[E-Lang] Combining strong authentication and secrecy protocols.

[hal@finney.org]

Ben writes:
> The actual algorithm is to XOR all the plaintext blocks together, and
> use that in place of the last plaintext block. The last block should
> include a checksum. Hence, any change to the plaintext anywhere will
> corrupt the last block and invalidate the checksum.

Just be careful with these xor based checkums that you don't try to
use them with an xor based stream cipher like RC4!  That was one of the
main factors in the break of the wireless protocol by a group including
David Wagner.  The attacker can xor into the ciphertext and it will go
through as a corresponding xor to the plaintext; he can then compensate
by xoring the checksum and the change won't be noticed.

Hal