A one-time pad generated correctly and used correctly will remain highly secure, provided you have a highly secure means of sharing the key material. There's a lot rolled into those assumptions.
At the same time "highly secure" is significantly underselling it. One time pads (if properly implemented) are information-theoretically secure. Even if you solve P=NP your one time pad will not be cracked. It is safe against an adversary with both infinite time and infinite compute.
And the cost is that one-time pads are a royal pain in the ass. But if you're willing to pay that price without cutting corners, you get a completely unbreakable crypto system that will laugh in the face of the NSA and quantum computers.
In fairness, quantum doesn't really help against normal crypto (of the type that is being discussed - symmetric). AES-256 will also laugh in the face of QC.
TBH, I think "highly secure" might be overselling it. Yes, assuming you're generating random numbers well, there's actually zero chance your security will be breached because of an attack on your encryption algorithm. But there's not actually zero chance that your random number generation is flawed, and (very much more important) the cost is in making harder the pieces of your system that are probably more likely to fail in the first place. And of course you're still potentially vulnerable to traffic analysis and such even if all the rest goes right.
> But there's not actually zero chance that your random number generation is flawed, and (very much more important) the cost is in making harder the pieces of your system that are probably more likely to fail in the first place.
I don't think it's that hard to get true randomness. Just measure something random in nature like radio static.
There are server cards (or were at least some time ago) with tiny bit of mildly radioactive material, well enclosed of course, and a good sensor for those isotopes/particles.
I've heard other approaches including that static too, ie the famous analog TV without real signal, IIRC its cosmic microwave background, or camera watching water drops fall or similar. There are many other ideas (and probably products too), the only thing is one needs to keep it 100% reliable across long time.
Genuine question: How are those random sources actually used?
I would think that for crypto it’s very important to not just have random numbers, but to have a uniform random distribution. Many natural sources would be either Poisson or Gaussian; if you make an assumption for the distribution you could of course make it uniform, but that assumption would be a weakness if inaccurate or changing over time.
So how is a true random source usually used to ensure uniform random outputs?
A truly random source will yield independent and identically distributed values.
You can take a collection of those values and convert them to an index in the set of all possible permutations of those values. That index will be uniformly distributed in the range of the number of permutations, regardless of the input distribution so long as it's IID.
Once you have a uniform value on a range you can extract uniform bits from it.
See also: Von Neumann's debiasing algorithm.
In practice RNGs use some kind of debiaser, though often they use ones that leave a lot of entropy on the floor. OTOH, stronger debiasers are more harmed by failures to be completely IID (e.g. some inter-output correlation, or the distribution changing over time with temperature).
It’s a well known exercise in prob textbooks (edit: it’s the algo referenced in the other reply) to convert one distribution to another. If you can generate gaussians (or any other distribution) you can generate uniform variates. It’s a very simple application of rejection sampling that involves some efficiency loss, but that’s irrelevant at the time you’re getting your OTPs.
Perhaps not, but truly secure randomness is much harder. If someone else can measure the same thing you're measuring then it doesn't matter if it's random. If they can influence what you're measuring that's even worse. In the case of radio static, for example, your RNG could be compromised by a another compromised device simply colocated nearby.
In the event your adversary knows so much about your procedures that they can tune into the radio used to generate randomness, presumably it would be much easier just to steal the piece of paper the pad is written on.
Which does kind of further your point that one time pad makes more secure the parts that are already incredibly secure, while not helping the real weaknesses of cryptosystems i.e. the human element.
A one-time pad generated correctly and used correctly will remain highly secure, provided you have a highly secure means of sharing the key material. There's a lot rolled into those assumptions.