[MOARDONGZPLZ]

> The pads themselves are however highly guarded secrets, usually passed along via a dead drop, only ever exposed to the minimum of people and designed to be very easy to destroy quickly and are a bit flimsy as a result.

One other note here is that OTPs don’t have to be distributed in this manner. An OTP can use something already distributed and readily available to end users, such as a Gideon Bible or something (making sure to get the right edition, printing, etc) that everyone in a hotel room has access to. The key is having access to something, making sure it’s long enough for the series of messages to be encoded/decoded, and that no one else knows what it is.

[mdhb]

I’m not actually a crypto guy and I know of stories where people have done this in serious environments (check the link I posted above for an example) but my understanding is that non random letter distributions like you will find in a book for example will potentially change the level of security you can expect from a OTP substantially against a sophisticated enemy and as a result the randomness is actually very important regardless of key length.

I might be wrong, it’s not my area of expertise.

[MOARDONGZPLZ]

Oh yes, very true. An OTP must have particular properties that words in a book don’t have to be provably secure. However, common materials that the communicators have access to without specific distribution can be useful for OTPs in their own way (though not provably secure).

Good clarification.

[less_less]

> An OTP must have particular properties that words in a book don’t have to be provably secure. However, common materials that the communicators have access to without specific distribution can be useful for OTPs in their own way (though not provably secure).

Using a passage from a book directly as an OTP is not secure at all. It's similar to the result of reusing an OTP: it gives an attacker two messages in (e.g.) English whose sum (using a book as an OTP) or difference (reused OTP) is known. Since the entropy of English is around a bit per character (more or less), and the deltas reveal almost lg(26) ~ 4.7 bits per character, knowing the sum or difference can determine most of the contents of the message in either case.

Reading every n'th letter in the book is probably marginally harder to break, but I still wouldn't rely on it for anything serious.

[uclibc]

Instead of using every n'th letter, how about using a pseudo random number sequence generated by a simple math equation, like the one posted here a few days ago[1], and add that to every letter. With that the data should be shuffled basically beyond recognition though the effort needed to decode has increased even more.

[1] https://news.ycombinator.com/item?id=39091867

[Izkata]

The way I've seen it used in TV shows, there'd be a number somewhere (embedded, or day of month the message was sent, etc) that indicates what page of the book to use.

[rtkwe]

What you're describing is a book cypher and is a separate thing from an One Time Pad. They can be fairly secure but they're not inherently as secure as one time pads.