Q
Problem solve Get help with specific problems with your technologies, process and projects.

Is it true that only one-time pads guarantee unbreakable encryption?

A one-time pad is the only encryption system that is mathematically proven to be unbreakable. But alas, no company sells one-time pads as an encryption system, because they are just not worth the effort.

Here is how it all works

A one-time pad is nothing more than a big buffer of random numbers. Since we're talking about computer systems, let's just assume that it's a CD full of random bits. However, this doesn't need to be so. In WWII, they used tables of 1-26, so they work well with letters. If you are interested in this, you definitely should read Leo Marks' book Between Silk and Cyanide.

If you want to encrypt a message, you take a set of random bytes from your table, and you mix them with your message. On a computer, we typically XOR them onto the data, but arithmetic would work as well. If you were using Marks' tables, you'd add them. So if your message letter was an A and the random byte was a four, that would become an E. It's a very simple process.

Now then, here come the hard parts. First of all, you must never re-use a one-time pad. Really. Never. The Russians made this mistake a few times, and the American intelligence agencies broke a lot of their messages, because they used one-time pads twice. There is a fascinating discussion of this on the Web, called the Venona project.

Next, you need to destroy your one-time pads as soon as they are used. Leo Marks printed his on thin squares of silk, so they could be easily and quickly burned, as well as easily hidden. If your adversary gets a hold of the pads, you might as well not have bothered.

• Guest Commentary: IPSec and SSL: Complementary approaches to ensure digital data protection and integrity
• Guest Commentary: IPSec and SSL: Complementary approaches to data protection, part two

• This was last published in September 2003

#### Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

At RSA Conference 2018, CyberArk researchers described how threat actors are able to gain access to cloud environments and ...

• ### How enterprises should handle GDPR compliance in the cloud

GDPR compliance in the cloud can be an intimidating concept for some enterprises, but it doesn't have to be. Rob Shapland ...

• ### Compromised cloud credentials still plaguing enterprises

Why are enterprises still struggling with identity and access management in the cloud? Experts at RSA Conference discuss the ...

## SearchNetworking

A rare government alert that Russian hackers are targeting routers in the United States and the United Kingdom has security ...

• ### Analyst balks at blockchain distributed ledger in networking

Blockchain distributed ledger technology is untested, unproven and overly complex, making it unsuitable for networking, ...

• ### Network-as-a-service market blossoms as demands grow

The network-as-a-service market is attracting more attention, as enterprises look for ways to outsource some of their ...

## SearchCIO

• ### Workplace 'mindfulness' as coping mechanism for AI disruption

Two tech titans investing in the AI tools that automate jobs are also sinking money into workplace mindfulness programs aimed at ...

• ### RSA 2018: Juniper CEO stresses training, automation in cybersecurity

During his RSA Conference keynote, Juniper CEO Rami Rahim encouraged leaders to be "agents of change" that embrace automation in ...

• ### Will the next act in the ongoing evolution of IT be its last?

The evolution of IT keeps on keeping on -- for now. But as technology becomes more integral to the business, the IT department ...

## SearchEnterpriseDesktop

• ### Spectre and Meltdown vulnerabilities show haste makes waste

When the Meltdown and Spectre vulnerabilities came to light, everyone scrambled to find a fix. As a result, the patching process ...

• ### Workflow automation software improves LA court productivity

Court's in session, and the jury is unanimous: Automation software can help IT departments provide simpler workflows for end ...

• ### How to create a custom Windows 10 image for deployment

IT pros can build a Windows 10 image with custom apps, Start menu tools and more that they can easily deliver throughout the ...

## SearchCloudComputing

• ### IaaS and PaaS blurred lines increase lock-in risks

There are three distinct cloud service categories: IaaS, PaaS and SaaS. However, IaaS and PaaS are getting a little too close, ...

• ### Single pane of glass for multi-cloud management still elusive

Unified management for multi-cloud remains a work in progress. Vendors have yet to produce the perfect single-pane-of-glass tool ...

• ### Microsoft takes holistic approach to IoT security concerns

Azure Sphere extends security from the cloud to the device. It's the most holistic approach on the market and provides another ...

## ComputerWeekly.com

• ### Executive interview: Werner Knoblich, Red Hat

Red Hat is 25 years old. We speak to its European chief about how open source, containers and hybrid cloud computing represent ...

• ### Capita’s £500m loss raises more questions for outsourcing

The latest loss announced by Capita adds uncertainty to an outsourcing sector already tarnished by the collapse of Carillion

• ### Nearly half of UK manufacturers hit by cyber attacks

Nearly half of UK manufacturers have been hit by a cyber security incident, according to a report by an industry organisation, ...

Close