Skip to main content


Home One-time pad

One-time pad

One-time pad definition

A one-time pad (OTP) is a type of encryption that is impossible to crack when used correctly. It uses a random data string, known as the pad, which is the same length as the original message. The message is encrypted by combining it with the pad using an operation like bitwise XOR or modular addition. Each individual bit or character of the plaintext is combined with the matching bit or character from the pad.

See also: cryptographic key, one-time password, session key, steganography

History of the one-time pad

1882: Frank Miller is the first to develop the concept of one-time pad encryption. Miller describes the idea of OTP as the encryption of plaintext with a key, where the key is a random set of numbers. Each number would be used only once and then discarded.
1917: Gilbert Vernam, an AT&T engineer, invents and patents a cipher system for telegraphy. It involves combining the plaintext message with a key tape generated from a teletypewriter. This is considered the formal birth of the OTP encryption method.
World War II and Cold War: OTPs are popular for sensitive diplomatic and military communication. The pad, consisting of random keys, is printed on tiny pieces of flash paper to destroy the key after use.
1949: Claude Shannon, known as “the father of modern cryptography,“ proves one-time pad encryption to be unbreakable. However, that is only true given the key is truly random, the same length as the plaintext, never reused, and kept secret.

Pod slurping prevention

  • Disable auto-run. Many pod slurping attacks rely on the auto-run feature of operating systems to execute a script or program automatically when a device is connected. Disabling this feature can help prevent such attacks.
  • Control physical access. Limit physical access to sensitive computers and networks. This could involve locking computer cases or using cable locks to prevent unauthorized access to USB ports.
  • Use endpoint security solutions. Use security software to monitor and control which devices can connect to a system or what data can be transferred.
  • Establish clear policies. Create and enforce clear company policies regarding the use of personal devices at work.
  • Raise employee awareness. Regular training and awareness programs can help employees understand the risks and know what to look for. They should report any suspicious activity or unfamiliar devices connected to their computers.