A system for authenticating a document, D. A trusted party applies an algorithm to D, for example, by treating each byte of data within D as a number, and treating the numbers as inputs to the algorithm. The trusted party obtains a result from the algorithm, termed a Message Authentication Code, MAC. The trusted party gives a courier both (1) D and (2) the MAC, as by loading both into a portable computer carried by the courier. The courier delivers both D and MAC to a recipient, who is equipped with the identical algorithm. The recipient applies the algorithm to D. If the recipient obtains the MAC, the recipient concludes that no tampering of D occurred. The reason is that successful tampering requires the courier to replace MAC with a fabricated MAC(fab). MAC(fab) must possess the characteristic that the algorithm would produce MAC(fab) when applied to the tampered document D. However, since the courier does not know the algorithm, and since the number of possible algorithms is nearly infinite, the courier cannot produce MAC(fab).