[Cryptography] how to detect breakage -- lures etc.??

Arnold Reinhold agr at me.com
Sun Jan 5 11:48:10 EST 2020 


> On Jan 4, 2020, at 5:12 PM, Charles Jackson <clj at jacksons.net> wrote:
> 
> On Sat, Jan 4, 2020 at 2:24 AM Arnold Reinhold via cryptography <cryptography at metzdowd.com <mailto:cryptography at metzdowd.com>> wrote:
> 
> >  The SIGABA/ ECM-II sets, which by all accounts was never broken during the war,

> In Big Machines: Cryptographic Security of the German Enigma, Japanese PURPLE, and US SIGABA/ECM Cipher Machines Kelly states (IIRC) that in the 1970s, NSA deputy director Tordella (https://en.wikipedia.org/wiki/Louis_W._Tordella <https://en.wikipedia.org/wiki/Louis_W._Tordella>) stated that they still could not break SIGABA/ECM.  
> 
> A paper by Stamp and Chan estimated that the SIGABA had a key of about 95 bits.  IIRC, they assume that the attacker knows the rotors.  If you assume that the attacker has to recover the rotors from observing the traffic, then the work required must be much greater.

We all admire how the Poles and later the British were able to recover rotor wiring cryptographically.  The Soviets apparently had a different approach. The Cryptomuseum page on the U.S. KL-7, https://www.cryptomuseum.com/crypto/usa/kl7/ , a successor to SIGABA, has a section on the Soviet “Rotor Reader,” with a photo and diagram.  This was a small, folding device, pocket sized, with 36 contacts and lights designed to quickly scan and readout the wiring of a KL-7 rotor. It was recovered from John Anthony Walker when he was arrested in 1985. He had been given it when he started spying in 1967. An identical device was recovered from U.S. Army Sergeant Joseph Helmich in the mid 70s. The devices are well designed, obviously not one-offs. Someone with crypto access could smuggle one into a code room and quickly write down the 36 numbers for a rotor while his two-man-rule colleague was napping or otherwise not paying attention. No doubt the Soviets had a supply of these devices for the KL-7 and other machines and systematically looked for cleared people at remote installations whom they could bribe or blackmail into recovering rotor wiring. 

I expect the intelligence agencies of the world today all have USB dongles designed to plug into computers to inject malware and grab passwords and private keys, just waiting for a compromised person with access to plug them in.

Arnold Reinhold

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200105/fae6316f/attachment.htm>

More information about the cryptography mailing list