Summary

One-Time Pad is a very simple method of how for absolutely perfect (that is, unbreakable) encryption. The concept of was first described by Frank Miller in 1882, but has never been used widely, due to the requirement that the encryption key be the same length as the message being sent.

For a reasonably good overview and history, see wikipedia

For a more full history of One-Time Pad encryption, see cryptomuseum.com

The simple web site here (onetimepad.glitch.me) is a demonstration of the One-Time Pad. It is a fully functional model for encrypting/decrypting, but does not have/use a good random number generator, which is a critical part of using a One-Time Pad. It is purely client-side, so could be used securely if you:

1. Save OneTimePad.html locally to any computer/device that can open a local file in a browser
2. Disconnect the device from all networks, wireless access, drives, etc
3. For the "key", use your own set of truly random values.

The "key" is the hard part. "Truly random values" means they must be actually random, not a random page from your favorite book. And they must never be intercepted by anyone other than the party you are communicating with. And each set of values must only be used for one message. (I would say "only used once", but repeating the message has no effect on its security, as long as the same key is not used for a different message)

For guidance on how to create a truly secure key, read the below Passwords / Cryptographically Secure Keys, For the Truly Paranoid

Code

Original source code for this project on GitHub

Now primarily hosted at onetimepad.glitch.me

Legal

This work is "No Rights Reserved" -- that is, licensed under CC0. More formally:

To the extent possible under law, the publisher has waived all copyright and related or neighboring rights to this property "OneTimePad.html". This work is published from the United States.

♡ Please copy and share.

Compatibility

This has been tested with the following browsers:

• Google Chrome, version 46.0.2490.80 m
• Firefox, version 41.0.2
• Internet Explorer, version 11.0.9600.18059CO

Credits

Written in October, 2015. (occasionally modified since then)

Thanks to:

• Wikipedia, for initial reference on the "One Time Pad"
• Security Now podcast, for increasing my interest in cryptography
• Stack Overflow, for answers to lots of javascript questions
• World Wide Web Consortium, for good references on all things web
• Google, for helping me find *everything*, and making a great browser to debug in

Passwords / Cryptographically Secure Keys, For the Truly Paranoid

The One Time Pad method can be used to create passwords by combining values from multiple, less trusted sources.

We have plenty of generators of "random" numbers and values. One of the least secure is the basic random number generator provided in javascript, which is what the "Generate Key" button at https://onetimepad.glitch.me/ uses.

But if you want to have really secure values, you need a few things:

• The source should be really random - most computer-generated "random" values are actually deterministic, if you know something about the state of the computer when the "random" value was generated.
• The generated value should never be stored in an insecure location. (This is up to the user to secure; for a password or other short values, presumably you would memorize it, or write it down in a secure location)
• The generated value should never be transmitted over an insecure connection. You can mitigate this by generating random values from multiple sources, and combining them.

The last part is what the One Time Pad method can help with. If you want the most secure possible method of generating random values, use the following steps.

1. Decide on your "alphabet"; all the possible values that your password/key can contain. There are a few suggested sets at https://onetimepad.glitch.me/, the dropdown options by "Alphabet".
2. Use multiple sources of random values, that you more-or-less trust.
   • You want to collect multiple random values, pulled from different sources, each of which would be a full-length "pretty good" random value by itself.
   • This could include rolling dice, trying to come up with random characters in your head, whatever you think is "really good".
   • If your preferred source uses a different alphabet than you prefer, make sure some version of your alphabet is a subset of its values, and then throw out any values that do not match the alphabet you are using.

Online Sources of Random Values

• https://www.grc.com/ppp.htm
• https://www.lastpass.com/password-generator
• https://passwordsgenerator.net
• https://www.random.org/passwords/
• https://www.random.org/bytes/

It should go without saying, but anything you do on a computer is only as secure as that computer is. You can start with the above, even from an unsecure connection on a public computer, but secure is always preferable. Everything after this should only be done in the most secure environment possible.

• Go to onetimepad.glitch.me. This runs everything client-side; no values are sent to the server.
  • If you want "perfect" security, download the one-file version, OneTimePad.html, run it from a computer that is totally offline, and never again let the computer out of site, nor connect it to any network or any other device.
• Select/input your alphabet
• In the "Input" box, enter your initial "random" value
• In the "Key" box, enter a secondary "random" value, of the same length
• The "Output" value is now a combined value, that includes the entropy of both the Input and the Key values. So if either is weak at some point where the other is not, that weakness will be removed. Nothing you input can reduce the randomness of the value, only increase it (unless you somehow base your Key value on the current Input value itself; don't do that).
• Now copy the Output value, and pasted it back into the Input area, and input another Key value.
• Repeat for all remaining initial random values.
• Once done, put your last Output back into the Input, and click "Generate Key". This uses the low-quality random number generator in your browser to generate random values from that alphabet, of the same length as the input. The reason to always include this step, is that even if all of your communication to all websites above was fully intercepted, this pseudo-random value could not have been intercepted; and it can't make the Output any less random.

Now the Output value is the most-secure version of all of the input random values combined. Store this value until you need it; and once you use it, destroy it! (if you ever use it again, it ain't "one time")

Passwords / Cryptographically Secure Keys, For the Slightly Paranoid

Similar to the above, but instead of trying to get a bunch of "truly random" values from multiple sources, start with one you-generated value (whatever you can come up with quickly), and then use the "Generate Key" button for a few cycles to scramble that.

The threat model of random numbers not being cryptographically secure is fairly weak. That is, pseudo randomly generated numbers are only a problem when the attacker knows a lot about your machine. If you really use OneTimePad.html on an offline device, that significantly limits what they can know about it. More importantly, if you use one-time-pad encryption, even if an adversary did correctly guess your pseudo-random numbers, there is absolutely no way for them to prove that they did. And on top of that, if you start with something you make up, and add the random time-delay of your own operation between running "Generate Key" multiple times, that really does guarantee the key will be unguessable. (all browsers I know of implement random() with a seed that includes the current clock time)