[Cryptography] Leo Marks' 1998 talk about WW2 SOE code-making and breaking

Thu Feb 5 11:01:11 EST 2026

On 1/24/26 9:00 PM, Peter Fairbrother wrote:
> On 22/01/2026 21:43, Kent Borg wrote:
>> On 1/22/26 1:02 AM, Peter Fairbrother wrote:
>>> he dances around […] the method of verbally giving agents distress 
>>> codes which the giver couldn't remember.
>>
>> I'm not sure what that means, but as I guess I am intrigued. Anyone 
>> have more to fill in what cleverness we couldn't be told? (And more 
>> description of the problem being solved?)
>
> Hmmm, the problem: you are going to parachute into Denmark to teach 
> some local agents how to do codes and operate wireless sets.
>
> Part of what you have to teach them is their secure and distress codes 
> - eg add a letter to the third letter of their indicator group, choose 
> poem words which give a 16-digit second transposition key. These codes 
> are individual to each agent.
>
> Problems: you can't know what these codes are, in case you are caught 
> and tortured.
>
> you can't give the agent anything physical in case the Gestapo find it.
>
> you can't say to the agent, make up something random for the first 
> message and repeat thereafter, because the first message needs to be 
> authenticated.
>
>
> So how do you tell the agent what his secure and distress codes are?

Hard problem.

Prerequisite: Pick parachute  agents who are good at remembering.

Answer, short edition: The secrets conveyed are data the parachuting 
agent has memorized summed with data the field agent already knows (but 
the Germans probably don't).

Longer edition: Use a version of what I have setup for my wife to 
recover my password database if I am mowed over by a run away beer 
truck. My procedure is pretty involved, but a key part of it relies on 
her turning a series of clues into a passphrase. These clues are based 
on shared experiences that no third party would know the answers to.

In the World War II case the SOE had extensive personnel files on their 
agents—even the ones who had never been to England that they decided to 
trust must have had decent files. Some London-only SOE worker would look 
at the agent's file and construct from all that data a "poem" for that 
agent. (But probably not actually a poem, a passphrase.) And then that 
worker would also figure out how to describe it in a way that would only 
make sense to the agent. Basically a series of what we now call 
"security questions", name of your first dog, street you lived on, best 
friend, etc.

The Germans could torture the clues out of the agent who is dropped in, 
and the Germans could figure out some of the answers, but maybe not 
enough of them. Certainly make them work hard, and get the cooperation 
of locals who don't like them.

This is not as good as a poem, because the passphrase isn't going to be 
as easy to remember as a rhyming poem (unless that London worker was 
very good).

The distress code could be conveyed in a similar way. (Nth letter of the 
indicator group where N is conveyed via a reference to some arbitrary 
number from the file.)

The guy with the parachute is the one with a nasty memorization task, so 
pick him very carefully.

I assume clever Brits thought about this longer and harder than I have 
and came up with clever specifics for a mostly reliable system, 
something worth keeping secret decades later.

Any other ideas?

-kb