switch (bstate->phase) {
             send_next_file: