Short answer: don't worry. AES-256 is currently a secure scheme.
Long answer: If your reference to a "pad" is to the reuse of a so-called one-time pad scheme, that's a very different cryptographic system than what's typically used now, and the attacks against a reused one-time pad are different sorts of cryptographic attacks.
If you're using a one-time pad for a whole disk, you either need a ginormous one-time pad that's itself as big as the disk, or you'll get data that's repeated; a typical disk has great wads of zeros and ranges of blocks of zeros, after all.
In modern systems, it's quite common for the same private key to be used for thousands and even millions of messages, when asymmetric encryption is used.
Now I don't know which encryption algorithm is currently being used to encrypt DMGs, but I'd suspect it's still AES-grade encryption.
AES works very hard at making the results of the encryption process as close to random as it can manage, which reduces the exposure to frequency-based attacks. (This is also why effectively-encrypted data can't be compressed; there should be no repeats.) This randomness is part of the basis for the attacks against the one-time pad; that the output of the pad - the encrypted data - if the one-time pad is re-used - isn't really random. Particularly if you know (or can guess) some of the cleartext, too. Or those big blocks of zeros.
Now the other central discussion here is around how much somebody would pay to decrypt your data. Because if your data is worth enough to the attacker, then there can potentially be other ways to attempt to gain access, even if AES itself isn't breached.
If you're storing some very valuable data (worthy of attacks), then receiving guidance from some yutz like me in an Apple forum probably isn't in your best interest. But if you're not storing miltary-grade, or financial secrets, or identifying medical data, or credit card data, then AES-256 will do nicely. And even if you are, AES-256 might be enough. But check with the crypto and legal folks for details, or with your site security officer.
And as was correctly noted in an earlier reply, if a password is used once, and once known, an attacker will try it against other systems and servers. This being another common form of re-use.
If you're interested here, then get one or two of Bruce Schneier's books on crypto. If you don't already have them.