One time pads are the only encryption system that has been proven to be theoretically unbreakable.
That said, one time pads suffer from two main flaws:
One time pads can be quite attractive for encrypting small amounts of data, for example to exchange passwords over an insecure channel, when other more sophisticated methods are not available. For an early version of my PictaTrove web server I implemented a one time pad system to protect passwords that were entered through the remote administration interface.
The one time pad system is comprised of three main components:
Key Generation UtilityOf these three pieces the only one that is questionable in a cryptographic sense in the key generation utility. Here is how I have approached the problem of producing a "random" set of keys for the pad:
The key weakness of this is that the process is completely deterministic. If you know:
then the program would always produce exactly the same one time pad file. However, as the exact time of running is not known (though could be reduced to a range of times based on the timestamp of the otp.txt file) and the directory that was used as a source of files is also not known and the random text is not known, then even if an attacker can gain access to the computer where the pad was generated it would take a lot of effort to create a duplicate pad. In fact, it would be vastly simpler to just look for the otp.txt file and make a copy. Once you consider this, it becomes apparent that any theoretical weakness in the way that the pad file is created is far less significant than the risk of the pad file being discovered and copied.
The Python program to make a one time pad is here: makeotp.py.
back to vermeulen.ca home