
Cryptanalysis of Enigma - lisper
http://practicalcryptography.com/cryptanalysis/breaking-machine-ciphers/cryptanalysis-enigma/
======
AndrewOMartin
I just want to mention that this site uses a kind of informed brute-force
attack on Enigma. If you're interested in the wide range of techniques used to
break the Enigma code in Bletchley Park without the use of a programmable
computer (the machine they used, The Bombe, was essentially a bank of enigma
wheels, hooked up to wires which generated logic circuits as the wheels
rotated) then read Hodges biography of Turing.

If you don't have that exact book to hand, you swine, then the wikipedia page
looks comprehensive from a glance, if a bit inaccesible.

[https://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma#Cr...](https://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma#Crib-
based_decryption)

~~~
paulmd
The impressive thing about Enigma was that unlike most previous ciphers it was
"secure" in the sense that even if you know its implementation details you
still cannot break messages without a brute-force search. Particularly when
the plugboard was used.

The key mistake was underestimating the ability to automate and parallelize a
brute-force search. Turns out a keyspace of 3^26 is just too small. User error
was a large contributing factor, of course, and ensured that the
implementation details were always leaked. But when it came down to it, the
Polish and British intelligence services could simply break the codes on a
near-daily basis.

~~~
nbadg
Well, also its susceptibility to both known-plaintext attacks and statistical
analysis, though it depends a bit if you're talking about the army version of
the enigma or the navy version. Also until very late versions, the machine
couldn't map a letter to itself, which was another critical vulnerability.

The actual keyspace was around 76 bits [1], which is fairly respectable,
particularly for the mid-20th century. Much of the weakness was, in fact, the
result of the Enigma being an early device in a nascent technological field --
ie, the result of failures in the Enigma's design, as well as procedures
surrounding its operation (not just operator error; for example, Polish
cryptanalysts used the procedural repeating of the rotor setting
initialization (it's conceptually similar to an initialization vector in
modern crypto) to break early versions of the machine as early as 1932.

[1]
[https://en.wikipedia.org/wiki/Enigma_machine#Details](https://en.wikipedia.org/wiki/Enigma_machine#Details)

~~~
VLM
Another early device problem was the threat model post WWII is of course
nations will put up a near Manhattan Project level of effort which turns out
to be just enough to break it, everyone knows that.

Pre WWII of course, they figured if a PHD mathematician couldn't crack it in a
couple hours with chalk and chalkboard, well, surely they'll just give up,
right?

The ratio of optimism to pessimism was a bit off.

~~~
jacquesm
> The ratio of optimism to pessimism was a bit off.

Not much has changed then.

------
xg15
I was surprised about this bit:

 _It is interesting to note that the actual key settings used the indicator
'SIG' with ring settings 'PMP', but the [different] recovered key gives an
identical decryption._

So there are keys of the enigma that produce the same ciphertext? Wouldn't
that reduce the practical keyspace dramatically?

Also, would that mean a message could be "hardened" by referring to the
original key within it? (E.g. "Execute order <second letter of
indicator><first letter of indicator>)

------
fotbr
David Kahn's books "Codebreakers" and "Seizing the Enigma" are both very good
and detailed reads.

------
willvarfar
So reassuringly similar to my own attack on enigma :)
[http://williamedwardscoder.tumblr.com](http://williamedwardscoder.tumblr.com)

The thing that helped me most was building a paper enigma.

