back to article UK code breakers drop Bombe, Enigma and Typex simulators onto the web for all to try

UK signals intelligence agency GCHQ, celebrating its centenary, has released emulators for famed World War II-era cipher machines that can be run within its web-based educational encryption app CyberChef. "We've brought technology from our past into the present by creating emulators for Enigma, Typex and the Bombe in # …

  1. Mayday
    Big Brother

    You have to run GCHQ code

    But we all know:

    "If you have nothing to hide, then you have nothing to fear"

    PS No I have not viewed, or otherwise attempted to use the emulator(s).

    1. Chris G

      Re: You have to run GCHQ code

      I think it may come to the point where, if you are not using Government sanctioned apps, you will be automatically considered to be hiding something.

      BBLY!

    2. Dan 55 Silver badge
      Black Helicopters

      Re: You have to run GCHQ code

      Remember after running these apps you have to destroy the device in the government-approved way.

      1. Rich 11

        Re: You have to run GCHQ code

        Or just drop your iPhone X from a height of at least three centimetres.

    3. Anonymous Coward
      Anonymous Coward

      Re: You have to run GCHQ code

      I ran the GCHQ code through the NSA's newly released "GHIDRA" program and caused a rift in the Space-time continuum.

      1. Anonymous Coward
        Anonymous Coward

        Re: You have to run GCHQ code

        Great work enabling FTL travel :)

    4. JJKing
      Thumb Down

      Re: You have to run GCHQ code

      Probably a smart thing to do Mayday. I just went to open the link only to have a Bitcoin Mining box flash up on my screen for about half a second. Decided to give the second one a miss.

  2. Chris G

    I may as well say it

    Do these apps have a government back door to save us from ourselves, terrorism, organised crime and paedophiles?

    1. Yet Another Anonymous coward Silver badge

      Re: I may as well say it

      No need, if you're using encryption you already are a terrorist, organised crime paedophile.

  3. Michael H.F. Wilkinson Silver badge

    Interesting

    I touch upon cryptography in my course "Introduction to Computing Science", and might well put up links to this code for students to have a play around with it.

    Donning my tinfoil hat: this might be a decoy, without any back doors, to lead people on a wild goose chase through the code on GitHub, while the REAL back doors are quietly inserted through other means.

    1. Allan George Dyer
      Coat

      Re: Interesting

      @Michael H.F. Wilkinson - "Donning my tinfoil hat: this might be a decoy, without any back doors"

      Isn't inserting a back door, or searching for one, a bit of a waste of time when they've also released Bombe code?

      [wanders off shaking head sadly, to get coat]

      Unless it's a double-bluff!

      [exits quickly]

  4. John Robson Silver badge

    And no mention of the best emulator?

    The Pringles can enigma...

    One link of many on your favoured search engine:

    http://wiki.franklinheath.co.uk/index.php/Enigma/Paper_Enigma

    1. Yet Another Anonymous coward Silver badge

      Re: And no mention of the best emulator?

      So the world's worst crisps can be used to make a long range wifi antenea AND a military grade (silver medalist) encryption system ?

      Understandable why they are such bad crisps

  5. The_Cram

    Lots of crypto here

    https://www.cryptomuseum.com/

    Enigma and a lot of other stuff completely explained.

    Buidl it yourself.

  6. Andy Taylor

    For the Lorenz Cipher, try Virtual Colossus

    Independently developed, this site has emulators for all the Lorenz machines, Colossus, Dragon and as a "random" bonus, the original ERNIE

    https://www.virtualcolossus.co.uk/

  7. Anonymous Coward
    Big Brother

    Explain like I'm five ..

    Enigma machines turn text into ciphertext and back again; they were used by the German military, among others, to encrypt and decrypt messages during the Second World War.”

    And any WW2 enigma msg can be cracked in minutes using a current desktop computer. What's the difference between ‘rotor ring settings’ and ‘rotor initial value’ ref?

    1. Yet Another Anonymous coward Silver badge

      Re: Explain like I'm five ..

      You can feasibly explore the key space with a modern computer.

      But the encryption doesn't contain any hash checks or magic numbers so can you determine you have cracked it - except by getting a plausible plain text message in German?

      If the message was the stream of buzzword filled gibberish sent out by say the MoD is response to questions about its latest IT fiasco would you know you had solved it?

      1. JerryMcC

        Re: Explain like I'm five ..

        The thing here is, that an encrypted Enigma message will have a mostly flat distribution of all of the letters, and an incorrectly decrypted message will show the same mostly flat distribution. A correctly decrypted message, however, will show peaks and troughs representing the distribution of the various letters in the original plain text. Read about William Friedman's index of coincidence for more details.

    2. Mike Dimmick

      Re: Explain like I'm five ..

      The core of the rotors is not permanently attached to the ring around the outside with the letter indicators. Instead there is a dot marking position 1, and a spring-loaded catch that allows the letter-ring to be rotated so that the dot can be positioned at a different letter. The 'rotor ring setting' is the letter pointed to by the dot.

      The 'rotor initial value' is then the letter that is chosen by the operator for this rotor, for this message. After installing the rotor into the machine, the whole unit (core and letter-dial) would be rotated using the thumbwheel on the edge.

      Why have an adjustable 'ring setting'? It allows the same initial value to be used on consecutive days, but actually mean a different enciphering setting. It also allows the changeover position - where the wheel causes its neighbour to rotate - to be moved relative to the wiring: the changeover position is at a fixed place on the letter wheel rather than the core.

    3. Mark 85

      Re: Explain like I'm five ..

      The breaktrough moment was when the Brits realized that the Germans left them bread crumbs. The closing line was the give away which was always "Heil Hitler". Once someone realized this, the rest was easy by comparison. Still, IMO it was a massive and great achievement..

      1. Yet Another Anonymous coward Silver badge

        Re: Explain like I'm five ..

        That was really my question.

        Was the flaw in enigma enough to crack it or was it only possible due to poor opsec?

        The user error stories are legendary. The guy who used HIT/LER as the initialising codes everyday for the whole war, sending the same weather reports in enigma+merchant codes everyday, highly formulaic greetings and sign offs etc

        (sorry to hijack thread, posted replay by mistake)

        1. Anonymous Coward
          Big Brother

          Re: Explain like I'm five ..

          > Was the flaw in enigma enough to crack it or was it only possible due to poor opsec?

          I guess without the cribs, the answer would be no, at least not with the technology available at the time, a massive achievement all the same. I read somewhere they dismantled the equipment at the end of the war and shipped it off to the US. If they'd commercialized the technology then silicon valley could have happened here.

          Thanking you @Mike Dimmick:

          @Mark 85: Using "Heil Hitler" to close the msg must be an urban legend. I read somewhere that the cribs or clues were gotten as the initial key was repeated twice and the msgs used similar phrases for weather reports and enemy sightings.

          1. hoofie

            Re: Explain like I'm five ..

            The technology was also kept in the UK - evidence of this is the great strides the UK made in computing in the 1950s.

            However the WW2 work was kept hyper secret for decades which included the technology used as we didn't want others [mainly the Russians] to know that the capability existed.

            Computing was greatly boosted in the US by the torrents of money pouring into the various weapon programs in the US in the 1950s and also the space program in the 1960s - something that did not happen in war-exhausted and financially buggered Britan. When the Goverment basically pays for all your R&D it's piss-easy to then bring out commeral products.

            At the end of WW2 the US emerged as a financial and military superpower with it's economy and industry firing on all cylinders - whereas the UK was bomb-damaged and almost bankrupt.

            1. Dave Bell

              Re: Explain like I'm five ..

              The Americans were also relatively open about what they did to break the Japanese codes and ciphers, apparently fallout from the inquiry on why Pearl Harbor happened. It's described in "The Codebreakers", which was first published in 1967, before any Enigma revelations, and references to NSA/GCHQ collaboration were cut out. The book also didn't go into great detail about the methods used to crack the Japanese system. It mostly just revealed how much of the Japanese signal traffic was being read, and quickly enough that the Americans were reading the effective declaration of war before the Japanese Embassy in Washington.

            2. Anonymous Coward
              Anonymous Coward

              Re: Explain like I'm five ..

              >However the WW2 work was kept hyper secret for decades which included the technology used as we didn't want others [mainly the Russians] to know that the capability existed.

              The Russians knew all about it Cairncross was their man at Bletchley and this was certainly known by 1951 - but probably earlier. Additionally many of the Polish servicemen at Bletchley returned home and continued in Naval Intelligence behind the curtain.

              Secrecy was important as after the war US/UK govs sold many thousands of machines to friendly governments so they could communicate 'securely'.

          2. JerryMcC

            Re: Explain like I'm five ..

            The repetition of the initial key in its encrypted form was indeed enough for Polish mathematicians to determine many details concerning the Enigma, and enabled them to design and have built some very interesting machines, including one called a "Bomba" which is a precursor to the much better known Turing-Welchman "Bombe".

          3. TomPhan

            Re: Explain like I'm five ..

            Another clue was bureaucracy, many of the messages had a standard header with the date and other consistent identifiers.

          4. Anonymous Coward
            Anonymous Coward

            Re: Explain like I'm five ..

            @Walter Bishop

            "Using "Heil Hitler" to close the msg must be an urban legend. I read somewhere that the cribs or clues were gotten as the initial key was repeated twice and the msgs used similar phrases for weather reports and enemy sightings."

            There were lots of crypto-cockups exploited; it's very tricky to crack decently encrypted messages unless someone's made an exploitable mistake. One I recall reading about and found on-line was this:

            <http://home.bt.com/tech-gadgets/cracking-the-enigma-code-how-turings-bombe-turned-the-tide-of-wwii-11363990654704>

            "In one example the Atlantic weather forecast, which was written in the same format each day, was crucial. Location-detecting equipment in listening stations allowed codebreakers to find where a message was originating from and, if it matched up with the positioning of a weather station, it was likely that the word “wettervorhersage” (weather forecast) would be both present and in a similar place in every message."

            IIRC, only the German navy used four rotor Enigma; other German users thought three rotor Enigma was secure, which was not the case.

            "Enigma, the battle for the code" by Simon Sebag-Montefiore is a fascinating account of how much of the cracking of naval Enigma traffic was enable by "capture of ships and U-boats and their codeboks [...] and the betrayal of his German homeland by the Enigma Spy." - "Without for a moment belittling the work of Alan Turing and his team of eccentric codebreakers."

            Apparently, cracking four rotor naval Enigma traffic relied on having access to cribs or other captured German material:

            <https://uboat.net/technical/enigma_breaking.htm>

            says that even four rotor Enigma was being generally read within 24 hours from September 1943 onwards, due to the introduction of 4 rotor bombes in June and August (plus, one assumes, the application of many clever brains and some captured material).

            The above link contains lots of interesting stuff, including:

            "Hut 8 suffered a massive reverse on 1 February 1942 when a new Enigma machine (M4) came into service on Triton (codenamed Shark by Hut 8), a special cipher for the Atlantic and Mediterranean U-boats. The combination of M4, Shark and a second edition of the Wetterkurzschlüssel proved devastating. Bletchley Park became blind against Shark for over 10 months. Fortunately, M4's fourth rotor (beta) was not interchangeable with rotors I to VIII. Beta increased M4's power by a factor of 26, but rotors could still only be mixed in 336 (8x7x6) different ways - not 3,024 (9x8x7x6).

            At one setting of beta, M4 emulated M3, which was M4's undoing. Three members of the British destroyer HMS Petard seized the second edition of the Wetterkurzschlüssel from U-559 on 30 October 1942, before it sank near Port Said. Hut 8 once again had cribs, which it could run on three-rotor bombes, the only type available. The U-boats were using M4 in M3 mode when enciphering the short weather reports. A three-rotor bombe run on 60 rotor combinations therefore took only about 17 hours instead of the 442 hours (18 days) required if M4 had used its full potential."

            <https://www.bbc.co.uk/news/magazine-17486464>

            has an interesting little tale about the work by Dilly Knox a classicist who had been working on breaking ciphers since World War I) on cracking Spanish Enigma messages in 1936, which I'd never heard of before now.

            Finally, I recall reading somewhere that one mistake made by the Germans in using Enigma was, when they sent a message and were asked to re-send because of a communication problem (i.e., the radio message hadn't been received clearly, or a mistake was found in the source plaintext when the message was decrypted), the message would be re-sent with the same Enigma machine settings. If the problem was in fact an error in the source plaintext (typically an operator typing error), then the second message would be the nearly-but-not-quite-the-same as the first one, and apparently that's as good as having a crib to work from.

        2. Brad Ackerman

          Re: Explain like I'm five ..

          Designing the Enigma to never encrypt a letter as itself is a boneheaded move that shows up in large organizations' password policies. (Can't have more than x lowercase letters/uppercase letters/numbers in a row, for example.) Reducing your system's work factor is rarely a good idea.

          1. Allan George Dyer

            Re: Explain like I'm five ..

            @Brad Ackerman - "Designing the Enigma to never encrypt a letter as itself is a boneheaded move"

            It was a design feature that allowed the same device to be used to encrypt and decrypt. Without it, you'd need two devices, or a much more complex device. I suppose the flaw was not understanding the enemy's cryptanalysis capability and how the weakness could be exploited. If they had, they could have compensated by strengthening the system in other ways, which they did, to some extent.

  8. IceC0ld

    Building upon previous Polish work .........................

    ===

    Shurely Shome Mishtake

    I've seen that U-571 film, and I'm DAMN certain Hollywood woudnt' lie :o)

    1. GerryMC
      Coat

      You forgot your coat...

  9. Anonymous Coward
    Anonymous Coward

    Whoosht ...Over your heads

    [CyberChef as "a simple, intuitive web app for analyzing and decoding data without having to deal with complex tools or programming languages."]

    seems like they're pointing you to an interesting tool they have put up a while back. if you can stop wwwwwwimpering and read.

    1. Anonymous Coward
      Anonymous Coward

      Re: Whoosht ...Over your heads

      " ... pointing you to an interesting tool they have put up a while back. if you can stop wwwwwwimpering and read."

      The problem is the 'people who line their hats with tin foil' are afraid to look at the site in case the nice people at GCHQ have riddled it with crafty code to infect all their computers/tablets/phones which will circumvent their 'tin foil defences'. :)

      The real problem is they might be correct !!! ;) :)

  10. Anonymous Coward
    Anonymous Coward

    "Building upon previous Polish work"

    The British like to overlook the fact that without the Polish mathematicians and pilots, the inhabitants of the British Isles would quite probably now be speaking German. The way the Polish are treated by the British is disgusting. The two countries should have had a long lasting friendship after the war due to their combined efforts that resulted in the defeat of the Nazis, but no, Britain left the Poles to the mercy of the Russians. So much for gratitude.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like