suppose that someone suggests the following way to confirm that the two of you are both in possession of the same secret key . you create a random bit string the length of the key , XOR it with the key , and send the result over the channel . your partner XORs the incoming block with the key ( which should be the same as your key) and sends it back . you partner has the same secret key , yet neither of you has ever transmitted the key . is there a flaw in this scheme ?