The scope of this article is to present the one time pad cipher method and its biggest vulnerability: that of the many time pad.
The one time pad: what it is and how it works
The one time pad is the archetype of the idea of stream cipher. It’s very simple: if you want to make a message unintelligible to an eavesdropper, just change each character of the original message in a way that you can revert, but that looks random to another person.
The way the one time pad works is the following. Suppose 
is the clear-text message you would like to send securely, of length 
. First, you need to generate a string 
of equal length 
. Then, you can obtain a cipher-text version of your message by computing the bitwise XOR of the two strings:
![\[\mathcal{M} \oplus \mathcal{K}\]](https://www.thecrowned.org/wp-content/ql-cache/quicklatex.com-cb46aeaf3820dcf3661ecffd88940f1c_l3.png "Rendered by QuickLaTeX.com")
The best thing is that decoding is just the same as encoding, as the XOR operator has the property that 
(and that 
). The only difference is that the cipher-text is involved in the XOR, rather than the clear-text:
![\[\mathcal{C} \oplus \mathcal{K} = \mathcal{M} \oplus \mathcal{K} \oplus \mathcal{K} = \mathcal{M} \oplus 0 = \mathcal{M}\]](https://www.thecrowned.org/wp-content/ql-cache/quicklatex.com-58e74f53ca311cf31e60a89e87e6b3f4_l3.png "Rendered by QuickLaTeX.com")
Below is an example of the one time pad encoding achieved with Python, with a made-up pad string.
In the first section, result holds the XOR result. In the second part, the result and one_time_pad variables are XORed together to obtain the original plain-text message again.
It is not difficult to realize that the whole strength of the algorithm lies in the pad. Of course, as an attacker, if you can obtain in some way, then it is not difficult to get the clear-text message from the ciphered one as well.