CallMeLateForSupperOctober 30, 2014 3:29 PM

"(with substantial initial help from Polish mathematicians who had been given an ENIGMA machine)"

I believe an Enigma was shipped to Poland by mistake, was not really "given". The shipper asked that it be returned, and it was.... but only after Poles - who understood what it was - had studied it very closely. :-)

Oh... and that episode took place well *before* Bletchley Park knew anything about the Enigma.

Gerard van VoorenOctober 30, 2014 4:01 PM

(At the risk of repeating myself)

It is funny that still the Enigma machine gets all the attention while in fact it was the Lorenz SZ40/42 that was much more sophisticated and being used at the division level while the Enigma was being used at the regiment/battalion level.

The BBC has a good documentary about this subject. Here is a sample.

However, a couple of years ago there was a cipher event. The winning contender did wrote the code breaking software in Ada and it looked quite good, thanks to the wonderful type system of Ada.

Clive RobinsonOctober 30, 2014 5:35 PM

@ Gerard van Vooren,

Something else that is also not commonly known about the Lorenz machines, is that they were unlike the Enigma designed specifically at Hitler's request. Some believe that unlike Admiral Karl Donitz Hitler did not trust the Enigma design and suspected it was to simple for high level links. Others believe Hitler had been told about the short message length issue of the Enigma and thus discounted it's use for high level traffic. What ever the reason, the Germans did know from the Spanish Civil War that the commercial design of the Enigma had been broken by amongst others the French. Which is one of the reasons that the fast rotor on the military Enigma is at the other end when compared to the Enigmas used during the Spanish Civil War. Likewise the British Typex which worked in very much the same way as the Enigma and was used at Bletchly with it's rotors wired the same way as the Enigma.

What was special about the Lorenz was that it was broken by just two men at Bletchly neither of whom --like the rest of British Intel-- had ever seen one, nore pictures or even diagrams or sketches.

It was the Lorenz machine not the Enigma that gave rise to the "Heath Robinson" machine at Bletchly, that Tommy flowers alone and out of his own pocket developed the first thermionic valve (tube) circuits that gave rise to the first working fully electronic computer. The only real recognition Tommy got was a street named after him... the British Establishment did not take kindly to either engineers or scientists for nearly all of the 20th Century, with awards and honours reserved almost exclusivly for "civil service manderins" who rather than get an honest education had elected to do the "Civil Service Exams"...

AutolykosOctober 31, 2014 4:47 AM

What's the news? Building an Enigma emulator seems to be a common programming project for kids with some interest in cryptography (at least it was for some of my friends and for me). I have to admit that the code is much cleaner than mine was, even though they're writing in C and I was using Delphi.

Clive RobinsonOctober 31, 2014 1:15 PM

@ Thoth,

There is quite abit more to the Boris Hagelin and Crypto AG story than that article indicates.

The "NSA back door" actually started long prior to the NSA inadvertantly with the C35 "additive coin counting system".

Back in 1935 William Friedman and colleagues had the responsibility of testing crypto equipment that came in for the attention of the US military etc. They got to see a lot of systems and were very good at analysing them. We now know that the coin counting mechanism had the problem of some strong keys and quite a few weak keys that could be broken fairly quickly, such as around half an hour with pencil and paper.

What Friedman and his colleagues knew was that there was a problem with mechanical cipher systems, which is they are difficult to come up with a secure design, but very easy to copy one that is secure. Thus you don't want to put your most secure systems into the field as the enemy will quickly get hold of them and if they believe they are more secure than their own will thus copy them. Which gives you the problem that their comms become as secure as yours, which you probably cannot read in a sensible time frame.

The C35 must have seen like a golden oportunity to some one connected to Friedman. Because of the following reasoning,

If you know how to diferentiate the strong and weak keys, you can as you control the KeyMat ensure your troops only use the strong keys. However unless the enemy is your crypto analytic equal or better then they won't know which are strong and which are weak keys. If however they did know then they would not have a need to copy the design they would have come up with their own. Now having copied the design there was a very high probability that they would encrypt messages under weak keys to the same proportion that they exist in the key map. Thus such messages could be recovered. But... having gained a proportion of plain text messages from the enemy, these could be used to help recover messages under moderate or strong keys.

Thus using the C35/38 only for tactical field/ front line use and issuing only strong key keymat, if your enemy copied the design then you had a way into their tactical traffic, but they did not into yours.

As we know there were quite a few of these Hagelin machines either sold as "war surplus" or new from Hagelin's company with in effect minor variations. As we know they like Enigma machines ended up all over the Middle East and Africa and the NSA were happily reading them and using techniques developed by the British via the BRUSA --now UKURSA-- agrement which gave birth to the Five Eyes.

It's highly likely that the reason Friedman was used to talk to Hagelin is that he could most believeably tell the story to Hagelin. And Hagelin knowing that his entire business relied on "trust" would have realised that just one or two words from Friedman into the right ears would kill his business deader than last thanksgivings turkey... Thus his compliance with NSA requests was virtually guaranteed. And the more he was complicit the worse it would be, especially when quite a few Middle East nations were known to kill people in other countries for lesser things.

Now you need to ask yourself a question about the speculation on the Israel -Russia, Russia-Iran leaking of the secret, and if there is a more likely explanation.

You need to read Peter Wrights "SpyCatcher" book for some of the background because he indirectly wrote about it.

MI5 for whom Peter and his assistant Tony Sale --of Bletchly Park Rescue fame-- had a problem in that they were not getting much needed assistance from either MI6 or GCHQ, even though MI5 relations with the US agencies was better than for the other British IC agencies.

As Peter detailed in the book he and Tony were developing audio eavesdropping equipment for use against embassies, residencies and suspected spys etc. He also mentions that they developed a way to determin the key settings on mechanical cipher equipment simply by sound. If you think about it Enigma machines are not realy susceptible to this but the coin counting mechanism most certainly is.

Peter goes on to mention how thet used this to get way better cooperation from GCHG and gives details of how they deployed the technique against the Egyptian Embassy.

He also details how the Russians knew about the covert pin hole microphones because some one very senior in MI5 leaked the information to them. Thus it's safe to assume the same person leaked details not just on the audio key establishment but also the information about the Hagelin machine back doors because the leaker knew about them...

Some years ago I got to chatting with Tony Sale about this and after a little while he realised I knew rather more about it than was given in SpyCatcher, and he indirectly acknowledged it. We also chatted a little on how the "NSA Back Door" secret came out when it did, but the MI5/GCHQ audio technique did not. And further how the Iranians had certainty not speculation on the back door. His view is rather more persuasive and some what simpler.

Tony put it down to the Iranians getting their hands on large quantities of CIA and other US IC documentation from raw intercepts and through to diplomatic traffic going back prior to the coup dete by the CIA in 1953 that put the Shar back in control. How did this happen well you need to think back a little to 1979 and the Iranian revolution. It happened so fast that the Iranian Students over ran the American Embassy before they had managed to shred and burn the archives, something that became public knowledge at the time. Over the next couple of decades students slowly rebuilt the documents from the bags of shredded archives. We know this is certainly true because they have in the past not only said they were doing it they also made quite a few of the reconstructed documents available. This is on balance the most likely way the Iranians had the proof to "out" the NSA backdoor, but not the evidence to out the MI5/GCHQ audio method.

vas pupNovember 3, 2014 9:17 AM

Germans on cyber security:

That part in particular:
"If we don't include security as a system requirement from the beginning, we should not be surprised if we don't get security in the end: It works as designed.
Right now, the situation is this: I buy Swiss cheese from the hardware producer and then I have to close all the holes by myself. This is the wrong approach. We have to get everybody working together on this: Lawmakers, hardware producers, Internet providers and the users. If the customer switches off the automatic security updates, he himself creates a security gap. But we have to make it easy and user-friendly for the customer to achieve security."

AutolykosNovember 4, 2014 7:33 AM

@vas pup:
Nice article. Although...

There is also talk about "cyber warfare," meaning states - often undemocratic ones - using malware against political enemies or economic rivals.
Even though I'm not their biggest fan, I find it a bit harsh to call the US undemocratic.

thevoidNovember 5, 2014 2:23 PM

@vas pup

A year and a half ago few people recognized GCHQ as an abbreviation for the British secret service. But Edward Snowden's revelations changed that. Now, less than two weeks after taking over at the helm of the intelligence and security organization, Robert Hannigan is reinvigorating debate about bugging and surveillance practices.

Writing in the "Financial Times" newspaper this week, Hannigan accused US technology companies of supporting terrorists by closing their eyes to the misuse of their services. He also said Snowden's disclosures had helped terrorist groups.

why is it that these 'law & order' types always whine like petulant children?

vas pupNovember 5, 2014 3:29 PM

@thevoid:"why is it that these 'law & order' types always whine". When the whole life you need follow orders, people's ability to generate own thoughts and imagination are degraded as not only useless, but also damaging for survival. Then, you have no people left with brains and loyalty simultaneously. What you have as result, mostly reactive paradigm on current problems, not proactive for prospective challenges (my humble opinion). Solution: they need to hire smart people in order smart people to tell them what they should do, not to tell smart people what smart people should do, treat those smart people as Google treat their employees, and you get what you need.

Gerard van VoorenNovember 5, 2014 4:21 PM

@ vas pup

"When the whole life you need follow orders, people's ability to generate own thoughts and imagination are degraded as not only useless, but also damaging for survival. Then, you have no people left with brains and loyalty simultaneously."

I disagree. What you have is culture. But we all know that culture is one of the hardest things to change. Why? Like with language you are raised with culture from the day you were born. My first language id Dutch. My second is English, but I never ever will have English as my first language. Not because I don't want to, but because I am too old to learn it properly. The same with culture. I can't understand why Americans wave their flags. Here in the Netherlands we just don't have that. The same with sports events. We don't sing our national anthem prior such an event. In the US they do. That is culture. And it is very deep.

"Solution: they need to hire smart people in order smart people to tell them what they should do, not to tell smart people what smart people should do, treat those smart people as Google treat their employees, and you get what you need."

I do believe that indeed the problem is leadership. The solution that you are suggesting could work, but it is also a fantasy unless you have the power to enforce it.

vas pupNovember 6, 2014 9:06 AM

@Gerard van Vooren
Thank you for your input. I agree with you that culture is important, but my point was that in LEAs around the globe dominate the same culture regardless of flag or nationality:"When the whole life you need follow orders, people's ability to generate own thoughts and imagination are degraded as not only useless, but also damaging for survival. Then, you have no people left with brains and loyalty simultaneously." In the 21st century brains (analysis) are substantially more important than fists (brutal force - trick that were working before).

vas pupNovember 6, 2014 9:44 AM

Mechanical versus electronic physical security:
"Keys are still what people associate with solidity and security. The same used to be said with cash and credit cards - that people would not trust virtual money or online banking." Enigma was mechanical device by the way.

thevoidNovember 6, 2014 5:58 PM

@vas pup

you have a point about the order-following type, but what you are describing
really applies to *bureaucracies*, of all types, which of course includes LEAs.

you are also right that the behaviour of these entities (LEAs, mil) and their
agents are universal. in fact, it is not only world-wide, but also applies
ACROSS HISTORY as well. nothing new under the sun.


some of it is certainly culture, but as i noted above, some of these people,
their behaviour, and their words are often identical across time, space, and

re flags. well, even an american, even i find it odd that most americans stamp
a flag on almost anything (even pre 9-11). but it is not even limited to 'old
glory' though, as many people here fly flags from their ancestral countries,
even when a few generations removed sometimes. its not out of place to see
german, italian, irish or mexican flags flying. last week i saw a 15ft (~5m)
flagpole mounted into a regular car flying the puerto-rican flag driving down
an avenue in one of our ghettos, it barely made clearance under an el(evated
train). that was a new one for me. no special occation i know of (puerto-rican
day was a couple months ago).

QNovember 18, 2014 6:36 AM

The improved Enigma (or Hitler Mill) was a lot better then the 1st Enigma. At the end, 2000 improved Enigma┬┤s were built and delivered to the troops.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.