One Time Pad encryption is a very secure yet strict system. Given that one strict rule is adhered to, it cannot be cracked. That one rule is never use a PAD Key more than once. If the cyphertext and plaintext are aquired at once, the One Time Pad can be determined and if that key is used again for future messages, those encrypted messages can be easily compromised.

A PAD Key is a fixed-size array of random numbers used to Exclusive-OR against a corresponding value in a equally sized plaintext array. Since the Key is different each time for each message, and if the means through which the random values are determined not a fixed algorithm or based on a pre-determined value, there is no way to determine what the cyphertext is decrypted into. Even based on assumptions, there is no way to be sure and the number of potential results are astronomical.

One Time PAD Key encryption and decryption are built into Blackbird and there is also an auxiliary program called MINK that is used to generate these PAD Keys. MINK (Mersenne Induced Numeric Keys) can generate one time PAD Keys, and encrypt them too of desired. It is also used to manage the status of those keys over time.

You should keep in mind that knowledge of MINK is good to have, though you might never use it if the files containing PAD Keys was given to you. Some arrangements of PAD Key may require only one party produce the keys and securely distribute them. Even then, you can use MINK to keep track of the status of each sequence.

MINK - Pad Key Generation and Management Program

MINK is a Java application that, once compiled properly, comes in the form of an executable jar file. On most systems with a Java runtime, it can be launched by double clicking or the command line java -jar MINK.jar. Once launched, MINK is directed via the menu items.

The Generate PAD Sequences option displays a panel that lets you generate and, if desired, encrypt the PAD sequence. A "sequence" in this case is a matter of design in how Blackbird uses the PAD Keys. Each and every PAD Key gets a unique sequence number to that creation session. These are not sequential, but random in generation, and a very large number that has little likelyhood of being repeated. To use this panel, you tell it how many PAD Keys you want to generate, and how large the actual key is. The size of the key is important, because typically in One Time Pad, the encryption key must at least be the same size of the plaintext. If it's too small, the system will reject it. You can use a key that is larger than the message, and the remaining key is simply not used.
Here is the PAD Key Generation Panel:

You tell it how many sequences you want, and the size of the keys, and hit the "Generate" button. The field that you entered the numer of keys in should turn green (wait for it). The key size is "rounded up" to the nearest higher multiple of 16. If you enter a key size of 30, for example, it will automatically go to a size of 32 bytes (32 characters). This is done to accomodate block encryption of the actual Keys if the option is used.
Speaking of that option, if you select the "Encrypt PADs in Output File" checkbox the panel expands:

With the expanded panel, you can enter a password you want, or have MINK automatically generate one for you. You can have a password as large as 32 characters, and a strong password is highly recommended! If you use simple passwords of your own, brute force hacking will be possible and they can do a typical password in a matter of minutes! If you have MINK generate a password for you, it will be very long and complicated and of the sort that you will have to save to a file somewhere. There is evidently some compromise here. The random key generation of MINK will create a password for you that will be impossible to crack, but something more usable is certainly less secure. You have to decide. When using this option, MINK will encrypt only the PAD Key itself, not the file that contains them. The sequence number and other fields of each key will be the same. The only way to use the keys to decrypt data will be to know the password to decrypt the keys when they are loaded into the Blackbird applet (more on that later).

From this point, you can choose to save to file by browsing to it, typically, or you can click save. By default, if the PAD Keys are encrypted, the file name, unless you change it, will be "PAD.encrypted". Otherwise the file name by default will be "PAD.plain". If you create plain or encrypted PAD Keys, you can do one, select or deselect the checkbox, and then save a new encrypted or decrypted version of the same PAD Keys. Having encrypted and plain versions of the same keys is a need you decide for, over decisions you make. Using these buttons will invoke the typical File dialogs of the operating system.

The next option is about opening and displaying the PAD Key files.

This is for opening or decrypting existing PAD Key files. You can take an encrypted PAD file and make a decrypted version, given the password. Or you simply open a PAD Key file that is not encrypted and display it in the window. The "Save Decryption" option automatically creates a file with decrypted PAD Keys.

The PAD Key Update option is for updating an existing PAD Key file that you are already using. If you load PAD Key data into a Blackbird applet and use it for decrypting messages, and you use the same "batch" of keys to encrypt some messages, how do you save the status of those keys? Blackbird has indication of whether or not a Key is already used to encrypt, or decrypt, or both, but you may have a PAD Key file on hand in which you need to keep track of their usages. One of Blackbird's menu options, to be covered later, will allow you to dump the status data of a collection of PAD Key sequences into a text area provided by the applet, and you can paste that into the field in MINK and press the "Update" button.

When the "Update" button is pressed, a file dialog will appear. Direct MINK to the SAME PAD Key file that you loaded into the Blackbird applet. This will update the data file. Next time you open and load that file into Blackbird, the encryption control panel for PAD Key encryption in the Blackbird applet will indicate which sequences you already used to encrypt previous messages, and which have already decrypted. The best recommendation to make is to always use a sequence once, for either encryption or decryption, seldom for both, and never twice.

Blackbird PAD Key Encryption in the Applet.

Using PAD Key encryption and decryption in Blackbird is not difficult. Given a file with sequences, it's only a matter of opening that file, copying the entire contents and pasting it into the PAD Load panel of the applet. You can encrypt and decrypt messages with that set of sequences, and when done, you can (highly recommended) dump the status of the sequences from the Applet and use MINK to update the the information stored for each sequence in the same file you got the sequences from.
Here is such a session:

Let's assume that Bob creates a set of PAD Key sequences, the keys themeselves encrypted with the weak password "blackbird", and this file along with the password is given to Alice during a secret meeting in a dark alley somewhere. This means that Bob will be able to load and decrypt his PAD Key sequences into a Blackbird applet, and Alice will be able to do the same and decrypt Bob's messages online. Alice can also encrypt messages from the same batch of sequences.

The first thing Bob does is open the web page that has the Blackbird applet. Perhaps it's a blog or web forum? Either way it does not matter. The first thing Bob does is right-click the applet and pull up the action menu and select :

This will pull the PAD Key load panel for Blackbird:

Note that the password entry box says "if needed". If the PAD sequences are not encrypted, then leave it blank. Note that you can load encrypted PADs and leave the password blank, and the sequences will still be loaded but not decrypted. They can be decrypted later when actually used individually.
The next thing that Bob will do is open his PAD Key file, in this case it has the default name given to it by MINK when it was created, "PAD.encrypted". All Bob does is open it with a text editor, select the entire contents of the file (such as with CTRL-A), and then copy (CTRL-C).

Then this data is now pasted into the PAD entry field of the applet dialog, and the "Load" button is clicked:

When that is done, the panel will indicate success or failure, and if the keys were decrypted. It matters not if the password was correct or not. If the password was wrong it still loads, they just won't be right. The exit button is the last thing to hit.

Now with a set of sequences loaded into the applet, it's time for Bob to encrypt something. The next menu option for PAD Key Encrytion from Blackbird's menu opens a panel that Bob can use to select a PAD Key sequence specifically and encrypt a message.

This will launch the control panel for using PAD Keys to encrypt data. Notice that there is also a password field? Since in this demo the sequences were decrypted on load into the applet, there is no need to enter the password again. Notice also that a sequence is selected and the information about that sequence is displayed below? This information is importan to Bob, because the size of the key determines the maximum length of his message. If he needs a longer message, he could create bigger keys (but will have to meet Alice in the dark alley and give her the copies again).

Also to be noted are the fields marked "Previously used to encrypt" and "previously used to decrypt". When PAD Keys are loaded, it triggers a check against the Document Object Model of the web page and Blackbird will seek out messages encrypted with PAD to decrypt, and if a loaded sequence is used to decrypt an existing message, it will be indicated here. Before Bob encrypts a message, let's assume that the sequences did not get decrypted when loaded. If that is the case, the load panel will look like this after loading:

And the Encryption panel will, when selecting a PAD Key sequence, look like this:

Notice that this time it's a little different? This time, if Bob wants to properly use the original key, he must now enter the password to decrypt the key in the entry box. If Bob loaded multiple sets of sequences with different passwords used to encrypt specific sequences, he will need to have kept track of which sequence was encrypted with what password. The information for the selected sequence is also a little different, with indication of that the sequence is encrypted, and with what algorithm as well.

Pressing on, a message is typed into the plaintext entry field, and the "Encrypt" button pressed, the encrypted data entry is created. It must be copied and pasted into the web page, or entered in a form that allows the < > tags. The entry contains the list of values representing each encrypted byte - the "list of numbers", and the sequence number.

What gets copied from the panel and put online would look like this:

Now Bob wants to make sure he does not encrypt another message with that sequence again. So after posting that message, he then selects the third PAD Encryption option of the action menu.

The panel comes up looking like this

Just clicking on the field makes the applet dump the usage data into this field where it can be copied into the "clip board" (memory). However the field will not change to notify you of that, so be sure it's in the system clipboard before closing this panel. On some systems, changing that text in the panel will dump that new text into the system clipboard. Once you left-click on this text area, the panel will instruct you to right-click on it to put the data into the clipboard. If MINK is not available at the time, this is basic text data that can be saved to a file and used later on.

This information is then used with MINK to update the original PAD Sequence file from whence comes this collection of sequences, so that the next time is it loaded, Bob will know if he used it before.

Clicking "Update" at this point will allow Bob to "surf" to the original file and the file is updated this way.

Meanwhile...

Alice, also having the file of PAD Key sequences, and the password to decrypt the keys, is going to pull up that web page that Bob posted to on his browser, using her own browser to decrypt and display those messages. Alice's steps to this process are similar to Bob's. She will also open her file, select to load PAD Keys from the Blackbird applet's menu, and load the sequences, decrypting them with the password. Note that when first pulling up the web page, Bob's message appears, but it's encrypted and in the number list form, other not readable.

When Alice loads the keys from her copy, this will trigger the applet to go through the web page and decrypt that message from Bob.

From this point, keep a few things in mind: when Alice decides to encrypt a message, if she selects that sequence, the information will show that she already decrypted a message with the selected sequence, this happens once she clicks on the sequence number in the encryption control panel. She should also dump the status from the applet and use MINK to keep the status of her sequences up to date. The goal here is to avoid reuse of PAD Keys. If she sees she already decrypted a message with a given sequence, she should not encrypt a response with that key. She could select a new key. Meanwhile, Bob will decrypt messages from Alice, and using his control panel, will also adhere to the same rules. Though likely they might use a sequence at the same time, a sequence that has gone in both directions is still likely not to get used again if they adher to the rules.

Where does Eve figure in? Well, Eve might be able to put on her ninja-suit and spy on Alice and Bob in the alley. If she manages to get the password to decrypt the keys, she still does not have the PAD Key sequences on hand to use. Of course if Bob did not encrypt the sequences, there need not be any word between Bob and Alice. In either case, Eve will still need to try to steal the PAD sequences from either Bob or Alice. But suppose the PAD sequences are encrypted but neither Bob nor Alice spoke of a password, having agreed on it at another time when Eve was not watching, or perhaps Bob intends for Alice to keep the sequences and will learn the password at a later date when he starts using the sequences. Eve might break into a computer where the sequences are kept and steal the file, but the sequences are not useful without the password. Eve will still have to work hard to get that password, somehow, when Bob sends it to Alice. Encrypting the sequences is only an added layer of protection if the files are stolen (by Eve) and/or Bob wants to control when the sequences are used. If Alice and Bob are sure that nobody else has the sequences, they can even publicly broadcast the key over an unsecure channel. If the sequences are never encrypted, then only physical security, such as being hidden under a log or locked away in a safe, can protect them. Also, if Alice never intends to encrypt messages with the file Bob gave her, she need not track status of the sequences, and leave the avoidance of reuse up to Bob. If Eve is intercepting only the encrypted messages, she might be able to get a hold of a decrypted message somehow. Given the plaintext and the cyphertext, she can determine what the PAD Key was, and her only hope then is that Alice and Bob are not being careful and reusing PAD Key sequences. If either of them does, Eve will be able to decrypt the message.

And that's how One Time Pad is implemented in Blackbird. On the creation of both Blackbird and MINK, Twofish is used but as time goes on and encryption algorithms are added to the project, there will be more options.