Black Basta Team and double extortion ransomware attacks

Protect smartphones and tablets from cyber risks: the mobile security

 View all
CRYPTOGRAPHY

Enigma: a story about cipher mishandling

Enigma was a portable cipher machine producing a polyalphabetic substitution cipher.

It had up to 5 rotor scramblers. Many versions included many sets of plugboard connections, which allowed a further swap of a letter with another once encrypted.

Its inventor Arthur Scherbius originally developed it for commercial use in the 1920s.

He later sold it to the German Armed Forces in the early 1930s.

The military Enigma equipped with 5 rotors and 10 plugboard connections has 158,962,555,217,826,360,000 possible combinations.

Good operating procedures, properly enforced, would have made Enigma unbreakable in the 1940s.

History teaches us that this was not the case. Many historians agree that the Allies won WW2 thanks to the deciphering of Enigma.

What happened then? A mix of structural weaknesses and poor handling made Enigma vulnerable.

Let’s find out more below!

 

Enigma: structural weaknesses

Was Enigma unbreakable? No, it was not, in fact.

Enigma ciphers’ security did have fundamental weaknesses that proved helpful to Allied cryptanalysts.

To start our analysis, you should know that Polish cryptoanalysts designed a special system, “the bombe,” in attempting to break the cipher. The British would later develop an augmented version of the bombe.

Let’s turn now to the actual weaknesses of Enigma.

First, Enigma could not encrypt a letter to itself due to the machine’s structural architecture. This gave cryptanalysts a key hint. They knew they could ignore a number of sequences.

Secondly, the plugboard connections were reciprocal, so that if A was plugged to N, then N likewise became A. Because of this property, British cryptoanalysts introduced a diagonal board into the bomber, substantially reducing the number of incorrect rotor settings that the bombes found.

The augmented version of the bombe, also known as the Turing machine, was the first computing machine in history. Alun Turing designed it to find the correct initial setting of the rotors. Knowing the initial setting would have allowed Turing and his team the Enigma decryption.

Finally, the notches in the alphabet rings of rotors I to V were laid in different positions, which helped cryptanalysts work out the wheel order by observing when the right-hand rotor turned over the middle one.

Thus, thanks to these flows, Polish, French and British governments started working on decrypting Enigma in the 1930s. Britain was able to decrypt a substantial number of German communications since the summer of 1941.

 

The human error in handling Enigma

However, the technologies Allied powers possessed did not allow the full exploits of those structural weaknesses.

The main vulnerabilities of Enigma came from poor handling and lack of safety procedures.

First of all, the message’s choice was not totally random – Germans sometimes opted for obvious keys (three successive letters).

Also, the Germans made the mistake of repeating the same key. This feature made Enigma a vulnerable pseudo-Vernam cipher, where the key is repeated more than once.

The security measures taken by those responsible for creating the notebooks with the daily key settings were lacking, too.

They did not allow any rotor to repeat the position from one day to another.

Besides, sometimes, the Allies managed to obtain a notebook of key settings, which gave the analysts a boost to continue advancing in solving the Enigma.

 

Conclusion: ciphers and proper procedures

In conclusion, the mixture of inherent and human error greatly reduced the total number of possible configurations and provided shortcuts to cryptanalysts.

Allied deciphering of the Enigma codes can be attributed to human error and/or human carelessness.

Built-it weaknesses were pretty limited and were not sufficient to allow pattern spotting with the technology the Allies could rely on.