Fix docs

doc/Design.md

@@ -246,18 +246,18 @@ repository password. This is then used with `scrypt`, a key derivation function
 bytes. The first 32 bytes are used as the encryption key (for AES-256) and the
 last 32 bytes are used as the message authentication key (for Poly1305-AES).
 These last 32 bytes are divided into a 16 byte AES key `k` followed by 16 bytes
-of secret key `r`. They key `r` is then masked for use with Poly1305 (see the
+of secret key `r`. The key `r` is then masked for use with Poly1305 (see the
 paper for details).
 
-This message authentication key (`k` and `r`) is used to compute a MAC over the
+Those message authentication keys (`k` and `r`) are used to compute a MAC over
-bytes contained in the JSON field `data` (after removing the Base64 encoding
+the bytes contained in the JSON field `data` (after removing the Base64
-and not including the last 32 byte). If the password is incorrect or the key
+encoding and not including the last 32 byte). If the password is incorrect or
-file has been tampered with, the computed MAC will not match the last 16 bytes
+the key file has been tampered with, the computed MAC will not match the last
-of the data, and restic exits with an error. Otherwise, the data is decrypted
+16 bytes of the data, and restic exits with an error. Otherwise, the data is
-with the encryption key derived from `scrypt`. This yields a JSON document
+decrypted with the encryption key derived from `scrypt`. This yields a JSON
-which contains the master encryption and message authentication keys for this
+document which contains the master encryption and message authentication keys
-repository (encoded in Base64). The command `restic cat masterkey` can be used
+for this repository (encoded in Base64). The command `restic cat masterkey` can
-as follows to decrypt and pretty-print the master key:
+be used as follows to decrypt and pretty-print the master key:
 
     $ restic -r /tmp/restic-repo cat masterkey
     {