[Cryptography] One-time pads in modern crypto software?

[Peter Gutmann]

Kristian Gjøsteen <kristian.gjosteen at ntnu.no> writes:

>The attacks on GCM-AES and similar constructions that we have seen discussed
>here lately, almost always reduce to either key management or nonce
>management.

And that would be one reason why you don't want to use TLS with a OTP.  We
can't even get working with 128-256 bits of key + nonce right, how are we
going to deal with OTPs which are nothing but key?

Peter.