Vernam Cipher (One-Time Pad)

XOR every byte of the plaintext with a uniquely-generated random key byte. With a truly random key that is never reused, the ciphertext reveals nothing — provably, mathematically, forever.

0%

Move your mouse or type to collect entropy…

Decrypt

Paste the hex key and hex ciphertext from any Vernam encryption. The key and ciphertext are pre-filled automatically after you encrypt.

Recovered plaintext
 

How it works

Gilbert Vernam patented the one-time pad in 1919. The rule is simple: for plaintext byte p and key byte k, the ciphertext byte is c = p ⊕ k. Because XOR is its own inverse, decryption is identical: p = c ⊕ k.

Shannon proved in 1949 that this scheme achieves perfect secrecy — the ciphertext carries zero information about the plaintext — provided three conditions hold:

  1. The key must be truly random (not pseudo-random).
  2. The key must be at least as long as the message.
  3. The key must be used only once and then destroyed.

If any condition is violated the cipher breaks. Reusing a key lets an attacker XOR two ciphertexts together and cancel the key: c₁ ⊕ c₂ = p₁ ⊕ p₂ — the key vanishes and only the XOR of two plaintexts remains, which is trivially cribbed.

The key generated here uses crypto.getRandomValues (a browser CSPRNG fed by OS entropy) further mixed with your mouse and keyboard events via SHA-256. The result is indistinguishable from random to any computationally-bounded adversary.