UK code breakers drop Bombe, Enigma and Typex simulators onto the web for all to try UK signals intelligence agency GCHQ, celebrating its centenary, has released emulators for famed World War II-era cipher machines that can be run within its web-based educational encryption app CyberChef. "We've brought technology from our past into the present by creating emulators for Enigma, Typex and the Bombe in # …
Remember after running these apps you have to destroy the device in the government-approved way.
I touch upon cryptography in my course "Introduction to Computing Science", and might well put up links to this code for students to have a play around with it.
Donning my tinfoil hat: this might be a decoy, without any back doors, to lead people on a wild goose chase through the code on GitHub, while the REAL back doors are quietly inserted through other means.
@Michael H.F. Wilkinson - "Donning my tinfoil hat: this might be a decoy, without any back doors"
Isn't inserting a back door, or searching for one, a bit of a waste of time when they've also released Bombe code?
[wanders off shaking head sadly, to get coat]
Unless it's a double-bluff!
[exits quickly]
“Enigma machines turn text into ciphertext and back again; they were used by the German military, among others, to encrypt and decrypt messages during the Second World War.”
And any WW2 enigma msg can be cracked in minutes using a current desktop computer. What's the difference between ‘rotor ring settings’ and ‘rotor initial value’ ref?
You can feasibly explore the key space with a modern computer.
But the encryption doesn't contain any hash checks or magic numbers so can you determine you have cracked it - except by getting a plausible plain text message in German?
If the message was the stream of buzzword filled gibberish sent out by say the MoD is response to questions about its latest IT fiasco would you know you had solved it?
The thing here is, that an encrypted Enigma message will have a mostly flat distribution of all of the letters, and an incorrectly decrypted message will show the same mostly flat distribution. A correctly decrypted message, however, will show peaks and troughs representing the distribution of the various letters in the original plain text. Read about William Friedman's index of coincidence for more details.
The core of the rotors is not permanently attached to the ring around the outside with the letter indicators. Instead there is a dot marking position 1, and a spring-loaded catch that allows the letter-ring to be rotated so that the dot can be positioned at a different letter. The 'rotor ring setting' is the letter pointed to by the dot.
The 'rotor initial value' is then the letter that is chosen by the operator for this rotor, for this message. After installing the rotor into the machine, the whole unit (core and letter-dial) would be rotated using the thumbwheel on the edge.
Why have an adjustable 'ring setting'? It allows the same initial value to be used on consecutive days, but actually mean a different enciphering setting. It also allows the changeover position - where the wheel causes its neighbour to rotate - to be moved relative to the wiring: the changeover position is at a fixed place on the letter wheel rather than the core.
The breaktrough moment was when the Brits realized that the Germans left them bread crumbs. The closing line was the give away which was always "Heil Hitler". Once someone realized this, the rest was easy by comparison. Still, IMO it was a massive and great achievement..
That was really my question.
Was the flaw in enigma enough to crack it or was it only possible due to poor opsec?
The user error stories are legendary. The guy who used HIT/LER as the initialising codes everyday for the whole war, sending the same weather reports in enigma+merchant codes everyday, highly formulaic greetings and sign offs etc
(sorry to hijack thread, posted replay by mistake)
> Was the flaw in enigma enough to crack it or was it only possible due to poor opsec?
I guess without the cribs, the answer would be no, at least not with the technology available at the time, a massive achievement all the same. I read somewhere they dismantled the equipment at the end of the war and shipped it off to the US. If they'd commercialized the technology then silicon valley could have happened here.
Thanking you @Mike Dimmick:
@Mark 85: Using "Heil Hitler" to close the msg must be an urban legend. I read somewhere that the cribs or clues were gotten as the initial key was repeated twice and the msgs used similar phrases for weather reports and enemy sightings.
The technology was also kept in the UK - evidence of this is the great strides the UK made in computing in the 1950s.
However the WW2 work was kept hyper secret for decades which included the technology used as we didn't want others [mainly the Russians] to know that the capability existed.
Computing was greatly boosted in the US by the torrents of money pouring into the various weapon programs in the US in the 1950s and also the space program in the 1960s - something that did not happen in war-exhausted and financially buggered Britan. When the Goverment basically pays for all your R&D it's piss-easy to then bring out commeral products.
At the end of WW2 the US emerged as a financial and military superpower with it's economy and industry firing on all cylinders - whereas the UK was bomb-damaged and almost bankrupt.
The Americans were also relatively open about what they did to break the Japanese codes and ciphers, apparently fallout from the inquiry on why Pearl Harbor happened. It's described in "The Codebreakers", which was first published in 1967, before any Enigma revelations, and references to NSA/GCHQ collaboration were cut out. The book also didn't go into great detail about the methods used to crack the Japanese system. It mostly just revealed how much of the Japanese signal traffic was being read, and quickly enough that the Americans were reading the effective declaration of war before the Japanese Embassy in Washington.
>However the WW2 work was kept hyper secret for decades which included the technology used as we didn't want others [mainly the Russians] to know that the capability existed.
The Russians knew all about it Cairncross was their man at Bletchley and this was certainly known by 1951 - but probably earlier. Additionally many of the Polish servicemen at Bletchley returned home and continued in Naval Intelligence behind the curtain.
Secrecy was important as after the war US/UK govs sold many thousands of machines to friendly governments so they could communicate 'securely'.
The repetition of the initial key in its encrypted form was indeed enough for Polish mathematicians to determine many details concerning the Enigma, and enabled them to design and have built some very interesting machines, including one called a "Bomba" which is a precursor to the much better known Turing-Welchman "Bombe".
@Walter Bishop
"Using "Heil Hitler" to close the msg must be an urban legend. I read somewhere that the cribs or clues were gotten as the initial key was repeated twice and the msgs used similar phrases for weather reports and enemy sightings."
There were lots of crypto-cockups exploited; it's very tricky to crack decently encrypted messages unless someone's made an exploitable mistake. One I recall reading about and found on-line was this:
<http://home.bt.com/tech-gadgets/cracking-the-enigma-code-how-turings-bombe-turned-the-tide-of-wwii-11363990654704>
"In one example the Atlantic weather forecast, which was written in the same format each day, was crucial. Location-detecting equipment in listening stations allowed codebreakers to find where a message was originating from and, if it matched up with the positioning of a weather station, it was likely that the word “wettervorhersage” (weather forecast) would be both present and in a similar place in every message."
IIRC, only the German navy used four rotor Enigma; other German users thought three rotor Enigma was secure, which was not the case.
"Enigma, the battle for the code" by Simon Sebag-Montefiore is a fascinating account of how much of the cracking of naval Enigma traffic was enable by "capture of ships and U-boats and their codeboks [...] and the betrayal of his German homeland by the Enigma Spy." - "Without for a moment belittling the work of Alan Turing and his team of eccentric codebreakers."
Apparently, cracking four rotor naval Enigma traffic relied on having access to cribs or other captured German material:
<https://uboat.net/technical/enigma_breaking.htm>
says that even four rotor Enigma was being generally read within 24 hours from September 1943 onwards, due to the introduction of 4 rotor bombes in June and August (plus, one assumes, the application of many clever brains and some captured material).
The above link contains lots of interesting stuff, including:
"Hut 8 suffered a massive reverse on 1 February 1942 when a new Enigma machine (M4) came into service on Triton (codenamed Shark by Hut 8), a special cipher for the Atlantic and Mediterranean U-boats. The combination of M4, Shark and a second edition of the Wetterkurzschlüssel proved devastating. Bletchley Park became blind against Shark for over 10 months. Fortunately, M4's fourth rotor (beta) was not interchangeable with rotors I to VIII. Beta increased M4's power by a factor of 26, but rotors could still only be mixed in 336 (8x7x6) different ways - not 3,024 (9x8x7x6).
At one setting of beta, M4 emulated M3, which was M4's undoing. Three members of the British destroyer HMS Petard seized the second edition of the Wetterkurzschlüssel from U-559 on 30 October 1942, before it sank near Port Said. Hut 8 once again had cribs, which it could run on three-rotor bombes, the only type available. The U-boats were using M4 in M3 mode when enciphering the short weather reports. A three-rotor bombe run on 60 rotor combinations therefore took only about 17 hours instead of the 442 hours (18 days) required if M4 had used its full potential."
<https://www.bbc.co.uk/news/magazine-17486464>
has an interesting little tale about the work by Dilly Knox a classicist who had been working on breaking ciphers since World War I) on cracking Spanish Enigma messages in 1936, which I'd never heard of before now.
Finally, I recall reading somewhere that one mistake made by the Germans in using Enigma was, when they sent a message and were asked to re-send because of a communication problem (i.e., the radio message hadn't been received clearly, or a mistake was found in the source plaintext when the message was decrypted), the message would be re-sent with the same Enigma machine settings. If the problem was in fact an error in the source plaintext (typically an operator typing error), then the second message would be the nearly-but-not-quite-the-same as the first one, and apparently that's as good as having a crib to work from.
Designing the Enigma to never encrypt a letter as itself is a boneheaded move that shows up in large organizations' password policies. (Can't have more than x lowercase letters/uppercase letters/numbers in a row, for example.) Reducing your system's work factor is rarely a good idea.
@Brad Ackerman - "Designing the Enigma to never encrypt a letter as itself is a boneheaded move"
It was a design feature that allowed the same device to be used to encrypt and decrypt. Without it, you'd need two devices, or a much more complex device. I suppose the flaw was not understanding the enemy's cryptanalysis capability and how the weakness could be exploited. If they had, they could have compensated by strengthening the system in other ways, which they did, to some extent.
[CyberChef as "a simple, intuitive web app for analyzing and decoding data without having to deal with complex tools or programming languages."]
seems like they're pointing you to an interesting tool they have put up a while back. if you can stop wwwwwwimpering and read.
" ... pointing you to an interesting tool they have put up a while back. if you can stop wwwwwwimpering and read."
The problem is the 'people who line their hats with tin foil' are afraid to look at the site in case the nice people at GCHQ have riddled it with crafty code to infect all their computers/tablets/phones which will circumvent their 'tin foil defences'. :)
The real problem is they might be correct !!! ;) :)
"Building upon previous Polish work"
The British like to overlook the fact that without the Polish mathematicians and pilots, the inhabitants of the British Isles would quite probably now be speaking German. The way the Polish are treated by the British is disgusting. The two countries should have had a long lasting friendship after the war due to their combined efforts that resulted in the defeat of the Nazis, but no, Britain left the Poles to the mercy of the Russians. So much for gratitude.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
