Making encoding out of an authentication cipher

[EVERHART@Arisia.GCE.Com]

Had an interesting thought, maybe worth passing on for commentary.

(...since "authentication" ciphers are considered "harmless" by
those interested in spying on your info...)


Suppose you have a secure hash function H(msg) that delivers a random
long period set of hash bits for msg, which is computationally infeasible
to invert and such that the value of H(msg) depends very sensitively on
all bits of msg. These things are used for authentication and tend to be
all over the world.

Now suppose I have a key and apply the following transform, where "+"
will mean binary exclusive OR.

Cipher:
H(key) + M(1)	   = C(1)
H(key+M(1)) + M(2) = C(2)
H(key+M(2)) + M(3) = C(3)

and so on where M(n) is the message and C is the enciphered message.

Decipher:

H(key)      + C(1)  = M(1)
H(key+M(1)) + C(2)  = M(2)
H(key+M(2)) + C(3)  = M(3)

and so on.

If the hash function is cryptographically strong, is this or is this not
a strong cipher? Are there fast hash functions around?

Note that in doing disk encryption, one has also the disk block number
available, and even the offset in block, to be stuffed into the hash function
if one wants. In a serial message one has offset in message also. The only
piece of nontrivial software needed to implement it is the hash function
itself, which has been claimed to be useful only for authentication. If this
scheme is at all strong, the distinction is shown to be fairly useless.

I thought of this a couple days ago...thought I might ask if anyone knows
any of the answers. I do not, and am not knowledgeable in this area, save
VERY casually.