{"id":8628,"date":"2015-05-07T14:08:56","date_gmt":"2015-05-07T18:08:56","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/?p=8628"},"modified":"2019-11-15T23:00:11","modified_gmt":"2019-11-15T12:00:11","slug":"ww2-enigma-hack","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/ww2-enigma-hack\/8628\/","title":{"rendered":"World War II information security: hacking the Enigma"},"content":{"rendered":"<p>Everyone has heard of the German cipher machine called Enigma, mostly due to the fact its story fascinates all kinds of writers and filmmakers \u2013 most recently in the Oscar-nominated film, <em>The Imitation Game<\/em>, about Alan Turing, the renowned founding father of computing, who was able to crack its code.<\/p>\n Enigma cipher machine\n<p>During World War II, Turing, as many of his fellow mathematicians (as well as linguists, egyptologists, chess players and even crossword compilers), worked for the so-called Government Code and Cipher School at Bletchley Park, which was Britain\u2019s intelligence and code-breaking center designed to create means of intercepting and deciphering the adversary\u2019s communications.<\/p>\n<p>Enigma was the most sophisticated ciphering machine, securing the Nazi fleet and troops\u2019 communications and was believed to be unhackable. However, cryptanalysts from Poland and Britain managed to <a href=\"https:\/\/en.wikipedia.org\/wiki\/Cryptanalysis_of_the_Enigma\" target=\"_blank\" rel=\"noopener nofollow\">find the way to decipher Enigma\u2019s messages<\/a>, giving the Anti-Hitler coalition a significant advantage (according to Churchill and Eisenhower, \u2018the definitive advantage\u2019) in WW2.<\/p>\n<p>To see how Enigma functioned, <a href=\"https:\/\/en.wikipedia.org\/wiki\/Enigma_machine\" target=\"_blank\" rel=\"noopener nofollow\">check out the link<\/a> or watch it in action on YouTube:<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/G2_Q9FoD-oQ?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>When typing a message, an operator would type a letter on the keyboard, then the resulting signal would be transmitted through the electric grid consisting of several rotors with contact elements, and then a substitute letter would appear on the dashboard, and this letter would then be used in the ciphered message. Rotors would turn after each input, and the next time the same letter would be coded into a different letter.<\/p>\n<div class=\"pullquote\">The creation of the \u201cBomba\u201d cryptanalytic machine enabled a continuous process of decoding Enigma\u2019s messages. It was the result of incredible scientific and analytical research, as well as some mistakes made by the Germans.<\/div>\n<p>The creation of <a href=\"http:\/\/en.wikipedia.org\/wiki\/Bomba_(cryptography)\" target=\"_blank\" rel=\"noopener nofollow\">the \u201cBomba\u201d<\/a> cryptanalytic machine enabled a continuous process of decoding Enigma\u2019s messages. It was the result of incredible scientific and analytical research, but at the same time, it stemmed from some mistakes made\u00a0by the Germans when working with Enigma \u2013 as well as from the analysis of the machines and one-time pads procured in the course of raids or special operations when cryptanalysts worked with messages whose source text contained known words.<\/p>\n<p>What are some takeaways of the Enigma story? The machine itself could not amaze anyone today in terms of information security methods. At the same time, there are lessons we can learn from this story:<\/p>\n<p><strong>1. Don\u2019t dwell too much on your technical supremacy.<\/strong> The Nazis had good reasons to consider Enigma unbreakable, but the Allies created their own machine which was powerful enough to analyze possible machine settings and crack the code to decipher the message. It was a real quantum leap for the technology available back then, so it was impossible for the Germans to predict such a development. Now, we know what the \u201cBomb\u201d machine of today\u2019s cryptography would be: a quantum computer.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Quantum Computers And The End Of Security  <a href=\"http:\/\/t.co\/880dXFMs01\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/880dXFMs01<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/387510665482891264?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 8, 2013<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>2. Sometimes, it\u2019s hard to predict what would become the \u2018weakest link\u2019 in a well-organized scheme of information protection.<\/strong>\u00a0The impossibility of a direct match between a letter in a source message and its counterpart in an encrypted message could seem like a meaningless detail, or even an appropriate solution then, but it was a way to mechanically sort out invalid keys: it would be enough to reject all options where at least one letter in the source message was matching a letter in an encrypted message.<\/p>\n<p><strong>3. One should always look for an opportunity to make the key a bit more sophisticated.<\/strong> For common users, this recommendation applies to <a href=\"https:\/\/www.kaspersky.com.au\/blog\/false-perception-of-it-security-passwords\/\" target=\"_blank\" rel=\"noopener\">password generation<\/a>. Back then, an additional rotor in naval modification of the ciphering machine, a.k.a. Naval Enigma, paralyzed the entire cryptanalysts\u2019 think tank for half a year, and only upon obtaining a sample of this modified machine from a\u00a0sunken submarine were they able to resume the work. As you can see from <a href=\"https:\/\/www.kaspersky.com.au\/blog\/password-check\/\" target=\"_blank\" rel=\"noopener\">our password check service<\/a>, sometimes a single character may significantly increase the time needed to crack your password.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Today is Safer Internet Day? Test some passwords to see if they are safe! <a href=\"http:\/\/t.co\/1V6ypPcdmN\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/1V6ypPcdmN<\/a>  <a href=\"https:\/\/twitter.com\/hashtag\/SID2015?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#SID2015<\/a> <a href=\"http:\/\/t.co\/WkorPF7nLB\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/WkorPF7nLB<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/565316846090731521?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 11, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>4. <a href=\"https:\/\/www.kaspersky.com.au\/blog\/how-to-avoid-phishing\/\" target=\"_blank\" rel=\"noopener\">Human factor<\/a> plays an important role, even when dealing with sophisticated systems.<\/strong> We cannot be sure the Allies would have broken Enigma eventually, if not for tiny mistakes and rare cases of offhandedness the German operators were responsible for. On the other hand, the \u2018human factor\u2019 definition could be applied to the consistent effort with which the German command searched for other reasons for the Allies\u2019 witty shrewdness instead of considering for a moment that\u00a0Enigma had been compromised.<\/p>\n<p><strong>5. Information supremacy is a double-edged sword.<\/strong> One of the most challenging tasks for the Allies\u2019 command was using the information obtained from Enigma\u2019s deciphered messages in a manner which would not compromise the advantage they got by cracking Enigma. Sometimes special operations were organized to masquerade the real reason for success (for instance, letting a plane fly over the theater of operations prior to attacking the escort guard or leaking information about supposed \u2018valuable insider\u2019 in the adversary\u2019s intelligence). Sometimes it was necessary to give up on some operations (once, the Allies had to let Coventry be air bombarded by the Germans, as if the command was not aware).<\/p>\n<blockquote class=\"twitter-pullquote\"><p>5 lessons from the story of the #Enigma #cryptographic machine which are still relevant<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FC4aU&amp;text=5+lessons+from+the+story+of+the+%23Enigma+%23cryptographic+machine+which+are+still+relevant\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>We enhance our technologies and increase computing power day by day, but the basic principles of using and protecting information change at a much slower pace, so there are some useful lessons of the past which are still up-to-date.<\/p>\n<p>But in case Enigma is just another fascinating story for you, we recommend you to watch such movies as <em><a href=\"http:\/\/www.youtube.com\/watch?v=5NrfiIpUd20\" target=\"_blank\" rel=\"noopener nofollow\">Enigma<\/a><\/em> (story by Tom Stoppard) or <em><a href=\"http:\/\/www.youtube.com\/watch?v=nuPZUUED5uk\" target=\"_blank\" rel=\"noopener nofollow\">The Imitation Game<\/a><\/em> (Alan Turing\u2019s biopic), or read <em><a href=\"http:\/\/www.cryptonomicon.com\/text.html\" target=\"_blank\" rel=\"noopener nofollow\">Cryptonomicon<\/a><\/em> by Neal Stevenson. Moreover, there are ciphering machine simulators \u2014 for examples, this one is based on <a href=\"http:\/\/www.matematiksider.dk\/enigma_eng.html#Excel_VBA\" target=\"_blank\" rel=\"noopener nofollow\">good old Excel<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Five lessons from the story of the Enigma cryptographic machine which are still relevant.<\/p>\n","protected":false},"author":40,"featured_media":8629,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[597,261,82,577,43,97,1089,1086],"class_list":{"0":"post-8628","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-cryptography","9":"tag-encryption","10":"tag-hacking","11":"tag-history","12":"tag-privacy","13":"tag-security-2","14":"tag-world-war-ii","15":"tag-ww2"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ww2-enigma-hack\/8628\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ww2-enigma-hack\/5324\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ww2-enigma-hack\/5727\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/ww2-enigma-hack\/6028\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/ww2-enigma-hack\/6027\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ww2-enigma-hack\/7715\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ww2-enigma-hack\/8628\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/ww2-enigma-hack\/7563\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ww2-enigma-hack\/7715\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ww2-enigma-hack\/8628\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/cryptography\/","name":"cryptography"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/8628","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=8628"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/8628\/revisions"}],"predecessor-version":[{"id":24770,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/8628\/revisions\/24770"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/8629"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=8628"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=8628"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=8628"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}