[Cryptography] how to detect breakage -- lures etc.??

John Denker jsd at av8n.com
Tue Dec 31 19:40:54 EST 2019

On 12/30/19 1:51 PM, Arnold Reinhold via cryptography wrote:
> What is your organization going to do if you do detect breakage?

There are a lot of things the Germans could have done if
they had realized how thoroughly broken Enigma was.

The Enigma machine was /almost/ unbreakable.  It took
tremendous cleverness and enormous resources to break it.
A layer of modest superencryption would have pushed it
far, far out of reach of the codebreaking technology of
the day.

The Enigma has some strengths and some weaknesses.
The main weaknesses are:
    a) The session key is waaaay too short. 
    b) The state of the machine doesn’t change enough from one letter to the next. 
    c) No letter can encode to itself. 
    d) The blocksize is too small (letter by letter). 
    e) It is vulnerable to operator errors, including weak keys. 

You can fix all of these except (d) at very low cost.  In
particular, it wouldn't take much to increase the key-space
from 26^3 to 26^5 or even larger.

With help from Bear I worked out in some detail one particular
way of doing this:

> I’ve often wondered why the Germans didn’t give their Enigma
> operators better guidance on picking random indicators.

Rather than giving them mere guidance, my recommendation would
be to give them /dice/, sealed in a dice popper permanently
attached to the machine so they don't go astray.  Using the
dice is mandatory.

Assign a roomful of clerks at headquarters the task of checking
for non-random session keys.  Violators will be assigned to the
eastern front, to clear minefields by hand.

More information about the cryptography mailing list