A truly random key in the Vernam cipher must be completely unpredictable, with each bit generated independently of the others and with equal probability of being 0 or 1. This level of randomness ensures that there are no patterns or repetitions that an attacker could exploit. To achieve true randomness, the key must be generated using a true random number generator (TRNG), which relies on unpredictable physical processes such as radioactive decay, electrical noise, or atmospheric noise. These sources provide entropy that cannot be replicated by algorithms, unlike pseudo-random number generators (PRNGs), which are deterministic and thus unsuitable for generating one-time pad keys. If a PRNG is used, the key can potentially be predicted or reproduced, undermining the cipher's mathematical security. Therefore, for the Vernam cipher to remain perfectly secure, the randomness of the key must be derived from physical processes and not generated through any algorithmic method or formula.

Key distribution is one of the biggest hurdles in cryptography because both sender and receiver must have access to the encryption key without it being intercepted. For the Vernam cipher, this challenge is amplified since the key must be as long as the message and used only once. Transmitting or exchanging such large keys securely can be logistically difficult, particularly over insecure networks. If an attacker intercepts the key, they can decrypt the message with ease, defeating the purpose of the encryption. Unlike public-key encryption systems, which allow secure key exchange using a pair of mathematically related keys, the Vernam cipher offers no built-in method for key exchange. As a result, key distribution for the one-time pad often requires physically transporting the key, which is impractical for frequent communication or large data volumes. This makes it unsuitable for common internet communications, where scalable and efficient key distribution is essential.

Yes, the Vernam cipher can be implemented in digital systems, especially because its XOR operation is naturally suited to binary data, which computers use internally. However, the main technical limitation is the management and secure storage of the one-time keys. For every message, a new key of equal length must be securely generated, stored, and synchronised between the sender and receiver. This requires significant memory and infrastructure, especially if large amounts of data are being encrypted. Moreover, ensuring true randomness from hardware random number generators adds complexity to system design. There's also a risk of key reuse due to programming errors or hardware failures, which would immediately weaken the system's security. Additionally, real-time generation and delivery of keys at the necessary scale is a logistical challenge. These constraints make it impractical for general-purpose computing and communication, where more efficient, albeit computationally secure, encryption algorithms are preferred.

If the same key is reused in the Vernam cipher, the encryption becomes vulnerable to a form of attack known as a two-time pad or key reuse attack. This is because XORing two ciphertexts that were encrypted with the same key will cancel out the key, revealing a combination of the two original plaintexts. Mathematically, this is expressed as:
C1 XOR C2 = P1 XOR P2
where C1 and C2 are ciphertexts, and P1 and P2 are their respective plaintexts. Once P1 XOR P2 is known, an attacker can perform a crib dragging attack—guessing common words or phrases in one plaintext and seeing if they produce sensible output in the other. This technique can eventually reveal both original messages, especially if the plaintexts are in predictable formats such as emails or documents. Therefore, key reuse completely destroys the mathematical security of the Vernam cipher and must be strictly avoided in any implementation.

While encryption is primarily associated with confidentiality, it also plays an important role in authentication and data integrity. For authentication, encryption can be used in protocols that verify the identity of the sender. For example, digital signatures rely on encrypting a hash of the message with a private key, allowing recipients to verify the sender’s identity using the corresponding public key. This proves that the message genuinely came from the claimed sender. For integrity, encryption is often combined with hashing algorithms or message authentication codes (MACs). These produce a unique digest of the original message, which is sent alongside the ciphertext. If the data is altered in transit, the hash or MAC no longer matches upon decryption, alerting the receiver that the message has been tampered with. In these ways, encryption supports secure communication not just by hiding information, but by ensuring it has not been altered and that it came from a legitimate source.