FAQ

Questions that come up often. This page grows from real questions sent through the ask-a-question form on every wiki page.

About the project

Why build this when Signal exists?

Signal, iMessage, WhatsApp and the rest are excellent at what they do — but they run on phones. That means a radio, an operating system, app stores, third-party servers, and the cloud. Any one of those is something an attacker can target without ever touching the cryptography. The OTP gadget removes the phone (and everything that comes with it) from the equation.

If your threat model doesn't include any of those routes, Signal is more convenient and the right tool. This gadget is for the cases where you specifically don't want a phone in the loop.

Why a one-time pad and not, say, RSA or ECC?

A correctly used one-time pad is mathematically unbreakable — no clever attack, no future computer, no quantum machine breaks it. Public-key crypto is breakable in principle; we just don't know how to do it efficiently yet. For a device intended to outlive whatever computers exist in 50 years, the OTP is the more conservative choice.

The trade is that you have to physically exchange a card to set up a contact. Public-key crypto doesn't need that. For two-person private channels, the in-person exchange isn't a deal-breaker.

Is the case design free too?

Yes. As of May 2026 the entire project is open source - firmware, protocol, parts list, assembly notes, slicer settings, and the printable case .3mf files all live in the public repo. Nothing about the design is paywalled.

The project is funded by donations on GitHub Sponsors and (once demand justifies it) by sales of fully-compliant built units. If you build one and find it useful, chipping in is appreciated but never required.

About using it

How long does the pad last?

5 MB of send pad and 5 MB of receive pad per contact. At ~500 bytes per message including overhead, that's roughly 10,000 messages each way per contact before you'd need to re-exchange. For most realistic use, that's years.

Can I have more than one contact?

Yes. There's no hard limit on the number of contacts — each one has its own 5 MB send and 5 MB receive pad on your own card. A 32 GB Class 10 card has plenty of room for many contacts.

Can I send the QR over the internet (text it, email it, etc.)?

Yes. The QR is just ciphertext — it's safe to send over any channel. Photographing it and sending it via WhatsApp, iMessage, Telegram, or email is fine. The point of the gadget is that the encryption doesn't depend on those channels, not that the channels can't be used.

What you give up by sending over an internet channel is metadata privacy (the fact you're talking to someone) and delivery resilience (the channel might be blocked). The contents stay private either way.

Can the same gadget exchange keys with multiple people?

Yes. Each contact gets its own pair of pads, exchanged separately during a one-time in-person ceremony. There's no global "master key" the gadget shares with anyone.

What happens if I lose my gadget?

If the finder doesn't have your PIN, they can't read anything on the card — it's encrypted at rest. They could try to brute-force the PIN, but the on-device cooldown (doubling after 5 wrong attempts and surviving reboots) makes that infeasible.

If you saved your device_secret on first boot, a replacement gadget can read your card via the device-secret restore flow — but only if you still have the card itself (it sits in the gadget's internal slot, so losing the gadget usually means losing the card too). Lose both, and the contents are gone for everyone, including you.

What happens if I lose my SD card?

If you also lose the gadget, see above. If you lose just the card (it falls out, you forget it on a train), an attacker would also need your gadget and your PIN to do anything with it. Without either of those, the card is opaque.

That said: lost-card scenarios are why "Burn after reading" exists. With it on, the receive-pad bytes for a message are scrubbed right after you read it, so the gadget can no longer decode that ciphertext — a recovered card can't be replayed back to you to reveal old messages.

About the build

Do I have to build two gadgets?

Yes. A single gadget on its own has no one to talk to. The minimum useful build is a pair — one for you, one for the person you'll exchange messages with.

Can I buy a built one?

Not yet. Built units aren't shipping — pricing, batch size, and EEA compliance are still being finalized. The product page takes notify-me signups (no charge) and emails you once reservations for built units open. If you don't want to wait, the whole project is open source and you can build one yourself today.

How long does a build take?

Plan on an evening per device once parts and prints are ready. Ordering parts is the long pole — two to three weeks of shipping is normal for the AliExpress parts.

What if I'm not confident with soldering?

The only through-hole soldering is the six pins on the SD breakout, plus (depending on your battery cable) the two battery wires onto the MX1.25 connector — no surface-mount, no fine-pitch. The QR scanner needs no soldering. If you've never soldered before, watch a 10-minute video and you'll be fine. Worst case, sign up to be notified when built units are available instead.

Asking a question

If your question isn't here, use the form on any wiki page. Common questions land here over time.

Ask a question

Missing something?

Send a question about this page. Useful questions may become FAQ or troubleshooting entries later.

Pinned to 0e7c8e4 · 2026-06-02