Franklin Heath Ltd

Master Your Information Assets

  • Categories

  • Meta

Security Lessons from Bletchley Park and Enigma

Posted by Craig H on 29 May 2013

I had fun presenting at the DC4420 security meetup in London yesterday. The topic was “Security Lessons from Bletchley Park and Enigma” and the slides are now up on SlideShare.

We covered how the Enigma machine works, how Bletchley Park exploited German mistakes, and the five lessons I picked out were:

  1. Cryptosystems have subtle flaws
  2. Plan for key compromise
  3. Users pick poor passwords
  4. Pick a good RNG and trust it
  5. Don’t underestimate the enemy

It was a friendly and knowledgeable audience, and one gentleman (CJ) suggested a sixth lesson: all cryptosystems have a shelf life. This came out of a discussion of the GSM A5/1 algorithm, and how the breaks in recent years came about probably because it is still in use over 20 years after it was designed; this is similar to the lifespan of Enigma, which was designed in 1918 but still in use by the Germans up to 1945.

It’s worth noting that Fritz Menzer, a cryptologist working for the German military, had developed two potential replacements for Enigma (SG-39 and SG-41, the digits being the year of the design) but they were never widely deployed due to production difficulties.

6 Responses to “Security Lessons from Bletchley Park and Enigma”

  1. baylou said

    Many folks of late have started to learn about Bletchley Park, Enigma, code-breaking, etc etc owing at least in part to ‘The Bletchley Circle’ series on ITV in Britain, or PBS in Canada and USA. That’s how I happened upon this interesting post. I encourage people to check out the series. There’s a fan-based public site about the series now online at . It’s got a variety of posts about the first series, as well as the filming of the second one now ongoing, Bletchley Park history, lots more. Craig H, I will be looking at your Slideshare slides. Thanks for sharing.

    • Craig H said

      Thanks for the pointer to the Facebook group! I was at Bletchley Park today, and they were just finishing putting things back in place after some filming last week for the second series of The Bletchley Circle. They were filming the Bombe, so that’s going to feature in some way…

  2. The attention to detail in your Android Enigma App inspired me to do this one:

    One of the last features added was to smoothly scroll the rotors when a key is pressed or they are changed thru the ring. The touchscreen has a limited drawing speed, but by limiting the number of pixels changed at a time, the scrolling effect is possible.

    Your enigma app really needs an Uhr though. I implemented it with the information at the crypto museum and Daniel Palloks Universal Enigma. His is the only implementation available online that simulates it.


    • Craig H said

      Cool, it looks good! On implementing the Uhr; I agree it’s an interesting device. Have you ever found an original ciphertext that used it? I volunteer in the Bletchley Park archives, and very little of the ciphertext for the intercepted messages survives. Quite a lot of decrypts were kept, in particular for the Abwehr Enigma messages, and the intelligence summaries (what’s called the “Hut 3 Headlines”) but they clearly didn’t see any value in keeping the intercept sheets. The next thing I would like to add to our app is to support the Abwehr Enigma (type “G”). It’s interesting because of the slightly different mechanism, and because the messages encrypted with it had huge intelligence value, for example in verifying the success of the “D-Day Deception”. Supporting Italian naval Enigma would also be good, to commemorate the important work that Mavis Lever did on it, but not all the technical details of it are now known (some of the wheel wirings are unknown) – I keep an eye out for any information on it that may surface!

      • Have you seen this page:

        Are the rotor wirings for all five Italian wheels accurate?

        The stepping position, stepping mechanism (levers vs. cogs), rotor wiring and reflector wiring can be extracted by operating the machine and tracing the illuminated path. It is painful, but is what I had to do to recover the Uhr wiring from the cryptomuseum diagrams.


Leave a Reply to Craig H Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: