Problem solve Get help with specific problems with your technologies, process and projects.

One-time pads explained

Is it true that only one-time pads guarantee unbreakable encryption?

A one-time pad is the only encryption system that is mathematically proven to be unbreakable. But alas, no company sells one-time pads as an encryption system, because they are just not worth the effort.

Here is how it all works

A one-time pad is nothing more than a big buffer of random numbers. Since we're talking about computer systems, let's just assume that it's a CD full of random bits. However, this doesn't need to be so. In WWII, they used tables of 1-26, so they work well with letters. If you are interested in this, you definitely should read Leo Marks' book Between Silk and Cyanide.

If you want to encrypt a message, you take a set of random bytes from your table, and you mix them with your message. On a computer, we typically XOR them onto the data, but arithmetic would work as well. If you were using Marks' tables, you'd add them. So if your message letter was an A and the random byte was a four, that would become an E. It's a very simple process.

Now then, here come the hard parts. First of all, you must never re-use a one-time pad. Really. Never. The Russians made this mistake a few times, and the American intelligence agencies broke a lot of their messages, because they used one-time pads twice. There is a fascinating discussion of this on the Web, called the Venona project.

Next, you need to destroy your one-time pads as soon as they are used. Leo Marks printed his on thin squares of silk, so they could be easily and quickly burned, as well as easily hidden. If your adversary gets a hold of the pads, you might as well not have bothered.

Read Jon's complete answer.

For more info on this topic, check out these SearchSecurity.com resources:
  • Best Web Links: Encryption
  • Guest Commentary: IPSec and SSL: Complementary approaches to ensure digital data protection and integrity
  • Guest Commentary: IPSec and SSL: Complementary approaches to data protection, part two

  • This was last published in September 2003

    Dig Deeper on Disk and file encryption tools

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.