diff --git a/proxy/errors.go b/proxy/errors.go
index e4dca006..7b381aab 100644
--- a/proxy/errors.go
+++ b/proxy/errors.go
@@ -5,7 +5,6 @@ import (
 )
 
 var (
-	ErrInvalidAuthentication  = errors.New("Invalid authentication.")
 	ErrInvalidProtocolVersion = errors.New("Invalid protocol version.")
 	ErrAlreadyListening       = errors.New("Already listening on another port.")
 )
diff --git a/proxy/socks/protocol/socks.go b/proxy/socks/protocol/socks.go
index 755dd79f..5f4d869c 100644
--- a/proxy/socks/protocol/socks.go
+++ b/proxy/socks/protocol/socks.go
@@ -8,6 +8,7 @@ import (
 	"v2ray.com/core/common/log"
 	v2net "v2ray.com/core/common/net"
 	"v2ray.com/core/proxy"
+	"v2ray.com/core/common/crypto"
 )
 
 const (
@@ -70,13 +71,13 @@ func ReadAuthentication(reader io.Reader) (auth Socks5AuthenticationRequest, aut
 	auth.nMethods = buffer[1]
 	if auth.nMethods <= 0 {
 		log.Warning("Socks: Zero length of authentication methods")
-		err = proxy.ErrInvalidAuthentication
+		err = crypto.ErrAuthenticationFailed
 		return
 	}
 
 	if nBytes-2 != int(auth.nMethods) {
 		log.Warning("Socks: Unmatching number of auth methods, expecting ", auth.nMethods, ", but got ", nBytes)
-		err = proxy.ErrInvalidAuthentication
+		err = crypto.ErrAuthenticationFailed
 		return
 	}
 	copy(auth.authMethods[:], buffer[2:nBytes])
diff --git a/proxy/socks/protocol/socks_test.go b/proxy/socks/protocol/socks_test.go
index f204c92b..d47a4c3d 100644
--- a/proxy/socks/protocol/socks_test.go
+++ b/proxy/socks/protocol/socks_test.go
@@ -9,6 +9,7 @@ import (
 	v2net "v2ray.com/core/common/net"
 	"v2ray.com/core/proxy"
 	"v2ray.com/core/testing/assert"
+	"v2ray.com/core/common/crypto"
 )
 
 func TestHasAuthenticationMethod(t *testing.T) {
@@ -145,7 +146,7 @@ func TestZeroAuthenticationMethod(t *testing.T) {
 	buffer := alloc.NewBuffer()
 	buffer.AppendBytes(5, 0)
 	_, _, err := ReadAuthentication(buffer)
-	assert.Error(err).Equals(proxy.ErrInvalidAuthentication)
+	assert.Error(err).Equals(crypto.ErrAuthenticationFailed)
 }
 func TestWrongProtocolVersion(t *testing.T) {
 	assert := assert.On(t)
diff --git a/proxy/socks/server.go b/proxy/socks/server.go
index 3152aee4..61936853 100644
--- a/proxy/socks/server.go
+++ b/proxy/socks/server.go
@@ -7,6 +7,7 @@ import (
 
 	"v2ray.com/core/app"
 	"v2ray.com/core/app/dispatcher"
+	"v2ray.com/core/common/crypto"
 	"v2ray.com/core/common/errors"
 	v2io "v2ray.com/core/common/io"
 	"v2ray.com/core/common/loader"
@@ -171,8 +172,8 @@ func (v *Server) handleSocks5(clientAddr v2net.Destination, reader *v2io.Buffere
 		}
 		if status != byte(0) {
 			log.Warning("Socks: Invalid user account: ", upRequest.AuthDetail())
-			log.Access(clientAddr, "", log.AccessRejected, proxy.ErrInvalidAuthentication)
-			return proxy.ErrInvalidAuthentication
+			log.Access(clientAddr, "", log.AccessRejected, crypto.ErrAuthenticationFailed)
+			return crypto.ErrAuthenticationFailed
 		}
 	}
 
diff --git a/transport/internet/kcp/crypt.go b/transport/internet/kcp/crypt.go
index 4d6d7e55..7f5f4e2e 100644
--- a/transport/internet/kcp/crypt.go
+++ b/transport/internet/kcp/crypt.go
@@ -4,14 +4,10 @@ import (
 	"crypto/cipher"
 	"hash/fnv"
 
-	"v2ray.com/core/common/errors"
+	"v2ray.com/core/common/crypto"
 	"v2ray.com/core/common/serial"
 )
 
-var (
-	errInvalidAuth = errors.New("Invalid auth.")
-)
-
 // SimpleAuthenticator is a legacy AEAD used for KCP encryption.
 type SimpleAuthenticator struct{}
 
@@ -68,12 +64,12 @@ func (v *SimpleAuthenticator) Open(dst, nonce, cipherText, extra []byte) ([]byte
 	fnvHash := fnv.New32a()
 	fnvHash.Write(dst[4:])
 	if serial.BytesToUint32(dst[:4]) != fnvHash.Sum32() {
-		return nil, errInvalidAuth
+		return nil, crypto.ErrAuthenticationFailed
 	}
 
 	length := serial.BytesToUint16(dst[4:6])
 	if len(dst)-6 != int(length) {
-		return nil, errInvalidAuth
+		return nil, crypto.ErrAuthenticationFailed
 	}
 
 	return dst[6:], nil