How to use this site
Every 10 minutes the list of messages is updated. Your browser should automatically refresh and the page is cached for 10 minutes.
Clicking on a message will switch to decrypt mode and fill in the ciphertext. Enter your key and the plaintext appears instantly.
Adding a Message — Encrypt your message on the home page, then click Post to publish it. Username is optional. You can also create a message offline and paste the ciphertext directly.
Android App — The app lets you send messages over push notifications, text, email, messenger, and any other app. You can upload your message to this site directly from the app.
This website, and the app, will NEVER store or transmit your key.
Why???
Encryption is a fascinating topic, but only part of a secure message. Delivering your message is the other part. AES, RSA, and PGP all do a great job protecting message contents, but there is a record of you sending it over text, email, or whatever you use.
This website hides in plain sight. It prevents others from knowing what message was intended for you. When using a public computer, no one will know if you sent or received a message.
Every .app domain MUST use HTTPS — your browser won't allow an unencrypted connection.
This site doesn't log IP addresses, have ads, use cookies, or record analytical data. No data leaves OneTimePad.app. Don't take our word for it — check for yourself. The JavaScript is minified for speed but not obfuscated.
This doesn't mean a record of your visit isn't logged somewhere. This site uses a CDN to speed up load times. Your ISP could have logs, and your browsing history might remember your visit. This website is not for perfect security — it's to hide your secrets in plain sight, giving you another layer of plausible deniability. Visit every day and the "bad guys" will never know when you sent or received a message.
What do we get out of this? Nothing. The site runs on one of the cheapest VPS available. RRiVEN LLC has other projects that cover the bills — this is for anyone to use, no strings attached.
What is a One Time Pad
A One Time Pad (OTP), when used correctly, is unbreakable encryption. The trade-off is key length — if your message is 100 characters, your key must also be 100 characters.
Full details on the Wikipedia page.
The best part: once you understand how it works, you don't need a computer to exchange messages.
How it works
Each character is assigned a number:
| A | B | C | D | E | F | G | H | I | J | K | L | M |
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | Space | ||
| 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | ||
Example — message: HI, key: CE
H = 8, C = 3 → 8 + 3 = 11 → K
I = 9, E = 5 → 9 + 5 = 14 → N
Encrypted message: KN
If the value exceeds 37, wrap around by subtracting 37 (e.g. 38 → 1, 42 → 5).
* Spaces are displayed as - to prevent copy mistakes.
How is it unbreakable?
If someone intercepts KN, they can try every possible key — but every two-letter word is a valid result: BY, MY, WE, TO, IS, OR, AT…
A longer example with ciphertext: XOHBWDKFEKYQ
Key: RJC8WUCAEHX7 → FEED THE CAT
Key: AN61WUCAEGJJ → WALK THE DOG
Key: MF60WCIYDCXD → KILL ABRAHAM
Or anything else 12 characters long. Only the intended recipient knows which is real.
Requirements to remain unbreakable
These requirements make OTPs difficult to use securely. You need to exchange a large amount of random data before you can communicate. The most common use case is meeting someone in person and exchanging a set of keys — or "pads" — to protect future communication.