One-Time Pad is extremely simple, taking the values of one block of data and adding it to another of equal or greater size. The result need only be subtracted by the recipient in order to view the original file.
- Benefits: Properly used, invulnerable to all types of attacks save gaining access to the key file. The user can simply discard the key to make the encoded file irretrievable as the key is far too large to be remembered.
- Vulnerabilities: Like Symmetric, the key file must be shared and is often cumbersome – placed on a CD or diskette – instead of a simple phrase or handfull of characters. The key can only be used once safely – after this, parts of the file content can be subjected to a Traffic Analysis Attack. While the file’s content is still hard to find, parts of the message or a basic idea of what it contains, can be determined.
If the key is lost, the file will likely never be retrieved where other cryptosystems at least have a hope of one day being decypted.
This process has two requrements:
- They key must be made up of truly random data.
- The key must be at least equal in size to the item it is added to. This can make it difficult to transport for larger files.
Related TD123 Article
- Comments on One-Time Pad from noted cryptographer Bruce Schneier
- A program that tries to find if random numbers are truly random: ComScire RNGmeter. Great for checking the randomness of a a one-time pad key. Something like this is probably running on SETI@Home. Comscire home page and direct download mirror.
TakeDown.NET -> “One-Time-Pad-Cryptosystem”