ToolBelt

One-Time Pad

Generate or apply a one-time pad — XOR with a random key.

Open tool

Overview

The one-time pad tool generates a random key the same length as your plaintext, then XORs the two to produce ciphertext (or the reverse — XOR ciphertext with the same key to recover the plaintext). The maths is trivial; the discipline of using each pad exactly once is what makes it interesting.

It is a teaching tool for information-theoretic security courses, a curiosity for cryptography hobbyists, and a foundational primitive that underpins many real ciphers (stream ciphers are essentially OTPs with a pseudorandom keystream). A one-time pad encryption demo also makes the pitfalls — key reuse, key transport — very concrete very fast.

How it works

A one-time pad XORs plaintext bytes with a key buffer of the same length: C = P XOR K. Decryption is identical: P = C XOR K, because XOR is its own inverse. Claude Shannon proved in 1949 that this scheme is information-theoretically secure if and only if three conditions hold: the key is truly random, the key is at least as long as the message, and the key is never reused. Break any of the three and the scheme collapses — most famously, reusing a key lets an attacker XOR two ciphertexts together to cancel the key and leave P1 XOR P2, which is recoverable with simple language statistics.

This tool draws keys from a cryptographically secure RNG and presents output as hex or base64. It cannot stop you from reusing a key — that responsibility is on you.

Examples

Plaintext:  "HELLO"
Key (hex):  3A 7F 11 9C E2
XOR:        H=0x48, E=0x45, L=0x4C, L=0x4C, O=0x4F
Ciphertext: 72 3A 5D D0 AD

Ciphertext: 72 3A 5D D0 AD
Key (hex):  3A 7F 11 9C E2
Output:     "HELLO"

Plaintext: "attack"
Random key auto-generated (6 bytes), output as base64
Output:    ciphertext (6 bytes) and matching key

FAQ

Is OTP actually unbreakable?

Yes — but only under the conditions Shannon required. Reuse the pad once and the security argument vanishes. The Venona project broke Soviet OTPs in the 1940s precisely because the Soviets reused pads under wartime pressure.

Why don't we use OTP everywhere?

Key management. A 1 GB message needs a 1 GB pre-shared key. Distributing and storing that key without leaking it is essentially the same problem as distributing the message confidentially — so OTP is rare outside very small, very-high-value channels (diplomatic, military).

What is a stream cipher then?

A stream cipher (ChaCha20, AES-CTR, RC4) generates a long keystream from a short key and IV, then XORs it with the plaintext like an OTP. It is computationally secure rather than information-theoretically secure, but it is practical.

Can I use an English text as a key?

No. The key must be uniformly random. Using a book as a "running-key cipher" is a famous weak scheme — the structure of English shows through in the ciphertext and the message can be recovered.

Try One-Time Pad

An unhandled error has occurred. Reload ×