All public key crypto-systems, such as PGP and RSA are not theoretically secure, they are only said to be computationally secure. The security of such systems depends on the following problem:
Given a number N, which has only two factors p1 and p2, both prime numbers,N=p1*p2 with p1 and p2 prime,it is computationally difficult (time consuming) to calculate p1 or p2. Essentially, there is always a way to break this code by just guessing p1, and subsequently dividing N by p1. If the result is another prime number (in this case p2), the code has been broken. Of course it's very difficult to guess p1, because N is normally very large, but if a general algorithm is developed for efficient factorization of any large number, then as a consequence RSA, PGP and other similar public key crypto-systems will become useless.
An additional problem with traditional public key encryption systems is the computational requirements for computing and applying keys. For large keys the computational load can be quite onerous even on a fast personal computer. For hand-held devices having a CPU, such as wireless communications devices, the computational load imposed by even moderate key sizes can be prohibitive.
Public key crypto-systems currently depend on an institution—the trusted authority—that distributes some information vital to the whole system. If this institution is not secure, the whole system is not secure. So, the security of all cryptographic exchanges ultimately depends upon the trustworthiness of the trusted authority.
In cryptography, a one-time pad is a system in which a randomly generated secret key is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key. Messages encrypted with keys based on randomness have the advantage that there is theoretically no way to “break the code” by analyzing a succession of messages. Each encryption is unique and bears no relation to the next encryption so that some pattern can be detected. With a one-time pad, however, the decrypting party must have access to the same key used to encrypt the message and this raises the problem of how to get the key to the decrypting party safely or how to keep both keys secure. One-time pads have sometimes been used when the both parties started out at the same physical location and then separated, each with knowledge of the keys in the one-time pad. The key used in a one-time pad is called a secret key because if it is revealed, the messages encrypted with it can easily be deciphered. One-time pads figured prominently in secret message transmission and espionage before and during World War II and in the Cold War era. On the Internet, the difficulty of securely controlling secret keys led to the invention of public key cryptography.
Typically, a one-time pad is created by generating a string of characters or numbers that will be at least as long as the longest message that may be sent. This string of values is generated in some random fashion—for example, by using a computer program with a random number generator. The values are written down on an electronic pad or database and are distributed to any device that may be likely to send or receive a message. In general, a pad may be issued by a trusted authority as a collection of keys, one for each day in a month, for example, with one key expiring at the end of each day or as soon as it has been used once.
When a message is to be sent, the sender uses the secret key to encrypt each character, one at a time. If a computer is used, each bit in the character (which is usually eight bits in length) is exclusively “OR'ed” with the corresponding bit in the secret key. (With a one-time pad, the encryption algorithm may be implemented simply by using the XOR operation.) Where there is some concern about how truly random the key is, it is sometimes combined with another algorithm such as MD5. This kind of encryption can be thought of as a “100% noise source” used to mask the message. Only the sender and receiver have the means to remove the noise. Once the one-time pad is used, it can't be reused. If it is reused, someone who intercepts multiple messages can begin to compare them for similar coding for words that may possibly occur in both messages.
However, the one-time pad system suffers from the same problem as public key crypto-systems in that a trusted authority must be established to secure and distribute pads.