One-Time Pad (OTP) Cipher

XOR perfect secrecy — generate cryptographically secure random keys, encrypt and decrypt.

Educational tool. A real OTP requires: a truly random key used exactly once, securely delivered to the recipient, and destroyed immediately after use. Reusing the key destroys all security.
Key (hex)
No key yet — click Generate New Key or enter one below.
Plaintext
Ciphertext (hex)
Generate a key or paste one, then enter your plaintext.

How to Use the One-Time Pad Tool

  1. Generate a key — click "Generate New Key" to create a cryptographically secure random key matched to your message length. Or paste an existing hex key.
  2. Enter plaintext — type or paste your message. The key auto-adjusts to match the message length.
  3. Click Encrypt — the tool XORs each byte of the plaintext with the corresponding key byte, producing the ciphertext as a hex string.
  4. Share securely — both the ciphertext and key must be transmitted securely (separately) to the recipient.
  5. Decrypt — switch to Decrypt mode, paste the ciphertext and key, and recover the plaintext.

About the One-Time Pad

The one-time pad (OTP) is the only known cipher that is theoretically unbreakable — it provides what cryptographers call "perfect secrecy." Invented independently by Frank Miller (1882) and later by Gilbert Vernam (1917) and Joseph Mauborgne, it works by XOR-ing each byte of the plaintext with a corresponding byte from a random key of equal length. The key is used exactly once, then destroyed.

Why It Provides Perfect Secrecy

Claude Shannon proved in his landmark 1949 paper "Communication Theory of Secrecy Systems" that the one-time pad achieves perfect secrecy: for any ciphertext and any possible plaintext of that length, there exists exactly one key that would produce that plaintext from that ciphertext. An attacker with unlimited computational power cannot determine the actual plaintext without the key — the ciphertext provides zero information. This is fundamentally different from modern ciphers like AES, which are computationally secure (hard to break given current computing power) rather than information-theoretically secure.

The XOR Operation

The XOR (exclusive OR) operation is used because it has ideal cryptographic properties: XOR-ing any value with a random byte produces an equally random result, and XOR-ing the result with the same key byte recovers the original value. This makes XOR self-inverting: encryption and decryption use the exact same operation. For text, each character is converted to its ASCII byte value, XOR-ed with the corresponding key byte, and the result is encoded as hexadecimal. To decrypt, XOR the ciphertext hex bytes with the key bytes.

The Key Distribution Problem

The practical limitation of the OTP is key distribution. Before any communication can happen, the sender and receiver must meet in person (or use another secure channel) to exchange a key as large as all the messages they plan to send. During the Cold War, Soviet spies used physical one-time pads — printed books of random numbers that were destroyed page by page after use. The famous VENONA project (1943–1980) broke Soviet OTP-encrypted communications only because Soviet agencies, under the pressure of WWII, reused some key pages — a catastrophic violation of the single-use requirement.

Cryptographically Secure Key Generation

This tool uses window.crypto.getRandomValues() to generate keys. This function uses the operating system's cryptographically secure pseudorandom number generator (CSPRNG), which is suitable for cryptographic key generation. It is fundamentally different from Math.random(), which is not cryptographically secure and should never be used for encryption keys. The generated keys are displayed as hexadecimal strings.

Frequently Asked Questions

A one-time pad is an encryption technique where plaintext is XOR-ed with a random key of the same length. When used correctly — truly random key, used only once, kept secret, destroyed after use — it provides perfect secrecy that is mathematically unbreakable.
Claude Shannon proved in 1949 that OTP is perfectly secret: any possible plaintext is equally likely for a given ciphertext. Even with unlimited computing power, an attacker cannot determine the plaintext without the key.
The key must be as long as the message, truly random, used only once, and securely exchanged before communication. The key distribution problem — safely delivering a key as large as all future messages — makes OTP impractical for most modern uses.
Reusing a key completely destroys security. XOR-ing two ciphertexts encrypted with the same key gives the XOR of the two plaintexts. Using statistical analysis (crib-dragging), both messages can be recovered. The VENONA project broke Soviet communications this way.
This tool uses window.crypto.getRandomValues() for cryptographically secure key generation. However, real OTP security depends on secure key distribution and destruction — problems this browser tool cannot solve. Use Signal or PGP for real-world secure communications.