Say you have a picture with 1 megapixels taken at random and with 2 24 possible
ID: 650330 • Letter: S
Question
Say you have a picture with 1 megapixels taken at random and with 224 possible colours per pixel (RGB-24). That image would be unique and the possible combinations (224)10^6 immense.
However when taking a picture in the real world, say of a clear sky, there will be a lot of repetition.
The question is: would such repetition present a security risk when used as a one-time pad, where the requirements of randomness is so high?
My hunch is that it is, as true randomness would require the possibility of all pixels being #FF0020 or whatever, but I would like to be proven right or wrong.
If I've been unclear at some point, please let me know and I will edit my post.
Explanation / Answer
No. This is not safe. The one-time pad requires that the pad be generated by a true-random process, where each bit of the pad is chosen uniformly at random (0 or 1 with equal probability), independent of all other bits.
Any deviation from that, and what you haven't is no longer the one-time pad cryptosystem -- it is some kludgy thing. In particular, once you deviate from that requirement even a little bit (and you're talking about a huge deviation), you are skating on thin ice and there will probably be security problems with your scheme.
If you're gonna use the one-time pad, you gotta use it exactly as it is defined, with a truly-random pad. There are no shortcuts, no halfway stuff. Messing around with this sort of thing is exactly what enabled the US to cryptanalyze Soviet use of a "one-time pad" in the VENONA project.
But in practice, you probably don't want to use the one-time pad anyway. The key management issues are enough that it is rarely a good choice in practice.