Security Lessons from Bletchley Park and Enigma
Posted by Craig H on 29 May 2013
I had fun presenting at the DC4420 security meetup in London yesterday. The topic was “Security Lessons from Bletchley Park and Enigma” and the slides are now up on SlideShare.
We covered how the Enigma machine works, how Bletchley Park exploited German mistakes, and the five lessons I picked out were:
- Cryptosystems have subtle flaws
- Plan for key compromise
- Users pick poor passwords
- Pick a good RNG and trust it
- Don’t underestimate the enemy
It was a friendly and knowledgeable audience, and one gentleman (CJ) suggested a sixth lesson: all cryptosystems have a shelf life. This came out of a discussion of the GSM A5/1 algorithm, and how the breaks in recent years came about probably because it is still in use over 20 years after it was designed; this is similar to the lifespan of Enigma, which was designed in 1918 but still in use by the Germans up to 1945.
It’s worth noting that Fritz Menzer, a cryptologist working for the German military, had developed two potential replacements for Enigma (SG-39 and SG-41, the digits being the year of the design) but they were never widely deployed due to production difficulties.