What was Enigma? The Allies victory over the Axis powers in World War II is often remembered in terms of famous battles and tremendous acts of valor. But the strategic victories that liberated Europe and defeated the Empire of Japan were never guaranteed. Success in World War II depended on a combination of strategy and opportunity. The importance of information warfare in World War II has finally received the attention it deserves. Movies like “The Imitation Game” and an outpouring of books on Enigma highlight the critical strategic role codebreakers and scientists played in defeating the Axis. The history of the Enigma code–and its ultimate failure–serves as an important lesson in information security that remains relevant today.

I – What was Enigma?

Enigma was the German encipherment machine used to encrypt messages. While not the first machine of its kind, it was a revolution in cryptography. Cryptography has a long history going back well before the advent of computing machines. In short, cryptography is the practice of securing communication through encoding techniques. Early methods, like the Caesar Cipher usually substituted one letter for another. In a Caesar Cipher characters are substituted by shifting letters in the alphabet. A shift of one would substitute A with B, B with C, and so on. (“HELLO” becomes “IFMMP.”) If the recipient knows the key (how far to shift), they can decode the message.

The weaknesses of the Caesar Cipher are almost immediately obvious: First, since there are only 25 possible shifts there are only 25 possible keys. Second, once an interceptor figures out that “IFMMP” is “HELLO,” decoding the remainder of the message will be an easy process. An encoder can implement a few strategies to improve code security. For example, the shift could change every day, or even every hour, so that the decoding of one message would not immediately compromise all other messages. The encoder could also add additional layers to the shift, such as adding a backwards shift of three after the initial forward shift of one. (In this case A becomes B, then B becomes Y.) Or the message itself could be written in coded language that would frustrate the decoder. Typically, the more complex an encoding process, the harder it is to break the code.

The Enigma machine looked something like a typewriter with lights corresponding to letters. It used a series of rotating cylinders that would substitute one character for another. Every time a key was pressed, the signal would travel across the three cylinders, then travel back across them on a different path. The signal would light up a corresponding letter indicating the enciphered character. Once the entire message was converted to code it would be transmitted to the recipient, usually by radio. The recipient would type the encoded message into their own machine, and it would be translated back into readable text. The key in this case would be the starting position and order of the rotating cylinders.

On the face of it this may look like just another Caesar Cipher with extra shifts, but it was exceedingly more complex than that. Every press of the keyboard rotated the cylinder by one. This means even repeating characters would be represented by different characters after enciphering. “AAAA” might be enciphered as “UXHT.” The complexity of Enigma was compounded by frequent changes of the key. Decoded messages from Monday would not be helpful decoding messages intercepted on Tuesday.

The number of possible keys also confounded decoding efforts. Early machines had three cylinders, each with 26 letters and six possible rotations. The position of ten plugboard cables and two notched rings also changed the outcome. All-in-all, there were over 158 quintillion possible starting positions. That’s over 158 million million million. If ten cryptanalysts checked each setting every second it would take over 500 million years to check them all.

The Germans took great assurance in these astronomical numbers. Enigma would be regarded as unbreakable by nearly any measure. But a security tool is only as good as the people who use it. The German military made several blunders in their handling of Enigma, and their failure to recognize their own poor security practices would ultimately cost them the war. Conversely, the Allies made tactical choices that strengthened their own information security.

II – Cracking Enigma

The Allies would have to be creative. Simply brute-forcing enciphered messages was not a viable strategy. Ultimately, breaking the Enigma code required a synthesis of both academic and military expertise, along with a little bit of luck. This project was codenamed Ultra.

The Allied cryptography effort was centralized at an English mansion in Bletchley Park codenamed Station X. There were over 7,000 personnel staffed at this location, both civilian and military. In partnership with American and Soviet intelligence efforts, the Bletchley Park operation used stolen cipher keys and exploited flaws in Enigma. By the end of the war, virtually every enciphered German message was decoded.

The Allies took advantage of poor security practices and mistakes the Germans made using Enigma. An example was weather reporting. German naval and airforce officers would broadcast easily deducible bits of data like temperature, fog, cloud cover, and precipitation. There were also callsigns, or designated names for transmitting stations, which would appear in almost every message. The Allied cryptanalysts could infer these bits of information and decode the words using a book of stolen keys. This resulted in a handful of ciphertext-to-plaintext pairings called “cribs.” This drastically reduced the effort required to crack the messages.

Among the more distinguished members of this effort was Alan Turing, who is often referred to as the father of computer science. He designed a device called the bombe, a gigantic rudimentary computer. Cribs from partially decoded messages would be fed into the bombe, and paired with a “menu” of likely plaintext. A complex series of rotating drums would cycle through the possible keys that would produce the ciphertext-to-plaintext pairing, checking for contradictions. This helped identify the most likely starting-positions, reducing the possible keys from 158 quintillion to a mere handful.

Breaking Enigma was made even easier as German officers failed to follow their own security protocols. There were several instances where Enigma technicians would recycle keys, sometimes multiple times. Even though there were nearly countless Enigma keys, it was very unlikely that all the keys being used were unique. Every time the Allies decoded a message and got a key, the likelihood of them decoding a future message with the same key was substantially higher. By August 1942, the cryptanalysts at Bletchley were decoding nearly 400 German airforce keys every day.

III – The Dangers of Assumed Security

The Germans’ assumptions in their own superiority is perhaps the most consistent theme encountered reading Enigma’s history. They believed that undermining Enigma was simply outside the capacity of all other nations. The notion that their encoding could be cracked was never even considered. Even as Allied forces consistently and inexplicably struck hidden encampments, responded to secret troop movements, and avoided stealth attack submarines, the possibility that their messages were being decoded was simply out of the question.

There were many reasons to be confident in the security of Enigma. Obviously, decoding the messages by hand would be a mathematically herculean undertaking. Additionally, Enigma code books on German ships were printed on water soluble paper that would dissolve if one were sank. Radio engineers were instructed to destroy their ciphers and the Enigma machine if they suspected the machine was in danger of being captured. Enigma use was also decentralized. Intercepting and decoding the messages from one naval patrol would not necessarily help decoding another’s. However, these measures did not account for human error, and the possibility that the Allies discovered weaknesses in the encipherment mechanism.

Concerns about Enigma’s security were raised several times throughout the war. The possibility that Enigma had been compromised was seriously contemplated after the sinking of the Bismarck, the flagship of the German navy, on her maiden voyage. An investigation into this major setback incorrectly concluded that the Bismarck’s location was revealed by English intelligence officers, traitors, and accidental leaking of information. The likelihood that Enigma had been cracked was considered an extremely remote possibility. 

This delusion was fed by a ruse on the Allies’ part. They concocted a fictional spy within the German high command codenamed “Boniface.” Much of the intelligence derived from decoded Enigma messages, classified as “Ultra” intelligence, would be attributed to the mysterious Boniface. This engendered significant distrust among the German high command, who were constantly on the lookout for this non-existent traitor. Indeed, until the British government declassified the work at Bletchley Park in 1974, the Germans assumed for decades after World War II that Enigma remained secure.

There is a lesson here: Do not assume any part of your security strategy is unbeatable.

IV – Allied Information Security

Most people have trouble keeping a secret between close friends. How is it possible then that the Allies’ decryption of Enigma, which involved thousands of participants, remained a secret until almost 30 years after the war ended? The Allies employed a variety of information security measures that prevented leaks and protected their operational secrecy.

The Allies adopted a “need-to-know” policy when it came to Enigma, meaning personnel would only be told the bare minimum amount of information required to complete a task. Roles and responsibilities were segregated in such a way that no single person knew the totality of the project. This prevented the unnecessary spreading of secret information and reduced the possibility of a leak. But this also permitted operational flexibility. A low-level officer (or even a civilian) could be given “privileged” information if the situation called for it. It also prevented information from leaking to higher-ranked individuals. In one amusing instance, King George VI asked a woman working on the decoder machine what she was doing to help the war. She replied, “I can’t tell you, sir.” This form of segregation was so effective that many of the participants in Enigma did not even realize the role they had played until long after the war had ended.

In addition to this strict classification policy, the Allies took great precaution hiding Enigma’s vulnerabilities from the Germans. The cryptanalysts realized early on that if they acted on intelligence that could have only been gathered via Enigma, the Germans would quickly figure out that Enigma was compromised and move onto a different method of encryption. Therefore it was critical that the Germans always have an alternative explanation for how the Allies were discovering information. In some cases this would be as simple as corroborating decoded Enigma messages with radar, POW interrogations, and the easily observable movement of troops and aircraft. In other cases the Allies had to be more creative. For example, the movement of German naval units could be decoded from Enigma messages. Allied air reconnaissance forces would be assigned a “routine” patrol, where they would then “discover” the German U-boats. The Germans would conclude that the location of these units were revealed by air reconnaissance, not Enigma.

Determining when to act on Enigma intelligence was sometimes a tragic calculation. If an incoming German attack could only be attributable to Enigma, the Allies had to weigh the risk of exposing their intelligence gathering methods against the severity of an attack. Every time they acted on one of Enigma’s decoded messages they risked exposing the operation. Winning a single battle could result in losing many future battles if their intelligence source was lost as a result. How many men and women perished to safeguard this secret? We may never know. 

V – An Enduring Legacy

It has been over seven decades since the end of World War II. The few veterans who are still alive today represent the best of what is often called the Greatest Generation, and for good reason. Defeating fascism was the defining moment of the 20th century. The post-war era ushered in the greatest expansion of economic growth and personal freedom in the Western world.

The men and women of the Allies made tremendous sacrifices and raced for a technological edge. Modern computer science would not exist were it not for their dogged determination. Today’s information security professionals are the inheritors of the incredible work the men and women of Bletchley Park. It would do us well to remember that legacy. 

Author: Louis Papa
Silent Storm Security Contributor | Security Engineer​