Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
One-time pad
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Common implementation errors === Due to its relative simplicity of implementation, and due to its promise of perfect secrecy, one-time-pad enjoys high popularity among students learning about cryptography, especially as it is often the first algorithm to be presented and implemented during a course. Such "first" implementations often break the requirements for information theoretical security in one or more ways: * '''The pad is generated via some algorithm, that expands one or more small values into a longer "one-time-pad".''' This applies equally to all algorithms, from insecure basic mathematical operations like square root decimal expansions, to complex, cryptographically secure pseudo-random random number generators (CSPRNGs). None of these implementations are one-time-pads, but [[stream cipher]]s by definition. All one-time pads must be generated by a non-algorithmic process, e.g. by a [[hardware random number generator]]. * '''The pad is exchanged using non-information-theoretically secure methods.''' If the one-time-pad is encrypted with a non-information theoretically secure algorithm for delivery, the security of the cryptosystem is only as secure as the insecure delivery mechanism. A common flawed delivery mechanism for one-time-pad is a standard [[hybrid cryptosystem]] that relies on symmetric key cryptography for pad encryption, and asymmetric cryptography for symmetric key delivery. Common secure methods for one-time pad delivery are [[quantum key distribution]], a [[sneakernet]] or [[courier]] service, or a [[dead drop]]. * The implementation does not feature an unconditionally secure authentication mechanism such as a [[Message authentication code#One-time MAC|one-time MAC]]. * The pad is reused (exploited during the [[Venona project]], for example).<ref name=":2" /> * The pad is not destroyed immediately after use.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)