[Cryptography] Leo Marks' 1998 talk about WW2 SOE code-making and breaking

Peter Fairbrother peter at tsto.co.uk
Wed Jan 21 20:34:37 EST 2026 

On 21/01/2026 17:14, Steven M. Bellovin wrote:

> I don't recall OTPs being used by the SOE—the problem of keying material
> distribution was too great. Instead, they used worked-out keys which were
> destroyed after each use.

They certainly did use OTPs. The square silk you usually see reproduced 
is a substitution square for use with OTPs.

They used first poem codes, then WOKs as subkeys in the same double 
transposition code the poem codes used, then later OTPs. There were a 
few other codes occasionally used as well, such as bifid, but those were 
the main ones.

WOKs and poem codes had to be used on long messages, of 200 characters 
or more, but OTPs could be used on very short messages, making radio DF 
harder.

They also used book codes - in my earlier post I confused the key 
generation process for book codes, which is the one I gave, with the 
process used for working out poem code subkeys.

Sorry about that, it has been a long time since I first learned about 
this, from Boudicca (yes) - the daughter of a man who was betrayed by 
MacLean and shot by the Hungarians - who gave me a copy of Mark's book 
sometime in the last millennium.

I also met Marks (she knew him), but that was comparatively uneventful. 
I was very much a newbie at the time and didn't have anything crypto to 
ask him, a bit of a wasted opportunity. We talked mostly about the 
Peeping Tom and If movies iirc.

He (and later his book) did give me sense of responsibility for any 
cryptography I did create though.


Keying for the poem codes worked like this: the words were indexed with 
letters (so poems didn't need to be more than 26 words long), and the 
agent chose five, then transmitted those five letters as part of the 
indicator group.

The even letters of the chosen words were arranged in a string, and the 
odd letters in another string. The letters in the strings were numbered 
then rearranged in alphabetical order, and the number sequences 
corresponding to those orders were used as subkeys for the transpositions.



Marks had another trick for the WOK (and poem code, used as backups) 
messages, to make them look like OTP messages so the Germans wouldn't 
bother trying to cryptanalyse them. I'm not entirely sure how that 
worked, he may have done an alphabetic addition with a straight alphabet 
in between transpositions, but I wouldn't swear to that.

Whatever, it took away the English letter distribution which otherwise 
would remain after the transpositions in either poem code or WOKs and 
gave a random-looking distribution like an OTP does.

It would have made decryption of WOKs and poem codes harder too, but by 
the time it  was introduced OTPs were the main code in use.


Marks used a substitution square or "conversion table" for the OTPs (the 
silk square I mentioned) rather than an alphabetic addition a la Captain 
Crunch; which was unnecessarily complicated and a waste of silk, as 
there was no security advantage in using it over just alphabetically 
adding letters, especially as the Referat Vauck, OKW Funkabwehr and the 
Ordnungspolizei quickly obtained copies which iirc (I should reread the 
book, also Lorain's book) were all the same.


Peter Fairbrother

More information about the cryptography mailing list