Academy gains a piece of WWII crypto history

  • Published
  • By Don Branum
  • Academy Spirit staff
On a table in Dr. Barry Fagin's office sits a plain gray box that weighs about 30 pounds and smells of machinery and dusty paper. Its nondescript appearance, however, belies its significance: in the right hands, a box like this may have saved millions of lives during World War II.

The box holds a Luftwaffe Enigma machine, Serial No. 01182, now on permanent loan to the Air Force Academy's Department of Computer Science from the National Cryptologic Museum at Fort George G. Meade, Md.

Dr. Steve Fulton, the Academy's assistant professor of computer science currently on leave from the Department of Defense, arranged for the loan to the Air Force Academy after finding out that a similar machine was on permanent loan to the U.S. Military Academy, Dr. Fagin said.

Enigma was originally designed in the 1920s to allow secure communication between banks, but the machines never took off in that role. The German government, however, saw the value of what was, at the time, an unbreakable code.

"To borrow a line from the Remington commercial, they liked it so much they bought the company," Dr. Fagin said.

Enigma machines like those used by the Luftwaffe had strong encryption, even by today's standards. If a would-be decrypter did not know the Enigma plugboard's wiring configuration, he would have to "brute force" his way through 380-bit encryption.

"The key space is impossibly huge -- greater than all the electrons in the solar system," Dr. Fagin said.

In theory, Enigma should have ensured secure communications for Germany throughout the war. In practice, the Polish had broken the Enigma code twice: once, almost seven years before the German incursion that sparked World War II on Sept. 1, 1939, and again after the Germans introduced a fourth and fifth rotor to their Enigma machines.

Dr. Fagin said the project to decrypt German communications, called Ultra, was one of the Allies' most important strategic achievements. Sir Harry Hinsley, the historian of British Intelligence in World War II, credited Ultra with shortening the war by two to four years in his 1993 book, "British Intelligence in the Second World War."

Lax information security measures provided inroads to Project Ultra's success. Some of the factors that allowed the Allies to break Enigma included early training manuals that included both the plain text, the cipher text and the message key used to encode the text, along with the use of easily guessed keys or keys that mapped to the Enigma keyboard's layout, according to Marian Rejewski, who broke the Enigma code in 1932.

As a result, Dr. Fagin said, the Allies had access to all communication between German high command and the German navy, or Kriegsmarine, the last two years of the war, as well as many other encoded messages.

"(Field Marshal Bernard) Montgomery was reading all of (Field Marshal Erwin) Rommel's communications," Dr. Fagin said. "He knew all about Rommel's supply problems and all his planned moves."

The Academy's Enigma machine needs some repairs, Dr. Fagin said. Once it's fixed, the Computer Science department plans to use the device in its Introduction to Computing and Cryptography classes.

"It will eventually go on permanent display, where we anticipate it will be hands-on," Dr. Fagin added. "It will also serve as a reminder of our heritage: code making, code breaking and cryptology's contributions to the war effort. We hope it will inspire and motivate cadets to think about information security and cyberspace."


The key space of an encryption key is a measure of the number of possible combinations. A 1-bit key would have two possible combinations, while a 2-bit key would have four combinations, and a 3-bit key would have eight combinations. Each additional bit doubles the number of possible encryption combinations.

Enigma had approximately 380-bit encryption, factoring in both the reels and the number of possible plugboard combinations. This works out to approximately 10114 possible combinations. By way of comparison, the certificates on Common Access Cards use 160-bit keys (1048 combinations), and e-commerce websites use 256-bit encryption (1077 combinations). Today, a key considered safe from brute-force decryption generally uses a 1,024-bit or higher key space (10308 combinations).

Decryption times with modern hardware vary from seconds for 64-bit encryption to days or weeks for 512-bit encryption. Encryption algorithms using 1,024-bit or larger key spaces have yet to be cracked with commonly available hardware.