> ... if someone gave me a cryptographically based argument for > appending the key. It's not cryptography so much as secure software engineering, I think. In practice that's just as important as sound mathematics.