One-time Pads Largely Misused and Unnecessary

Insightful post on Freedom To Tinker about a startup that is basing their messaging app on one-time pads. It’s another great example of people ignoring the ‘hard’ part of the crypto problem (key exchange, implementation bugs, etc.) and instead trying to improve the parts that work the best (cryptographic primitives), all the while introducing new vulnerabilities (eavesdropping during key exchange, side-channel attacks). We’ve seen this sort of approach before, and the early results weren’t good. Reinventing your own approach to crypto is almost never a good idea.