@janeannford My motive is to help the best crypto get in this project. I did get a little annoyed when I wrote the “straw man” post because @dirvine did not addresss my concerns and instead addressed what were to me straw men. It may have been the result of a misunderstanding, though. I did try to lay my emotions aside, but some may have leaked.
Anyways, I don’t understand the XOR part enough to give you a specific example of an attack on it. What I’m saying is that we’ve both agreed that, without the XOR, the scheme is insecure. So, the XOR is providing security. So, there are two points of failure: an attack on AES or an attack on the XOR part.
I wouldn’t mind the XOR so much if it really was just fluff – that is, if it was attacked, then an attacker would still have to attack AES. That is not the case – if an attack breaks XOR, there is an attack that bypasses AES.
At a higher level, why have an XOR step? If one is worried about AES being broken, why not encrypt using a different cipher as well? To choose the XOR over that, one would have to claim that the XOR process (for which I don’t see public peer-review) is more secure than that other cipher (many of these with peer-review exist).