Crib Dragging

When two messages are encrypted with the same key, XORing the ciphertexts cancels the key and leaves P₁ ⊕ P₂. Drag a known word — a crib — through that XOR to reveal fragments of both plaintexts. This is how Soviet OTP reuse was exploited.

Shared key (secret)

How it works

The attack relies on a single property of XOR: (P ⊕ K) ⊕ (Q ⊕ K) = P ⊕ Q. The key vanishes. What remains is the XOR of the two plaintexts — a much weaker object than either ciphertext alone.

Natural language is highly redundant. Common words like the, attack, at dawn appear predictably. Sliding such a crib through P₁ ⊕ P₂ and scoring the output by its letter-and-space ratio quickly separates genuine matches (≥ 85% letters+spaces) from accidental printable garbage (~55% on average). Non-printable output is an instant discard. The longer the crib, the fewer false positives survive.

Once a fragment is confirmed, it becomes a new crib. A skilled analyst can bootstrap from a single known word to full plaintext recovery — exactly the technique Soviet signals intelligence suffered when key material was reused under pressure during WWII.

The defence is absolute: never reuse a one-time pad key. A key used twice is no longer a one-time pad — it is just an unkeyed XOR.