Get it on Google Play Windows Version

How to use this site

Every 10 minutes the list of messages is updated. Your browser should automatically refresh and the page is cached for 10 minutes.

Clicking on a message will copy the contents to the clipboard.

Clicking Decrypt you will be prompted for the decryption key. After the key is entered, click on the message you want to decrypt. The key never leaves your browser.

Adding a Message

If you have created your encrypted message offline you can enter it in the output box and add it. Username is optional.
You can create a message using the key and message boxes. Only the Username and Output will be saved.

Android App

The App also allows you to send the messages over, push notification, text, email, messenger, and any other app you want. You can even upload your message to this site from the App.

Use the Decrypt button to decrypt your message.

This website, or the App, will NEVER store or transmit your key.

Why???

Encryption is a very fascinating topic, but only part of a secure message. Delivering your message is the other part. AES, RSA, and PGP all do a very good job of protecting your message contents when you send it, but there is a record of you sending it over text, email, or whatever you use.

This website hides in plain sight, and it prevents others from knowing what message was intended for you. When using a public computer to visit the site, no one will know if you sent/received a message.

Every .app domain MUST use HTTPS, your browser won't let you use HTTP or an unencrypted connection

This site doesn't log IP address, have ads, use cookies, or record analytical data. No data leaves OneTimePad.app site. Don't take my word for it, check for yourself. Yes, the JavaScript is minified for faster loading, but it is not obfuscated.

This doesn't mean a record of your visit isn't logged somewhere. This site uses a CDN network to speed up load times and lighten the burden on the web server. Your ISP could have logs, and your browsing history might remember your visit. This website is not for perfect security, this website is to hide your secrets in plain sight giving you another layer of plausible deniability. Visit this site every day and the 'bad guys' will never know when you sent/received a message.

You may be wondering what we get out of this? Nothing. It is that simple. The way the site was designed it runs on one of the cheapest VPS you can find.
RRiVEN LLC has plenty of other projects that cover the bills, this is for anyone to use, no strings attached

What is a One Time Pad

A One Time Pad (OTP), when used correctly, is unbreakable encryption. The downside to OTPs are the key length.
If your message is 100 characters long then your encryption key must be 100 characters long.

The complete details can be found on the Wikipedia Page.

The best part about OTP encryption is, once you understand how it works, you don't need a computer to exchange messages.

How it works

Each letter is assigned a number A=1, B=2....Z=26, 0=27, 1=28....9=36 and Space = 37*

If your message is HI and your key is CE then

H=8
I=9
and
C=3
E=5

You add the value of H and C together to get 11 which is K

I+E = 14 or N

If the value is greater than 37 you start back at 1, or subtract 37 from the number. An example: 38-37=1, 39-37=2, 72-37=35

Your encrypted message is now KN

*In this app spaces are turned into - to prevent copy mistakes

How is it unbreakable?

If the "bad guy" intercepts KN they can check every value as the key, but that will produce any two letter word as a valid result.

  • BY
  • MY
  • WE
  • TO
  • IS
  • OR
  • AT

Here is a better example with this encrypted message: XOHBWDKFEKYQ

Use the Key: RJC8WUCAEHX7
The message is: FEED THE CAT

Use this key: AN61WUCAEGJJ
The message is WALK THE DOG

Use this key: MF60WCIYDCXD
The message is KILL ABRAHAM

Or anything else that has a total length of 12

Only the intended recipient knows which one is real.

Requirements to remain unbreakable

  • Encryption key never used more than once
  • Use Truly Random keys
  • Secure Key exchange>
  • NEVER REUSE KEYS!!!

These requirements make using OTPs in a secure way difficult.
You need to securely exchange a large amount of random data before you can use OTPs. The most common use for OTPs is when you meet someone who you will need to exchange sensitive information in the future with. Exchanging a set of keys or Pads will ensure that future communication is protected.

Google Play and the Google Play logo are trademarks of Google LLC