one-time pad

In cryptography, a one-time pad is a system in which a private key generated randomly is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key. Messages encrypted with keys based on randomness have the advantage that there is theoretically no way to "break the code" by analyzing a succession of messages. Each encryption is unique and bears no relation to the next encryption so that some pattern can be detected. With a one-time pad, however, the decrypting party must have access to the same key used to encrypt the message and this raises the problem of how to get the key to the decrypting party safely or how to keep both keys secure. One-time pads have sometimes been used when the both parties started out at the same physical location and then separated, each with knowledge of the keys in the one-time pad. The key used in a one-time pad is called a secret key because if it is revealed, the messages encrypted with it can easily be deciphered. One-time pads figured prominently in secret message transmission and espionage before and during World War II and in the Cold War era. On the Internet, the difficulty of securely controlling secret keys led to the invention of public key cryptography.

How It Works

Typically, a one-time pad is created by generating a string of characters or numbers that will be at least as long as the longest message that may be sent. This string of values is generated in some random fashion - for example, by someone pulling numbered balls out of a lottery machine or by using a computer program with a random number generator. The values are written down on a pad (or any device that someone can read or use). The pads are given to anyone who may be likely to send or receive a message. Typically, a pad may be issued as a collection of keys, one for each day in a month, for example, with one key expiring at the end of each day or as soon as it has been used once.

When a message is to be sent, the sender uses the secret key to encrypt each character, one at a time. If a computer is used, each bit in the character (which is usually eight bits in length) is exclusively "OR'ed" with the corresponding bit in the secret key. (With a one-time pad, the encryption algorithm is simply the XOR operation. Where there is some concern about how truly random the key is, it is sometimes combined with another algorithm such as MD5.) One writer describes this kind of encryption as a "100% noise source" used to mask the message. Only the sender and receiver have the means to remove the noise. Once the one-time pad is used, it can't be reused. If it is reused, someone who intercepts multiple messages can begin to compare them for similar coding for words that may possibly occur in both messages.

This was last updated in April 2005

Dig Deeper on Identity and access management