Crypt-OTP reviews

RSS | Module Info

Crypt-OTP (2.00) *

The author seems to suggest that the output of rand() might be a good way to generate one-time pads. This is not true. One-time pads must be Truly Random, not merely pseudorandom. If you generate your pad with rand(), you are in essence using rand() as an encryption algorithm, which is something it was never intended to be.

Furthermore, the author neglects to mention that a one-time pad must never be used more than once. That is why it is called a one-time pad. If you ever reuse the pad, you completely lose any guarantee of security. Note that Crypt::OTP will silently reuse the pad if the message is too long.