Practical Security

Learn about the issues and usage of one-time pads along with the concept of cover time.

One-time pad in practice

There are a number of practical problems with using a one-time pad to encrypt data, largely having to do with key management. This makes one-time pads difficult to use since one of the biggest challenges in making cryptography work in real systems is providing the right key management support.

Key management issues with a one-time pad

There are three key management issues that make a one-time pad a very impractical cryptosystem to employ in real applications. These directly arise from each of the three fundamental properties of a one-time pad below:

  • Length of the key: The requirement that a one-time pad key should be as long as the plaintext is prohibitive for most applications. This has particular ramifications for two aspects of key management:

    • Since these potentially enormous keys must be stored in an environment with maximum security, this has implications for key storage.

    • Somehow these potentially enormous keys must be made available to anyone who requires access to them. (This will be the sender and receiver in our basic communications model.) This process is known as key establishment. Since one-time pad key establishment must be conducted using a secure technique that doesn’t leak any information about the key, we’d need to employ more key establishment techniques, such as encryption using another key cannot be used. Unless of course, the encryption of the key is done using a one-time pad, in which case we now face the problem of securely establishing the key that was used to encrypt our first key!

  • Random generation of the key: A one-time pad key must truly be randomly generated. This means that it can’t be generated using a deterministic generator, which is the way most keys are generated in practice. This is why key generation for a one-time pad is an expensive key management process.

  • One-time use: Having gone through a costly key generation, establishment, and storage process, the resulting key can then only be used on one occasion, meaning that the entire process is incredibly expensive!

Get hands-on with 1400+ tech skills courses.