The newest version of the ESP header first encrypts the encrypted-data and then applies an authentication transform to the hash-data, next we examine the reverse process. The idea is to encrypt some information, in this case, a hash that when decrypted, can be verified to be correct. The hash-value can be used to verify that the information that was decrypted is in fact the information that was encrypted. Note that in general, the hash-value does not contain any special properties for use in this verification process and that any value that was expected to be encrypted and then correctly decrypted would also suffice. In particular, a second shared secret key could be used instead of the hash-value in our proof. In this case the authentication computations are not needed. A shared secret key can also be used instead of a hash-value, while this is true it is not recommended for use with IP headers. Typically, encryption algorithms are used in combination with encryption block modes which allow an association between different encrypted blocks of the same message (see  for details). A commonly used mode, Cipher Block Chaining (CBC), has a self correcting property which would allow an attacker to cut and paste early encrypted blocks without effecting the decryption of later encrypted blocks. Hence, the blocks containing a key might decrypt correctly even though part of the ciphertext was modified. This type of attack highlights the importance of integrity checks over data in IP packets for guaranteeing confidentiality.