Editing One-time pad (section)

===Key distribution===
{{further|Key distribution}}

Because the pad, like all [[shared secret]]s, must be passed and kept secure, and the pad has to be at least as long as the message, there is often no point in using a one-time pad, as one can simply send the plain text instead of the pad (as both can be the same size and have to be sent securely).<ref name="schneierotp"/> However, once a very long pad has been securely sent (e.g., a computer disk full of random data), it can be used for numerous future messages, until the sum of the messages' sizes equals the size of the pad. [[Quantum key distribution]] also proposes a solution to this problem, assuming [[Fault tolerance|fault-tolerant]] quantum computers.

Distributing very long one-time pad keys is inconvenient and usually poses a significant security risk.<ref name="Numbers Stations"/> The pad is essentially the encryption key, but unlike keys for modern ciphers, it must be extremely long and is far too difficult for humans to remember. Storage media such as [[thumb drive]]s, [[DVD-R]]s or personal [[digital audio player]]s can be used to carry a very large one-time-pad from place to place in a non-suspicious way, but the need to transport the pad physically is a burden compared to the key negotiation protocols of a modern public-key cryptosystem. Such media cannot reliably be erased securely by any means short of physical destruction (e.g., incineration). A 4.7&nbsp;GB DVD-R full of one-time-pad data, if shredded into particles {{Convert|1|mm2||abbr=on}} in size, leaves over 4 [[megabit]]s of data on each particle. {{citation needed|date=November 2010}} In addition, the risk of compromise during transit (for example, a [[pickpocket]] swiping, copying and replacing the pad) is likely to be much greater in practice than the likelihood of compromise for a cipher such as [[Advanced Encryption Standard|AES]]. Finally, the effort needed to manage one-time pad key material [[Scalability|scales]] very badly for large networks of communicants—the number of pads required goes up as the [[Quadratic growth|square]] of the number of users freely exchanging messages. For communication between only two persons, or a [[star network]] topology, this is less of a problem.

The key material must be securely disposed of after use, to ensure the key material is never reused and to protect the messages sent.<ref name="Numbers Stations"/> Because the key material must be transported from one endpoint to another, and persist until the message is sent or received, it can be more vulnerable to [[computer forensics|forensic recovery]] than the transient plaintext it protects (because of possible data remanence).