A fine piece of German engineering
and a strong lesson to never make use of security by obscurity.
A Second World War cryptography artifact – a 1944 Enigma M4 machine – has sold at auction for £347,250 ($436,000). Christie's, which handled the sale, did not reveal the identity of the buyer of the crypto-device. This box is a particularly interesting one as it is one of the later, and more complex, bits of German Enigma kit …
Yes, enigma doesn't rely on obscurity.
Capturing a machine helped verify the mathematical approach to cracking it but didn't make it any less secure.
Given enough sample data and probable plaintext sections the sole weakness, that a letter can't be encrypted to itself, allows you to crack it without exploring the full key space
But the real failure, like all security systems, is that it was mainly used by idiots
Given enough sample data and probable plaintext sections the sole weakness, that a letter can't be encrypted to itself, allows you to crack it without exploring the full key spaceBut the real failure, like all security systems, is that it was mainly used by idiots
Apparently there was an unimaginative German post somewhere that always sent exactly the same status report every day saying basically "Outpost X; we're fine, no contact with the enemy etc etc etc".
Since as long as that German outpost could be relied upon to send exactly that message, it provided a massive shortcut to decode the days key. The German outpost in question was carefully identified and the occupants apparently enjoyed a very, very quiet war as a result, as the value to the war effort of keeping it transmitting the same message was much higher than the value of giving them any reason to change the message.
Another operator in N Africa used 'hit' 'ler' as the two daily secret keys.
Most likely an urban legend, as your Enigma setting: code wheels and reflector used, starting position, and plugboard wiring, has to match that of the unit at HQ. And as that one has to match the setting of the other field units they were in contact with they all had sheets with the daily settings to use for the next couple of weeks sent out to them. No way that a single station would be able to use an unchanging setting.
Also, two three-character keys? You had 1] which rotors to use (3 out of 5), 2] their starting positions (that would be 3 characters), 3] the reflector wiring to use, and 4] the plugboard setting or the 'uhr'box switch position.
The Enigma wasn't all that obscure; it was commercially available from the 1920's and its encryption already broken by the Polish Biuro Szyfrów in 1932.
The German Wehrmacht and Kriegsmarine used them, adding further complexity through a plugboard (army) and a fourth rotor (navy) respectively, but its inherent cryptographic weakness was not addressed.
As well as that outpost transmitting the same message day after day, there were the obvious failures like encoding and transmitting the first message of the day with yesterday's setting then re-sending it encoded correctly[0], resending a differently-worded version of a message because of a garbled transmission[1], and certain word patterns that would be present at the start and end of most messages[2].
[0] same length, same sender, different cyphertext. Bletchley Park gleefully rubs their hands.
[1] same sender, usually shorter content length, transmitted shortly after HQ sent a 'please repeat'[3]
[2] 'Heil Schicklgruber' being quite common at the end
[3] A lot of info was gleaned just from traffic monitoring: message size and their frequency, sender location and morse operators. What we'd call metadata now.
"resending a differently-worded version of a message because of a garbled transmission[1]" ... "[1] same sender, usually shorter content length, transmitted shortly after HQ sent a 'please repeat'[3"
That was how the more advanced Lorentz (Tunny) high-command level teleprinter was broken. A long (>2000 char) message, a 'please repeat' and the same, but slightly abbreviated repeat using the same initial settings. A guy called Bill Tutte spotted repeating patterns in the signals and figured out how the machine worked without even setting eyes on it... leading to Colossus
https://www.bbc.co.uk/programmes/b016ltm0
"Heil Schicklgruber"
I would have thought that would have warranted a visit by Herr Flick and von Smallhausen. I know some of the 'cribs' were looking for sticklers using full titles and over flowery wording rather than abbreviations (like HH for Heil Hitler) but I just don't see them looking for 'Schickelgruber' (not unless the sender was on a suicide mission)
Why would they not continue their belief? The allies (or that subset of them who had been read in) went to a great deal of effort to nourish that belief, well past the trials, as they were keen to read the mail of many "friends" who used the Enigma well past the end of the war. See Also Crypto AG
It’s not quite true that the Germans believed Enigma or Lorenz to be impregnable. They knew of various flaws, and understood the theoretical level of effort to required to brute force exploit them.
What they didn’t count on was clever chaps like Turing finding a short cut or two, nor did they reckon on someone like Tommy Flowers getting Colossus together (his electronic approach Exploited a flaw the Germans knew about, but they’d not thought anyone would be able to make a machine fast enough to be able to use it), and they certainly didn’t count on the British putting in such an enormous effort so consistently when that resource might otherwise have gone into fighting.
In short, the Germans were well primed with the necessary information to be able to deduce that Enigma and Lorenz were broken, had they ever been presented with incontrovertible examples of “How could they have known that?”. The care taken by the British in handling the take from German comms traffic was certainly well worthwhile.
Absolutely.
The German fragmentary effort in a lot of domains reflected a deliberate policy the Nazis had of keeping the various military branches at each other’s throats; to make coups less likely. They sowed the seeds of their own destruction...
This also showed up in all their crazy inventions. Nutcase inventors would trundle round the different armed force branches looking for funding, and so had several chances of seeing their ideas put into development. Hence the tornado generator, and all sorts of crazy ideas. Whereas in Britain there was only one place an inventor could go, a committee specifically for the purpose of evaluating contributions.
As opposed to the perfectly sane British inventions like.. a bouncing bomb?
Given that it was put forward by that utterly loony chap Barnes Wallis, later Sir Barnes Wallis, who had already made his name designing airships and crucial bits of the Wellington bomber, there was some quality boffinry behind that proposal.
The Polish contribution was indeed critical, and proceeded anything that was done in the UK.
Though I prefer to place even greater emphasis on the other aspect of the Polish achievement; hope. Their work was inspirational and showed that it could be done.
Looked at in this sense, at the time when it was still so early in the war and the Germans were seemingly invincible, the fact that the Poles had shown so early on that the German forces weren’t quite so universally unbeatable as many feared them to be could have had a galvanising effect on the senior British leadership. There was a chink in the German armour. It was the Poles who found it. Perhaps there’ll be another, was probably what was being thought.
That’s a very special kind of hope, born as it was from the appalling destruction of one country by another.
I think the trade in such artefacts is ghoulish. These are tainted goods after all, not something to be venerated.
The Poles completely revolutionised the British (and then American) approach to cryptanalysis. Previously it appeared to be largely linguistic, they brough real(tm) maths into the equation.
Indeed Dilly Knox and Hugh Foss had already broken Enigma years earlier although in its earlier and simpler form. The approach that the Poles brought to the game lent itself to the industrial scale assault on Enigma which was going to be needed.
I think the trade in such artefacts is ghoulish. These are tainted goods after all, not something to be venerated.
In our museum are a couple of Friden Flexowriters, papertape-controlled typewriters that can read their message body text from one (looped) tape and any number of variable text segments from another. They were used (though not these particular ones) by the US government during WW2 to write the letters informing relatives of fallen service personnel. Had one of ours been used for that task, would it likewise be tainted? Or can you accept that even a war-time Enigma might be valuable in showing the development of cryptographic machinery *including its actual implementation*, where otherwise there would be a gap between pre-war commercial Enigmas and post-war derivatives like the Fialka and Typex. Plus, those would likely have been used in messaging related to armed conflict as well.
The encryption was so complex, German military officials were said to have refused to accept their Enigma-secured chatter had been deciphered by the Allies, right up until the Nuremberg trials.
Were said by whom? The existence of the Enigma decryption system ("Ultra") was not publicly disclosed until 1974. Who would be stupid enough to tell (former) enemy military about such a secret?
Were said by whom? The existence of the Enigma decryption system ("Ultra") was not publicly disclosed until 1974. Who would be stupid enough to tell (former) enemy military about such a secret?
There were a lot of captured German commanders, not just the ones that ended up at Nuremberg, as well as scientists and technicians that were interrogated regarding German technological achievements and how useful they were. RV Jones talks about some of those interviews, for instance. And as such an interviewer you should be able to pick up whether they think their secrets had been cracked or not from the way they talk about events related to those secrets, without actually letting them know whether they actually were cracked or not.
Another aspect of the deceit around how the Allies were targeting u boats was the double cross system. Through this, at RV Jones’ suggestion, captured German agents sent back misinformation about how infrared detectors were being used to spot surfaced boats. This hinges on the fact that the Germans knows who Jones was and that he’d got a background in IR detection.
The Germans went to some lengths developing an IR masking paint - it had lots of glass granules in it - for u boats. Having done this they could only wait to see if this had a positive effect on their loss rate. It didn’t, and another few months slipped past.
Neither.
It's an interesting historical artifact turned into a war trophy for wealthy people. Today, it is no more than a bit of haberdashery, squirreled away in someone's sock drawer, never to be seen again until auctioned off to another wealthy squirrel by the first squirrel's heir(s) (unless the first squirrel decides to make room for another shiny bauble). Lather, rinse, repeat.
Sad, that.
I seem to recall reading that this new, improved, Enigma was pretty much rendered as useful by the older one by a simple human error. The way this was introduced was by fixing the fourth rotor so that operation mimiced the three rotor machine which gave the time necessary to distribute the new machine, setting tables and what-have-you to everyone before the Big Day when they were to cut over to four rotor operation. Apparently one station jumped the gun, sent out a message in four rotor mode, realized their mistake, reset and sent the identical message in three rotor mode. Which was all that was needed for Bletchley to deduce the wiring of the new machine.
There's all sorts of lessons for us here. One that relying on obscurity just won't work. The other is that no matter how well designed the system sooner or later humans are going to be involved in its operation and eventually someone is going to screw up. To their credit the Abwehr did have teams looking for operator screwups but judging by the amount of resources devoted to this (and the lack of any history of what the did and how they did it) I'd guess the German 'management' didn't realize just how important they were.
Four-rotor Enigma was reconstructed because in 1938, when the German military shifted to four/five rotor use, the Nazi Party's own internal security service remained on three-rotor machines, which created an abundance of messages that had been encoded in both algorithms. The work of reconstructing the four-rotor Enigma was done in Poland at the very start of the war.
At no point did Enigma rely on "obscurity" in the sense that cryptographers use that word. The mechanics of the device (i.e., the algorithm itself) were known from the 1930s, and while the addition of a fourth rotor made life very difficult, that job wasn't made much easier when the 4-rotor Enigma machine was fully described.
The Germans knew that Enigma could be cracked, and they knew that four-rotor Enigma could be cracked too. However, their predictions of how long any such crack would take were based on an assumption that proved to be untrue: that the Allies would not invest huge resources into cryptanalysis, and instead rely on brute-force attacks and traditional espionage techniques to obtain information. By 1945, the use of clever search-space reduction techniques developed by Alan Turing and Peter Twinn, brute-forced by the high-speed "bombe" machines commissioned from NCR by the US Navy (but deployed at Bletchley) allowed a 48 hour decryption of all Enigma traffic.
(The Colossus computer was built to decode a completely different German cipher, the electromechanical Lorenz SZ)
Interesting as well, since without the slip-up you mention, presumably the Germans would have noticed that Allied detections went down for a period of time just as the 4-rotor machines were introduced.
They would then have deduced that the Allies HAD actually cracked the 3-rotor Enigma and the door would have been closed quite rapidly after that......
> the Germans would have noticed that Allied detections went down for a period of time just as the 4-rotor machines were introduced
AFAIK the Allies did introduce a lot of voluntary misses here and there, to leave the Germans in the dark, because if the Germans had known for sure their code was broken, they would obviously had changed it ASAP and the Allies would have been back to square one.
Yes, that meant some convoys were sacrificed, but it was "for the greater good".
Crete? I understand the intelligence was provided, but the allied commander was so convinced of a naval assault that he did not trust the intelligence of an airborne invasion and did not prepare properly for one.
Crete might well have been saved or held on to for much longer with greater losses for the Nazis. See: https://www.youtube.com/watch?v=wqv3IILkIqQ
Also, if information had to be used that could only conceivably have been obtained from a cracked Enigma message, a 'thank you for your invaluable info' message would be sent to a nonexistent agent. Which would have the side benefit of tying up Abwehr manpower, but also risk collateral damage of real agents being rounded up.
Look at the mechanical side of the rotor system: in the initial design each keypress turns the rightmost rotor one position, then after a full rotation (i.e. 26 keypresses) the next rotor turns one position. The third rotor will move only after 26^2, or 576 characters, and for the fourth rotor to move the message would have to be 26^3 (17576) characters long. It was in effect stationary and thus didn't add cryptographic complexity, just more starting options. Later modifications would have a rotor move twice or thrice during a full rotation of the rotor to its right, but a fourth rotor would still move only very infrequently.
In contrast, the postwar Russian Fialka had a mechanism where several of its ten rotors would turn, forward as well as backward, on one keypress. It also had rotor logic that allowed an input character to be mapped onto itself.
> vital component after civilization ends?
I don't know why you assume it's simple and low tech. Even today nobody would know how to use it, except a handful of history fans and multiclass engineer-cryptographers.
Yes, it doesn't use modern integrated circuits, but compared to (for instance) a smartphone with a crypto app, it's a fiendishly complex device requiring trained operators.
Rather the opposite I think. It was intended to make it easy for signallers in the field to reliably encrypt and decrypt messages with a minimum likelihood of error. You set the wheels to the daily settings, key in the message, write down what comes out, and then start mashing the morse key. It wasn’t foolproof, but it wasn’t difficult and it was certainly a whole lot easier than doing an encryption by hand.
> It was intended to make it easy for signallers in the field
You're right, but either you missed my point, or you conveniently forget those "signalers in the field" were trained (or at very least had the manual).
Did you ever see an Enigma machine? While I know the general principle, there are lots of pieces I have no idea what they do or how to use them, like all the plugs and cables on the front, or those small levers inside the cover. Of course you can assume they are all already configured as required, and you only need to type your message in, but that's preposterous.
I admit I haven't actually tried, but I'm pretty sure that without the manual, nobody will even know how to set it up, much less "reliably encrypt and decrypt messages". So, to get back to the "after civilization ends" part, when and if you find an Enigma machine in the smoldering ruins of some rich guy's mansion, there is little chance you can use it to give the resistance movement an edge against the alien/zombie/whatever invaders.
Did you ever see an Enigma machine?
Yes.
Anyway, a single one is as good as useless; you need one for each entity who wants to communicate via Enigma-encrypted messages. Then, going from the premise that you know in general how they're supposed to work, and that you have batteries for them, for a start you check out that they have identical rotors, set them at the same starting position, set the switches the same and press a key on one of the units. Now a bulb lights up, you press the corresponding key on another unit and, when all is well, the right character gets lit. If it does you proceed to "Der schnelle braune Fuchs springt ueber den faulen Schweinhund", else you re-check whether every part is indeed identical, all wiring is intact, bulbs and switches working and fix what you find.
You lot are aware that Enigma (in all it's guises) has been translated into software, and much of that code is freely available, right?
Minarke[0] over at Sourceforge is a good place to start ... it's a small (the tarball is under 16K) and easily understood C program, although the comments could be better for learning purposes. The TAR archive only contains three files (the GPL license, the C source code, and a simple makefile for GCC).
I have seen it used with a real Enigma machine ... in other words, it works.
[0] Short for "Minarke Is Not A Real Kriegsmarine Enigma" ...
You lot are aware that Enigma (in all it's guises) has been translated into software, and much of that code is freely available, right?
Indeed. I've actually built a kit for an acquaintance whose soldering skills were such that he knew that you should hold the cold end and poke the hot end at things you want soldered, but that he was unlikely to end up with a working unit unless he'd hand that part of the job off to someone with a little more experience.
However, the article mentions the situation where civilisation has collapsed, which probably means that even SIMTEL-20 is out of order, and you'd have to fall back on the original Enigmas.
The plugboard on the front is used to add a bit of extra complication by swapping pairs of letters, say J<>A, before they get to the 1st rotor while the others are mapped to themselves.
The days settings would consist of picking a set of rotors, selecting the 'turn over' point for each rotor (the point in its rotation when it 'kicks' the next rotor), putting them in the right order and right starting point and selecting the plugboard mappings (up to 10? swaps)
I understood that the Allies did their best with disinformation to make the Germans think that they had spies in the Navy or advanced submarine detection, to deflect attention. As there really were high ranking Kriegsmarine officers working against Hitler, like Canaris, it was a good tactic.
As I understand it Enigma was never cracked.
Instead The Bombes were just an automated brute force attack. Reading the messages of the day required that the brute force attack completed before the key of the day was changed.
Don't get me wrong this was an amazing achievement.
Couple with a good understanding of the cypher meant that the possible permutations of cyphertext were magnitudes less than originally believed.
This meant that an brute force approach became feasible, but if I understand correctly this was still too slow.
It was only when a crib was introduced (trying likely message content) that brute forcing the key became a realistic proposition - much like a dictionary attach on today's passwords; the squishy meat-bags are the weakest link.
-----
As to does an enigma machine have worth toady?
Yes; providing it is part of a wider story. If it is just an item with no relationship to other items in a collection then no. much the same as any artefact.
"As I understand it Enigma was never cracked."
Enigma was understood enough so that reel settings could be deduced. And when reel settings for a particular day were known, messages from that day could be read, even if they had to read them days or weeks later.
It took time for the signal listening posts to transcribe the morse and get it off to Bletchley and its outstations and the Americans at Eastcote.
It took thousands of staff working 24x7 to operate the systems at Bletchley that mined all the decoded messages and turn them into useful intelligence.
Many of the comments on here are asserting information that doesn't agree with the Bletchley Park version.