One-Time Pad Length Calculator
The one-time pad (OTP) is the only encryption system with mathematically proven perfect secrecy, established by Claude Shannon in 1949. The fundamental requirement of OTP is that the key must be at least as long as the message, truly random, and used only once. This calculator takes a message size in any unit and converts it to the required key length, showing the storage burden of maintaining OTP keys. For a 1 MB message, a 1 MB key is required. For a 1 GB encrypted file, a 1 GB key is needed. This key must then be securely distributed through a channel at least as secure as the protection the OTP provides.
One-time pad key length formula
Key length (bytes) = message length (bytes)
Required entropy (bits) = message length (bytes) × 8
Key reuse = forbidden (breaks perfect secrecy)
Shannon's theorem of perfect secrecy (1949) states that a cipher achieves perfect secrecy if and only if the key is at least as long as the message and every key is equally likely. The OTP achieves perfect secrecy by XORing each message byte with a truly random key byte, making the ciphertext statistically independent of the plaintext.
OTP practical considerations
- Key distribution: the key must be exchanged over a secure channel before communication. This is the fundamental practical problem with OTP.
- Key storage: keys must be stored securely and destroyed after use to prevent reuse.
- Randomness: keys must come from a true random source (hardware RNG), not a pseudorandom generator. A biased key weakens security.
- Authentication: OTP provides confidentiality but not authentication. An attacker can modify a ciphertext without knowing the key (bit-flipping attack).
- Historical use: the Moscow-Washington hotline (1963) used OTP pads. Some intelligence agencies still use OTP for high-value communications.
One-time pad calculator: frequently asked questions
What is a one-time pad?
A one-time pad (OTP) is a theoretically unbreakable encryption scheme in which a message is XORed (or otherwise combined) with a random key of exactly the same length used only once. Claude Shannon proved in 1949 that OTP achieves perfect secrecy if the key is truly random, at least as long as the message, and never reused.
Why must the key be exactly as long as the message?
The OTP works by combining each byte of the message with a corresponding byte of the key. If the key is shorter than the message, key bytes must be reused, which breaks perfect secrecy and creates patterns an attacker can exploit. The key must be at least as long as the message.
Why is the one-time pad impractical for most uses?
The key is as large as the message, so distributing it securely requires a secure channel as large as the original message. Additionally, the key must be truly random (not pseudorandom) and must never be reused. The secure key distribution problem makes OTP impractical except for specific use cases like diplomatic hotlines.
What happens if a one-time pad key is reused?
Reusing an OTP key (a two-time pad) is catastrophically insecure. An attacker who intercepts two ciphertexts encrypted with the same key can XOR them together, eliminating the key entirely and obtaining the XOR of the two plaintexts. Known-plaintext attacks can then recover both messages.
Is AES or RSA based on the one-time pad?
No. AES and RSA are computationally secure ciphers, not information-theoretically secure like OTP. They rely on the assumption that certain mathematical problems are computationally infeasible (not mathematically impossible) to solve. OTP is the only cipher with proven perfect secrecy.
Official sources
- Shannon, C.E. (1949) Communication Theory of Secrecy Systems, Bell System Technical Journal: doi.org/10.1002/j.1538-7305.1949.tb00928.x.
- NIST SP 800-90A Rev 1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators: csrc.nist.gov.
Reviewed by the CalculatorHub team, edited by James Graham, 15 June 2026. See our methodology.