One-time Pad - Problems

Problems

Despite Shannon's proof of its security, the one-time pad has serious drawbacks in practice:

• it requires perfectly random one-time pads, which is a non-trivial software requirement
• secure generation and exchange of the one-time pad material, which must be at least as long as the message. (The security of the one-time pad is only as secure as the security of the one-time pad key-exchange).
• careful treatment to make sure that it continues to remain secret from any adversary, and is disposed of correctly preventing any reuse in whole or part — hence "one time". See data remanence for a discussion of difficulties in completely erasing computer media.

The theoretical perfect security of the one-time-pad applies only in a theoretically perfect setting; no real-world implementation of any cryptosystem can provide perfect security because practical considerations introduce potential vulnerabilities. These practical considerations of security and convenience have meant that the one-time-pad is, in practice, little-used. Implementation difficulties have led to one-time pad systems being broken, and are so serious that they have prevented the one-time pad from being adopted as a widespread tool in information security.

One-time pads solve few current practical problems in cryptography. High quality ciphers are widely available and their security is not considered a major worry at present. Such ciphers are almost always easier to employ than one-time pads; the amount of key material which must be properly generated and securely distributed is far smaller, and public key cryptography overcomes this problem.