Why is the one-time pad unbreakable?

If the key is truly random, at least as long as the message, used only once and kept secret, then every possible plaintext of that length is equally likely given the ciphertext. The ciphertext reveals no information about the message — a property called perfect secrecy, proven by Claude Shannon in 1949.

How is the random key generated?

This tool uses the browser's crypto.getRandomValues, a cryptographically secure random number generator, to produce one random byte for every byte of your message. The key is shown as hex so you can store and share it exactly.

What breaks the one-time pad in practice?

Three mistakes destroy its security: reusing a key for more than one message, using a key shorter than the message, or using a key that is not truly random (such as a passphrase). Any of these turns it into an ordinary, breakable cipher.

How do I share the key safely?

The key must reach the receiver over a channel separate from the ciphertext and must stay secret — for example handed over in person on a physical pad. Key distribution is the hard, unsolved part of the one-time pad and why it is rarely practical at scale.

Is this the same as the Vernam cipher?

Yes. Gilbert Vernam patented the XOR stream cipher in 1919; when the key stream is random, single-use and as long as the message, it is the one-time pad. This simulator implements exactly that with a fresh random key per message.

One-Time Pad Simulator

The one-time pad (OTP), also called the Vernam cipher, is the only cipher proven to offer perfect secrecy. The idea is simple: combine each byte of the message with a byte of a random key that is as long as the message, used only once. Under those conditions the ciphertext is mathematically independent of the plaintext — Claude Shannon proved in 1949 that no amount of computing power can recover the message without the key.

How it works

This simulator does three things:

Generate a key. It calls the browser’s cryptographically secure crypto.getRandomValues to produce one random byte for every byte of your message (encoded as UTF-8). The key is displayed as hexadecimal so you can copy and store it exactly.
Encrypt. Each message byte is combined with the matching key byte using bitwise XOR, and the result is shown as hex.
Decrypt. Because XOR is self-inverse, XORing the ciphertext with the same key returns the original bytes, which are decoded back to text.

The whole scheme is cipher[i] = message[i] XOR key[i], with key the same length as message and never reused.

Worked example

For the message HI (bytes 0x48 0x49), the generator might produce the random key 0x7c 0x03. XOR gives ciphertext 0x34 0x4a. To decrypt, XOR 0x34 0x4a with the same 0x7c 0x03 to recover 0x48 0x49 = HI. A different random key would map the same HI to entirely different ciphertext — which is exactly why interception alone tells an attacker nothing.

Notes and tips

Three rules make or break the OTP: the key must be truly random, at least as long as the message, and used exactly once. Reusing a key, shortening it, or deriving it from a passphrase all destroy perfect secrecy. The genuinely hard problem is key distribution — getting the secret key to the receiver safely, which is why real systems usually prefer key-exchange-based ciphers. This simulator generates and processes everything locally in your browser; no message or key is ever transmitted.