The allies had figured out how to break the codes from the original enigmas, which (IIRC) used three dials. The story of the Polish mathematician who figured out how to do this is very interesting. But the Navy, later in the war, started using enigmas with five dials (again IIRC), which made the task of decryption orders of magnitude more difficult. Fortunately, by that time the allies were beginning to win the war, so were able to steal the code books occasionally. They had to do it frequently, because a new code book was issued each month. The movie makes it sound like it just happened once, but that kind of thing had to take place regularly.
I also enthusiastically recommend The Code Book, which deals with this, and all other codes from the Romans’ use of simple letter substitution through quantum cryptography. As a bonus, the section at the end has a series of encrypted texts, encrypted with successive schemes used throughout history, for you to solve, based on what you learned in the book. I did up through the Vigniere cypher, which is a letter-substitution cypher that changes each letter, repeating after n letters. I did that one on a plane ride and felt impressed with myself for solving it.
I also want to point out that Chronos’s assumption of three clock cycles per character is undoubtedly way low, probably by two orders of magnitude or more – and that’s with very tight programming (assembly language or C). There’s a lot of computation involved in decoding the next character, and remember that just getting the next ciphertext character out of memory is probably 5 processor instructions or so.
[hijack]
Is anything gained by encoding an encoded message (encode your message and take the encoded message and put it back through the encoder a second time)? Certainly it makes life harder for the people meant to encrypt and decrypt the message but it would seem it would make it near impossible to brute force readable text out of it by an enemy. Even if they stumbled on the correct key they wouldn’t know it as the result would still look like gibberish.
That said it seems all too obvious a thing to try so I am guessing it is either too hard to do for the people sending the messages to be practical or it actually doesn’t really gain you anything. Just curious.
[/hijack]
Back when the US government was trying to foist The Clipper Chip on us to help them hack into communications someone pointed out that all a bad guy need do is encode his message before Clipper got ahold of it. Clipper would then encode the encoded message and if the government tried to read the bad guy’s mail by using Clipper to unlock it they’d just get another encoded message out of it.
I believe that the German high command used the Geheimschreiber (Secret writer) for the super high level messages. This encoded the message a second time.
Sure. Have a look at 3DES-EDE3 - triple DES (Data Encryption Standard) done by encrypting a message with the first key, decrypting that with a second key (resulting in even worse gibberish) and encrypting with a third key. Decrypting with a “wrong” key isn’t really any better than encrypting with the same key, but the encrypt-decrypt-encrypt chain done with a single key equals single DES, so it’s primarily a backward-compatibility feature.
DES (just plain single-pass, 56 bit key) on its own is now considered weak as it has been broken. 3DES-EDE3 hasn’t been “practically” broken yet, despite concerted efforts by cryptographers in academic situations like the RSA Challenges, but there are a handful of theoretical challenges to it.
The best way to think about this is to realize it’s just the same as using a more complex cipher in the first place. It will take twice as much effort to encode and decode, and more effort to break the code, just the same as if you used a different cipher with twice the number of steps.
If the codebreaker thinks you’re only using one step, then yes, she’s going to have trouble breaking it. But she’d have just as much trouble breaking it if she thought you were using the simple cipher and you’re really using a completely different complex cipher. The difficulty isn’t because of the kind of cipher, it’s just because she doesn’t know what kind of cipher you’re really using.
And one fundamentul rule accepted by modern cryptologists is that you should always assume that your enemy knows what kind of code you’re using (though not the particular key of course). The idea is, they’ll figure it out eventually, and once they do, you still want your messages to be secure.
OK, there’s obviously a lot of things I don’t know about Enigma. How was one of these supposed to work? That is to say: Suppose I’m a German field officer, and I’m supposed to be receiving Enigma messages. What would be the procedure? I presume I have some sort of book (which the sender also has a copy of) in which I look up the key for the day. I then set my Enigma machine to that key, and when I type in the ciphertext, the machine outputs plaintext. Is this correct? If so, what would a typical entry in that book look like? In other words, how does one specify an initial state for the machine?
I think the way it worked (with the version in use at the start of the war) was as follows.
(1) Open your code book at the correct page
(2) The code book tells you which three of the five rotors to select
(3) The code book tells you what initial position to put the three rotors in
(4) The code book tells you what settings to use for the plugboard.
You then type in the first three letters of the coded message you have recieved - out pop three new letters: these are the message code. Without changing anything else you reset the three rotors to match this message code. You then continue to type in the rest of the message, with the un-encyphered text illuminated in the display panel letter by letter.
An intrinsic feature of the encryption process was that the same settings and circuits decrypted the message as those that encrypted it in the first place: essentially the machine swaps pairs of letters, but the swapping rule changes with each letter encoded.
I think that’s correct!
I looked up the following example (I assume it’s authentic, but it’s not from a facsimile of a code book I am afraid)
Yes, but it’s not completely useless to encrypt with the same cipher multiple times. I use the program KeePass to protect all my passwords on my Windows machine. It encrypts multiple times (I think 6000 is the default) to make brute force attacking more difficult. With simple things such as passwords, there’s not really a performance penalty to do it 6000 times for a few characters, but it makes brute forcing a lot less practical.