Button Up

Enigma, Lorenz and Modern Ways to Send Secret Messages

Natalia Yashenkova
Natalia Yashenkova
Head of Marketing and PR at StarForce Technologies.

Natalia Yashenkova has more than 15 years experience in software development and information security. Before StarForce Technologies she worked at Netris and Vimcom Optic.

9 Apr 2015

The idea of information protection is actual at all times. And it is often necessary to protect not only a document that is kept in a safe or on secured server but as well a message that leaves the confines of the company. For example it can be an email after important business meeting where you have discussed secret conditions and technological processes. How did people exchange secret messages during the World War II and how can it be done now?

Transfer of secret messages is a vital necessity in the conduct of hostilities, and if the enemy has access to the encrypted communication channel, it gives him a lot of advantages. We have heard a lot (and even watched some movies) about Enigma code cracking. Enigma is a German portable cipher machine used during World War II. But the hacking of Lorenz code can be called a real intellectual duel. This code was generated by a cipher machine, used as an attachment to Lorenz teleprinter. And if Enigma is mainly used in the field, Lorenz was used for a high level of communication - it passed orders from German High Command.

Enigma and Lorenz machines look similar. They both are rotor stream cipher machines with a number of disks. But Lorenz has more complicated configuration and mechanism. The total number of ciphers disks is 12: five from each side to generate five-digit code plus two more in the center to create an effect of "stumbling code" (to give a look of a random sequence). This gave 16 quintillion of options and the absolute impossibility to break it with the use of brute force (try all possible options). And what makes it really exciting that unlike Enigma, the first Lorenz machine was captured by Allied only at the end of the war, and all conclusions about the structure of the machine had been made thanks to deductive method.

The Germans considered this way of secret message protection as 100% reliable. And they paid for that. But first things first.

Though the machine itself couldn’t be captured be the opponent, Germans couldn’t hide its existence. First information about it appeared in 1940 at Government Code and Cypher School at Bletchley Park (BP). John Tiltman, a leading British specialist at cryptanalysis, found unusual messages, transmitted with the use of five-digit table. British cryptographers, who referred to encrypted German teleprinter traffic as Fish, dubbed the machine and its traffic Tunny. Following the results of the preliminary analysis, it was assumed that the decoding fails, until intercepted two different messages with the same code sequence. And they didn’t wait long.

Despite the strict requirements, the mistake was made August 30, 1941 when a secure message about 4 thousand characters was transmitted from Vienna to Athens. Vienna operator received a request from Athens to repeat the message and he violated all possible instructions: conveyed the same message with some changes without changing the position of the encoder. The changes in the text were minor, for example, in the first message he wrote the word "number" entirely - Nummer, and the second cut to Nr.

This mistake of service personnel allowed the British to crack the code of the most secure cipher machine in Germany and gain access to classified information of the Wehrmacht for several years. Of course, it took a huge amount of resources and talent to reduce decryption time of secret messages. For this purpose Colossus, the world's first computer was developed. But a major breakthrough in the situation occurred when the operator duplicated a message without changing the original settings of the machine - the notorious human factor.

Now everyone can protect messages with the Lorenz cipher through the programs that simulate the work of this cipher machine. You can try one here: http://adamsgames.com/lorenz/index.htm

Let's compare Enigma/Lorenz machines and the modern methods of information protection against unauthorized access. Hacking the cipher machines showed that the use of secret encryption algorithm has low efficiency. Yes, it is impossible to crack it by enumeration of possibilities, but we can understand the mechanism of protection by analyzing indirect evidence, for example, errors in cryptographic protocols. Hacking Enigma and Lorenz made a great contribution into the methods of cryptanalysis - many of them are still in use.

Also there are components that have moved from physical cryptography to digital encryption. Concepts such as protection with a secret key and session key generation are relevant both then and now.

The other thing is a human factor. It is always a weak point even when companies use the most tamper resistant algorithms. Therefore, the main task at present is to neutralize the risk of accidental or intentional leakage of secret messages. Here are the possible threats:

  • Secret message leakage from the sender's side (sender adds an unauthorized person in a blind copy of an email on purpose; includes an unauthorized person in the mailing list accidentally).
  • Interception of a secret message (man in the middle attack).
  • Secret message leakage from the recipient's side (recipient forwards it to third parties; passes information on a flash drive, etc.).

In this case, you can use a special method of encryption for the message and attached documents in combination with flexible digital right management that allows to define access settings to a particular document / email. Right management system is based on the opportunity to bind user's access to specific parameters of user devices, e.g. work computers. That means that only the person who has the right to open this particular document / group of documents can open it on a particular device. This way it is possible to neutralize all the threats mentioned above.

Learn more about StarForce Enterprise Solutions.

Back to the list