Okay, this thing got public so it's time to make the RC4 rugged. Not
that I'd know about something that would break current implementation,
but it's nice to at least do the recommended discard correctly.
We'll probably be adding better symmetric ciphers anyway.
Note that this is an incompatible change (again). FMTSeq private keys
will need to be replaced. Existing signature validity doesn't change.
Encrypted messages will not be possible to decrypt.
to avoid possible known plaintext attacks on the symmetric cipher when
beginning of the ciphertext is known (which is a common situation, e.g.
when sign+encrypting)
Mirek Kratochvil