The One-Time Pad

In cryptography, the one-time pad is an encryption technique that cannot be cracked, but requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent. In this technique, a plaintext is paired with a random secret key (also referred to as a one-time pad). Then, each bit or character of the plaintext is encrypted by combining it with the corresponding bit or character from the pad using modular addition. If the key is truly random, is at least as long as the plaintext, is never reused in whole or in part, and is kept completely secret, then the resulting ciphertext will be impossible to decrypt or break.

There are two significant issues with using the one-time pad for communication. The first is generating a truly random key. While a true random key is difficult to generate, a pseudorandom sequence with a long enough period may offer practical security if not perfect security. The Khan Academy videos on cryptography explain in greater detail the theory behind the one-time pad. The second issue is distribution of the one-time pad. If we have a secure way of transmitting the one-time pad, which must be as long as the message, then why not use that method to transmit the message itself. But if we exchange a one-time pad ins a face-to-face meeting it can be used at a later time for secure communication.

Dirk Rijmenants has an explanation of the one-time pad on his Cipher Machines and Cryptology web-site. His paper, The Complete Guide to Secure Communications with the One Time Pad Cipher is an excellent guide to using the one-time pad for real-world secure communication. Now in most cases we will use computer-based encrypted communications, but if there is a need for strong encryption when a computer cannot be used; and if we can overcome the problems of random key generation and distribution, the one-time pad is a useful tool for protecting our sensitive communications.

One place to obtain random strings is RANDOM.ORG. Random.Org offers true random numbers to anyone on the Internet. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs.