One-Time Pads – CompTIA Security+ SY0-401: 6.2


Encrypting with a one-time pad is a very strong encryption technique. In this video, I’ll demonstrate how you can use a one-time pad to encrypt your data.

<< Previous Video: Asymmetric Cryptography AlgorithmsNext: NTLM >>


A one-time pad is a cipher that was created in the early 1900s, and it was built when teletype machines were first becoming popular as a way to encrypt the communication on teletype. So this was all done on pieces of paper that would go into a teletype and pieces of paper that would come out on the other side. It was an automated system. It was one that really had a very interesting effect on the communications because then, you could really have private messages go back and forth between one place and another. And it really worked on this concept of the pad, and if you think of the pad as a pad of paper, that’s really what this ended up looking like is a single pad of paper with a key imprinted upon it.

This was really interesting in that it wasn’t complicated, there wasn’t a lot of mathematics involved, and it was one that was also very, very secure. When used properly, a one-time pad is one of these unbreakable kind of ciphers, and as we get into understanding more about the one-time pad, you’ll start to understand why it would be so difficult to break this type of communication. For the one-time pad to be this secure, there were a few rules we had to keep in mind. The first one is the key, the piece of information that is on our pad of paper, needs to be the same size as the plain text that we need to encrypt, so the number of letters in the key and the number of letters in the message you’re sending are exactly the same. Just keep that in mind.

The second rule is that the key is really completely randomized. This is not a pseudo-random or some type of a very static computer function that’s creating this. It really is what we call a true random set of characters that we’re putting on there, or a set of numbers. A one-time pad can be used in many different ways. The key should only be used one time, and that’s one of the nice things about having this on a piece of paper. We use the key. We encrypt with it. On the other side, we decrypt with it, and then, we throw away the key. And you pull off that piece of paper on the pad, you burn it, you get rid of it, and there’s obviously another key you would need to use next time.

That’s one of the important parts of this is every time you send a message, the key is going to change, thereby making the entire communication very, very difficult to decrypt. Even if you were able to crack the key one time, you would not be able to crack it again because now, the key is completely different. There are, hopefully, only going to be two copies of this key, one on the person who is sending the message, one the person who is receiving the message, and those are the only two people who would ever have a copy of this key. If somebody was to get a copy of the key somewhere in the middle, they would absolutely be able to decrypt this. So if you follow these rules, you can be assured that your one-time pad communication is not going to be seen by anyone else.

The process of encrypting with a one-time pad is relatively simple. We’re going to step through it right here. Obviously, we would follow these same steps in reverse to decrypt the information. The first thing we want to do is put our entire alphabet down, and we’re going to assign every letter a number. The easy way is to start at zero with A and end up at 25 with the letter Z. That will be– at least the numbers, we’ll be able to use to perform our calculations.

Now, let’s take a message. Let’s take something in plain text like the word “hello,” and we would like to encrypt this. But to encrypt it, we’re also going to need a key, and as you recall, we need a key that’s exactly the same size as the plain text. So if we go to our one-time pad and we look at our key, we see that our key, in this case, X, M, C, K, L, a random set of letters. Obviously, this key will change every time we send a message. So we could send the word “hello” this time. The next time we send the word “hello,” it’s going to be completely different in the cipher text that we look at because your key is going to be different every time.

Well, we can’t calculate or perform any type of mathematics on letters, so we need to convert these to numbers. And of course, we have our conversion chart right here at the top. So let’s convert “hello” into a series of numbers, 7, 4, 11, 11, 14. And let’s take the same thing with our key and convert that, 23, 12, 2, 10, 11.

Now, we’ve got two numbers, and we’re just going to add them together, and if we add 7 and 23, well, we kind of go off the end here to 25. If you hit 25, you go all the way back to zero and start counting up again. So 7 plus 23 happens to be the number 4. We’re going to associate this with a letter in a moment.

So if you add all of these columns up, you get 4, 16, 13, 21 and 15, and if you, then, convert those back to letters, you get E, Q, N, V, Z. So there’s our encrypted message. The idea is, on the other end, someone will have the exact same key that we have. They’ll take our message, simply subtract the numbers from it to come up with the plain text numbers, and then associate those back with the letters H, E, L, L, O, to get the message “hello.”