auth/aescbc already includes anti-tampering checks, based on SHA1 which is better than MD5.
But aescbc was never intended to last this long; it was a temporary measure until NIST settled on a common mode of operation, presumably CTR rather than CBC. It's not clear yet if mode (or the hash function) is settled. Also, aescbc was intended mainly for secstore. We wanted something small enough to audit. For exchange with others, or even yourself on other systems, I agree that PGP or S/MIME is the way to go. Eric
