The document discusses the Enigma machine used by the German military during WWII and how Bletchley Park successfully exploited its flaws for codebreaking. It outlines five key lessons learned from this historical event: the subtle flaws in cryptosystems, the necessity of planning for key compromise, the tendency of users to choose weak passwords, the importance of selecting and trusting a good random number generator, and the need to not underestimate adversaries. The Enigma cipher, while sophisticated, was ultimately vulnerable due to weaknesses in key management and predictable user behavior.

1. Franklin Heath Ltd28 May 2013
Security Lessons from Bletchley Park and Enigma
Image: Bletchley Park Mansion by Antoine Taveneaux

2. CC BY 3.0
Topics
 How the Enigma machine works
 How Bletchley Park exploited German mistakes
 Five lessons we can draw from this
28 May 2013 2
© Franklin Heath Ltd

3. CC BY 3.0
The Enigma Machine
 Invented by Arthur Scherbius in 1918
 Commercially available from 1923
 Adopted by German military from 1927
 Several variants, notably:
 Enigma I, German army 1932
 Enigma M4, German U-boats 1941
 Principally mechanical
 Battery is used only to illuminate the output letter
 Used throughout WWII by German military + agencies
 Estimated 100,000 machines produced
28 May 2013 3
© Franklin Heath Ltd

4. CC BY 3.0
Enigma Machine Components
28 May 2013 4
© Franklin Heath Ltd
Scrambler
Rotors and reflector
Output
Battery-powered lamps
Input
Keys (switch and lever)
Plug Board
Static, swaps letters

5. CC BY 3.0
Enigma Machine Components
28 May 2013 5
© Franklin Heath Ltd
Scrambler
Rotors and reflector
Output
Battery-powered lamps
Input
Keys (switch and lever)

6. CC BY 3.0
Fully Functional Paper Model
28 May 2013 6
© Franklin Heath Ltd

7. CC BY 3.0
Example Enigma Settings Sheet
28 May 2013 7
© Franklin Heath Ltd

8. CC BY 3.0
Enigma Simulator
28 May 2013 8
© Franklin Heath Ltd

9. CC BY 3.0
Enigma Cipher Characteristics
 26-letter alphabet
 Numbers typically spelled out
 Reciprocal substitution cipher
 Operation is its own inverse
 Independent of preceding text
 Message key sets start “state”
 Never encrypts a letter as itself
 Keys are SPDT switches selecting
input or output
28 May 2013 9
© Franklin Heath Ltd

10. CC BY 3.0
Enigma Machine Key Length
 4-rotor Enigma M4
 2 possible reflectors
 672 possible rotor choices
 676 possible notch positions
 532,985,208,200,576 possible combinations of plugs
 456,976 possible starting positions
 = 221,286,292,668,406,558,235,295,744 possible keys
 Log2 gives equivalent binary key length: ~88 bits
 Still export-controlled today!
 Yet it could be broken with 70-year old mechanical technology
 Key length isn’t the most important characteristic
28 May 2013 10
© Franklin Heath Ltd

11. CC BY 3.0
Bletchley Park’s “Wicked Uncles”
 Senior codebreakers recruited in 1939
 Introduced mathematical and mechanised methods
 1941 memo delivered to P.M Winston Churchill
 Response: “Make sure they have all they want on extreme
priority and report to me that this had been done.”
28 May 2013 11
© Franklin Heath Ltd
Alan Turing 1912-1954
Gordon Welchman 1906-1985Hugh Alexander 1909-1974Stuart Milner-Barry 1906-1995

12. CC BY 3.0
Types of Breaks into Enigma
 Polish Cipher Bureau, 1932 onwards
 Common start positions (mitigated 1938)
 Repeated message key (mitigated 1940)
 UK GC&CS, 1937 onwards
 “Rodding” using cribs (mitigated by plug board)
 Herivel tip, to deduce ring settings
 Cillies, to deduce message keys
 Banburismus, to identify likely rotor orders
 Bombe menus from cribs, to test rotor orders
 EINS catalogue, to deduce message keys and bigram tables
28 May 2013 12
© Franklin Heath Ltd

13. CC BY 3.0
The Turing-Welchman Bombe
28 May 2013 13
© Franklin Heath Ltd
Images Credit: Antoine Taveneaux

14. CC BY 3.0
Aside: What is This?
 Part of the Turing exhibit at the Science Museum
 “a cryptographic aid used at Bletchley Park”
28 May 2013 14
© Franklin Heath Ltd

15. CC BY 3.0
Lesson 1:
Cryptosystems have Subtle Flaws
 Long keys do not alone make a strong cryptosystem
 Stream ciphers can have unfortunate interactions with
themselves (especially reciprocal synchronous ones)
 Attackers can take advantage of predictable plain text or even
predictable repetitions in otherwise unknown plaintext
 Best practice for modern systems seems to be to use
block ciphers like AES with chaining modes
 2001 break of WEP (“Wired Equivalent Privacy”) exploited use
of duplicate initialisation vectors with RC4 stream cipher
28 May 2013 15
© Franklin Heath Ltd

16. CC BY 3.0
Lesson 2:
Plan for Key Compromise
 “Pinches” provided a way into new Enigma networks
 1940 HMS Gleaner: rotors VI and VII from U-33
 1940 HMS Griffin: settings and cribs from armed trawler Polares
 1941 HMS Tartar: code books from weather ship Lauenberg
 1941 HMS Somali: rotors and code books from armed trawler Krebs
 1941 HMS Somali: code books from weather ship München
 1941 HMS Bulldog: machine and code books from U-110
 1942 HMS Petard: machine and code books from U-559
 They had emergency procedures to switch to other settings
 Modern security systems need to have “renewability” too
 for recovery from “class breaks” like the DVD CSS key breach in 1999
28 May 2013 16
© Franklin Heath Ltd

17. CC BY 3.0
Lesson 3:
Users Pick Poor Passwords
 Many Enigma messages were read by guessing the
message key that the operator chose (“Cillies”)
 AAA BBB, QWE ASD, BER LIN, etc.
 This was addressed later in the war by operational
procedures
 Daily settings used as a pseudo-random generator
 Cryptographic keys need more entropy than users can
supply in the form of a password
 Salts, nonces, initialisation vectors, etc.
 You can crack many unsalted MD5 passwords just with Google
28 May 2013 17
© Franklin Heath Ltd

18. CC BY 3.0
Lesson 4:
Pick a Good RNG and Trust It
 Don’t be tempted to interfere to make it look random
 German cipher staff had rules for not repeating rotor
order and not plugging adjacent letters
 This significantly reduced the number of possible settings that
needed to be tried on the Bombe
 Many security vulnerabilities in modern systems are
due to poor randomness
 e.g. Debian OpenSSL vulnerability in 2008
28 May 2013 18
© Franklin Heath Ltd

19. CC BY 3.0
Lesson 5:
Don’t Underestimate the Enemy
 German high command told Enigma was “unbreakable”
 German cryptographers knew it was theoretically
breakable, but thought no one would put in that much
effort
 Bletchley Park’s mathematical approach and production
line methods led to industrial-scale cryptanalysis
 Modern example:
 2009 breaking of GSM A5/1 using precomputed rainbow tables
 Used GPUs in a distributed collaborative project
28 May 2013 19
© Franklin Heath Ltd

20. CC BY 3.0
Summary
 The Enigma machine cipher is elegant, efficient and has
few significant inherent flaws
 Bletchley Park benefited greatly from weaknesses in the
key establishment procedures and from analysis of traffic
for which keys had been compromised
 Five lessons:
 Cryptosystems have subtle flaws
 Plan for key compromise
 Users pick poor passwords
 Pick a good RNG and trust it
 Don’t underestimate the enemy
28 May 2013 20
© Franklin Heath Ltd