Enigma Machine Sold for Almost Half a Million Dollars

A fully functional four-rotor Enigma machine sold for $463,500.


Posted on December 9, 2016 at 11:55 AM • 21 Comments


Ross SniderDecember 9, 2016 12:08 PM

Insane. Enigma machine dollar value appear to be considered valuable specifically because they we're useful as cryptographic devices during the second world war.

Had the Swiss not broken the Enigma machine and sold the results to the Allied Powers, it's not likely the Enigma machine would be worth much today, as the 'story' value would be much lower.

To find a historical analogy, one would have to compare to certified classified devices used by today's governments. Most ring up at about $5,000 dollars today, and I doubt deprecated models will ever go up in price even for collectors.

CassandraDecember 9, 2016 1:01 PM

@Ross Snider

Swiss? Sell?

It was the Poles (with some initial help from the French), and the method of breaking Enigma encryption was not sold, but freely shared.






As the last reference says, Polish men died protecting the secret that the Allies had cracked Enigma.

qwerttyDecember 9, 2016 1:03 PM

@Ross Snider
The polish where the ones who cracked enigma, and gave their techniques & blueprints for the "bombes" (finite state machines used to speed-up the code breaking) to the french & the british (see Simon Singh's "The Codebook" or Jozef Garlinski's "Intercept" for details).

Ross SniderDecember 9, 2016 1:31 PM



It appears to have been the Polish, and done for geostrategic reasons!

BearDecember 9, 2016 2:30 PM

The M4 Naval model is extremely rare. The ones on the vessels mostly sank with the vessels (or were thrown overboard the instant it looked like the vessels might be boarded) and the naval shore stations were built in well-protected positions well behind the lines, where the Allies weren't likely to make a pinch.

In point of fact the codebooks that gave the operators their daily keys for the month (destroyed with about the same reliability as the machines) were hundreds of times more important from an intelligence POV; the guys at Bletchley and Arlington knew the the mechanical details and rotor wirings of the M4 from a few months after it went into service.

There'd have been an exception for about three months after the M4 went into service - before they'd figured out the wirings, getting a machine in hand would have been a significant shortcut.

I've thought about the Enigmas way too much, and if the designers had been just a bit more savvy about the math they could have been utterly impossible to break. A redesign of the Enigma (mostly reusing the same parts) would have made it effectively immune to anything possible during WWII.

Encoding the letters as a positive and negative impulse to make two paths through the maze, instead of using a reflector to make two paths through the maze, would have solved the antireflexive property that the bombes used against them.

That cuts the number of I/O positions needed to express a 28-character alphabet down to 8 (assuming they didn't care which direction the current is running. 6 positions for a 30-character alphabet if you add a bunch of diodes).

Connecting 8 positions to the keyboard on one end, and 8 positions to the light board on the other end, leaves you a significant chance that the impulses from input will come through on paths that don't lead directly to the positions used for output. This is a good thing for security because you have a steckerboard.

Take the 18 positions not used for input, and the 18 positions not used for output, wire them together through the steckerboard, and now the impulses travel through an indeterminate number of paths through the maze. Each travels at least one path through the maze, and if it doesn't reach an output post it just takes another trip through until it does.

Because reflexivity has been eliminated, you have to add a double-throw 8-pole switch to go from encrypting to decrypting. It would just switch the connections from keyboard to lightboard and vice versa.

Not only do the bombes not work anymore, but because of the indeterminate number of paths through the maze and stecker this is no longer a "neat and simple" problem in group theory. You can't isolate the sequence of offsets of the first wheel, for example, because the first wheel is making two different offsets simultaneously and they are independently disrupted by the stecker settings.

There is still one way in, but it's hard. 9.4% of the characters transmitted will not go through the stecker and additional paths, and if you can sort out the statistics and figure out which 9.4% of the characters those are, you can still solve it as a group theory problem. But it's a very hard one, and would have been far beyond WWII cryptanalytic efforts. Also, I don't think there was enough traffic in any one key to pull it off.

Gerard van VoorenDecember 9, 2016 2:50 PM

@ Bear,

I am sorry but you got it all wrong. That is the problem with people focusing on one technology and try to improve it without thinking of the overall problems (think PGP for instance). The Lorenz SZ42 was a major improvement over the Enigma. It only took one person to operate the device instead of three. Also the input was 6 bit cleartext and the output 6 bit encrypted text. And it was a teleprinter device. Now, that was a serious device. The encryption was only cracked because ONE operator made a mistake ONCE.

BearDecember 9, 2016 2:51 PM

I forgot to mention the last detail. The above description uses only 18 positions of the stecker I/O, leaving 8. In truth you should be using all 26 positions of the stecker input wired to all 26 positions of the last wheel, with 8 of the stecker outputs wired to output and 18 wired back to input.

So everything would go through the steckerboard at least once, and combinatorics being what they are the stecker difficulty has been squared (in addition to whatever is available from additional trips through the wiring maze).

PaulDecember 9, 2016 2:54 PM

If you ever get the chance to visit Bletchley Park in the UK please do so. It's just outside London. The National Museum of Computing is an amazing place. It's run by volunteers and you can chat to the people who re-built these fantastic machines. The Colossus computer alone is worth the visit.

BearDecember 9, 2016 3:00 PM

Yes, the Lorenz machine was much better, if you had the space, the weight allowance, and the reliable power source to run it. In practical terms machines that combined encryption and transmission into a single operation were less subject to operational errors. But they were not portable, not compact, not easy to hide, not easy to throw overboard, and usually not usable unless connected to 'mainline' electrical power supply or equivalent.

Also the Lorenz machine is still a "neat and simple" group theory problem because it doesn't use feedback. The cryptanalyst knows that each 'bit' of the output has taken exactly one path through the rotors and has taken it in parallel, with the rotors at the same position that every other bit passed through, and that the keyed bit inversions are applied consistently to the same set of parallel paths. It's a much BIGGER group theory problem than the Enigma, but it's still 'neat'.

BearDecember 9, 2016 5:26 PM

Of course I know about the SIGABA. Never successfully cryptanalyzed, without a doubt the strongest rotor cipher machine ever used. But not available at the time and you sure as heck couldn't build one using the parts from an Enigma, and have it fit in the same box.

TatütataDecember 10, 2016 8:32 AM

I read somewhere (was it Kahn?) that many Enigma machines were sneakily sold to second-tier powers after 1945, allowing UK-US to snoop on their dirty little secrets. This is one of the reasons why Bletchley remained under wraps for so long. (And that was years before NSA spooks reportedly paid visits to Boris Hagelin's Crypto AG).

Is there a public inventory of these compromised hand-me-downs? Did they include naval ones?

CallMeLateForSupperDecember 10, 2016 2:24 PM

It seems like not very long ago that an M3 (army/air force model) sold at action for just under US$40k. Some time later, an M3 sold for US$130k+. And how half a mil.

It would seem that I was born 10-12 years too late; the price of these things consistantly moves up ju-u-ust beyond my reach. ;-)

CallMeLateForSupperDecember 10, 2016 2:34 PM

Almost forgot to throw cold water on this part of the article:
"... computer pioneers Alan Turing and Tommy Flowers, used some of the earliest and most advanced computers to break the Enigma codes..."

So-called "bombes" broke Enigma cyphers. Bombes were not computers.
As mentioned by others here, Colossus - a computer - was used against Geheimschriber, a quite different machine to Enigma.

CallMeLateForSupperDecember 10, 2016 8:42 PM

I wrote "Geheimschreiber". That felt kinda, sorta wrong but I left it that way. A few minutes ago the correct term popped into my head: "Geheimfernschreiber".

Jen JenDecember 12, 2016 12:20 AM

@ Tautata

>I read somewhere (was it Kahn?) that many Enigma machines were sneakily sold to second->tier powers after 1945, allowing UK-US to snoop on their dirty little secrets. This is >one of the reasons why Bletchley remained under wraps for so long.

Correct. Sold, or given. Post war, all the commonwealth nations used enigmas and thus had all their comms intercepted. Which, as you say, was why Bletchley park was kept completely classified for so long . Although I thought the US was out of the loop as well

rechercheDecember 12, 2016 2:50 AM


I've just looked up an inflation calculator, and $US460,000 today
is equivalent to about $US35,000 in 1945.

Regardless of the irrational "historical relic" angle, I believe that
this sale gives a strong guideline for what security-related firms
(i.e. including most of the large OS-related players) should be willing
to give as bug bounties, together with guaranteed immunity from
prosecution... not measly sub-$10,0000 token prizes, with the danger of
being arrested as a black-hat spy.

-- recherche

RIck DeNataleDecember 13, 2016 10:25 AM

I followed the links to the auction catalog, and noticed that this example apparently only included 3 of the 8 rotors.

I wonder how many Enigma Is or 4s with a complete set of rotors still exist if any.

dittybopperDecember 15, 2016 9:23 AM

I've often thought that the Germans could have kept Enigma secure by simply having a "Rewire Day" once or twice a year. Simply re-wire every single rotor on that day. Rewiring a single rotor and testing it should only take about 30 minutes. Maybe a hour if you are very slow and very careful. For 8 rotors, that's 4 to 8 hours worth of work, no big deal.

The real way to make it secure though, would have been to simply give each communication circuit its own keying documents. The Germans did that in the last couple of months with their U-boat communications. Every single U-boat that sailed had a set of unique key settings. That caused two problems for the Allies: It lowered the amount of traffic in any particular key to such a small level that from a practical standpoint it was impossible to break it, and even if you had enough traffic from that one particular U-boat, it didn't help you read the traffic of the other U-boats at sea.

I've often thought that the conventional wisdom that the Germans believed the Engima was secure up to the end of the war is wrong. Doenitz was skeptical about it as early as the Fall of 1941 after the Tarafal Bay incident, where he mentioned a compromise in crypto material as a possible reason for a British submarine just happening to show up at a remote and as then unused rendezvous point.

Then we have the Ardennes Offensive where all the operational orders in preparation went out by courier instead of over the radio. That's not the kind of thing you do if you think your encryption is secure.

And of course we have the Ubootswaffe dividing up their key nets into smaller and smaller segments until at the end the war every U-boat had their own unique sets of keys. You don't do that either unless you think someone can break your messages because it's a lot more work to generate individual keying documents for every boat instead of half a dozen to cover all boats at sea.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.