a blog

Interactive two-time pad cracker

The one-time pad is a theoretically uncrackable scheme for encrypting messages. It works by XORing a pre-shared, random key with a message, transmitting it, then XORing again with the same key to decrypt. However, for this to happen securely, the key must be truly random, kept completely secret, and never reused. In the case that key material is reused, knowing (or guessing) the plaintext of one message will give you the plaintext of a second message. This tool is meant to assist in guessing (more precisely, "crib dragging") to this end.

Note that there are some quirks to this method: if you guess, say, " and " for one message, revealing " the " at the same position in the other message, it is entirely possible that these words were in the opposite places in the original messages. Most of the time, this is easy to notice, but sometimes, especially with punctuation, it can be tricky. More notably, this effect happens on the individual bit level, not just for whole characters. Due to the design of ASCII, this means that guessing the wrong case (a vs. A) for one message will result in the second message also having the wrong case.

Further reading: Stack Exchange


Ciphertext c1 (hex):
Ciphertext c2 (hex):
k = c1 ⊕ c2 (hex):

Show candidates: probable possible all

Message 1

Decrypted so far, m1 = m2 ⊕ k:

Guess a word:

Candidates for m2:

Message 2

Decrypted so far, m2 = m1 ⊕ k:

Guess a word:

Candidates for m1: