The acronym OTP is used to refer to two different things in computer security.
As you might probably guess from the shared use of the term One Time, there are some similarities.
Contents
One Time Pad basics
A One Time Pad is a method of encryption.
Theoretically, it is perfectly secure and impossible to crack.
The first issue is that the pad requires the encryption key on the pad to be truly random.
Even pseudo-random number generators PRNGs used for other cryptographic purposes arent random enough to be secure.
Any level of predictability in the key material compromises the perfect secrecy premise.
The key generation process must be completely secure.
Additionally, the method of communicating the One Time Pad must be secure.
All parties must then also continue to securely store the One Time Pads.
Used one-time keys must be also securely disposed of.
A One Time Pad doesnt offer any authentication mechanism.
An attacker that knows the plaintext and the ciphertext, can recover the key.
Finally, the message being encrypted can only be as long as the pre-generated key.
A useful format is that of a notepad with a unique key on each page.
When a message needs to be encrypted, the topmost page is used.
the page is then typically removed and destroyed to prevent it from being compromised or reused.
For example, a One Time Pad is only as secure as the communication method.
As such, a digitally communicated pad doesnt offer any additional security.
When using a physical transmission method, i.e.
a courier, or dead drop, the pad is either secure or it isnt.
This makes physical pads much more useful than digital pads.
Additionally, computer-based One Time Pads are much harder to securely delete and face data remanence issues.
If a One Time Pad is compromised, it can be used to decrypt past messages.
To avoid this, typically a page is destroyed, often burned.
This prevents the key from being reused, or from being discovered.
Assuming a pad is compromised but the destruction practice is followed, past messages cant be decrypted.
Future messages, however, then would be able to be decrypted.
In practice, modern cryptography is typically more than secure enough.
One advantage a One Time Pad has though is that it can be used by hand.
Modern cryptography is very complex and needs a computer to be used efficiently.
During the cold war, spies often used One Time Pads printed on flash paper.
Being made of nitrocellulose, a used page could be very quickly burned without generating any smoke.
A common use case for One Time Passwords is in two-factor authentication.
The One Time Password, doesnt even necessarily have to be unique.
Two-factor codes are often six digits.
One Time Passwords can be somewhat clunky from a user experience perspective.
The passwords need to be securely transmitted and stored, or securely generatable.
Conclusion
In computer security, OTP stands for One Time Pad or One Time Password.
A One Time Pad is an encryption technique that offers perfect secrecy.
One Time Pads can be used by hand though, making them useful for old-fashioned spycraft.
One Time Passwords are secret strings that can be used to log you in.
they can work alongside or instead of a traditional password.
Two-factor authentication is one example of an implementation of One Time Passwords.
