Doesn’t matter. You’re interpreting it as some stupid message, when it’s literally a bored 19 year old pressing which ever key is most convenient again and again and again and again… simply to create bogus radio traffic.
There were tons of bogus messages where the wheels were set to whatever German teenager’s favorite four letter swear word was.
I believe these single letter "messages" were useful in quickly determining the day's setup, and maybe wiring diagrams, but I'm not sure about the last part.
Sort of, but that's a massive oversimplification. The bomba machines needed shorts "cribs" of expected plain text to search against, like "heil hitler" as you mentioned, and I think usually they went after the standard start of the day weather report. But the bomba only can reduce the search space, it doesn't produce the answer, and analysts still need to manually break it.
So yes but it was hard so they also took advantage of operator error where ever possible.
Must be human nature. When I used an enigma machine at a museum, the first thing I did was try to make it light up with a 4 letter word. It does help that 4 letters of ciphertext is easier to remember :)
I'd love to visit Bletchley Park some day, but no. It was at the (United States) National Cryptologic Museum. They actually had 2 enigma machines you could play with (IIRC different variants so messages on one weren't compatible with the other).
That sucks that someone would steal it. Being able to go hands on with one is such a cool experience.
I can imagine some “adversarial gloves” (with regard to https://adversarialfashion.com/) for VisionOS which allows someone who’s not wearing the goggles to have their hand gestures interpreted in various ways, including the ability to make an obscene gesture -- localized to the goggle-wearer’s location, of course -- at said goggle-wearer to be interpreted as the system-configured shutdown gesture. I’m inclined to agree with you that it must be (read: I hope it is) human nature, given my enjoyment of machine exploits. Makes me wonder about https://news.ycombinator.com/item?id=36470438 (“A brief history of insults”). (I know I’ll be likely to use my goggles-computer exclusively in private places.)
I did not. I’d considered whether it was off-topic or not and concluded that it was not given the direction of discussion up to the point of my comment. We’re several comments deep after one tangent from “enigma machine exploits” to “obscenities with enigma machine exploits” and my tangent to “obscenities with hypothetical-but-not-yet-implemented machine exploits”. I can understand that it seems out of place, though I also disagree that it is out of place.
(Really, the biggest reason I had against posting it was the knee-jerk reaction some people will have towards presumed Apple fanboys preempting any consideration that an idea could be relevant. It might be worth giving that a thought.)
which says the key space is something like 10^20 or 10^23.
A modern supercomputer does something like 10^18 FLOPS. I assume that an enigma decryption is considerably more than a single floating point operation, but presumably just a few orders of magnitude.
So... if I'm reading that right, we're talking about months, perhaps?
I'm not sure I'd count that as brute-force because his method can't decrypt every possible message. He's using a statistical test to determine whether a given configuration is better or worse and then uses that to narrow down the search space, but he clarifies it's not generic - it can't decrypt all possible messages (ones which trip up his tests) and also requires a minimum message length for the statistical tests to be effective.
It's still extremely cool, don't get me wrong, but I don't think it's really what OPs asking. Given what's mentioned in the video (~12:50) and what some other commenters have mentioned I get the impression an actual brute-force is not really practical.
Interesting stuff. I guess it gets in to what counts as a a brute force, as most of the brute force attacks I've seen (e.g. password cracking) lean pretty heavily on clever maths and statistical hacks to reduce the search space as much as possible.
That's fair, there's probably more gray area in the definition than I suggested. I think the difference to me is that this is exploiting a weakness in the encryption itself rather than just guessing what the likely combination is. For password cracking, you're typically not exploiting the encryption but rather what passwords are more likely to be used than others.
But how do you know that the outcome you have is the right one?
It's text. It's not something formatted.
If I encrypted a JSON string, gave it to you, you can brute-force all day trying to parse the output as a JSON string. If it works, you probably have it right.
But here? Because of how the Engima machine works you still get an output. And since we don't need to decode this output (like JSON to an actual JavaScript Object) we don't have that many ways of validating the output.
It's German from 1945. Abbreviations, different (older) spelling, spelling mistakes, ... all make it really hard to distinguish real output from incorrect output.
Although all keys generate some string of letters and numbers, the right key will produce a message with reasonable letter frequencies and of course with legible words.
For English, about 13% of letters are "e", so if the frequency is too far off that it is probably not the right key; likewise, if 13% of the letters are "z" it is also not likely to be the right key. By applying frequency checks to the most and least common letters it should be a fairly strong filter for plausible keys.
There's enough code language being used in these messages that frequency analysis is not going to a major help (especially since it doesn't work well on very short texts anyways).
Actually, with that particular message, ~~frequency analysis~~ incidence of coincidence will help immensely, to the point of making it easy to solve.
With a modern block cipher, a partial key doesn't help. If you have 120 bits of a 128 bit AES key or whatever, decrypting the cipher text with your partial key will give pure noise. Even if you flip just one random bit in the key, the decrypt will be indistinguishable from complete randomness. Not so with Enigma; if you have parts of the key correct, parts of the rotor settings correct, parts of the wheel selection correct, patterns in the plaintext will show up as patterns in the ciphertext. The more of the key you have, the more those patterns will show up when you run the decryption routine against the ciphertext.
Natural language has a quirk where letters are more likely to be repeated. If you calculate the percentage of letters that are repeated, this gives you the incidence of coincidence. Incidence of coincidence is preserved by a partial Enigma key. So in that particular plaintext, all those repeated UUUs, those repeated NN, those XX and TT, those will light up like quasars.
Incidence of coincidence analysis should just tell you outright what all of the rotor settings are. From then you'll need someone familiar with German and the code language to be able to figure out the plugboard settings, but that's not as difficult as you might think.
Well the triple U (not sure why they use that) and the spelling of the letters is simple enough to check for that I guess.
From what I can gather this says something like:
To U4701 Sync message, Lubeck base, From commander 4th U-boat fleet, go with U4702 U4703 to Flender Shipyard Lubeck, more to follow
It's less gibberish than it looks like at first. They really shot themselves in the foot by not having numbers on the enigma system, this would have really made messages much shorter because they had to write them all out.
There's so much specific jargon in there that would make it really easy to detect a correct message IMO. Just make a simple list of very common words and tally up.
Indeed frequency analysis wouldn't work though but it's still pretty possible IMO.
I looked at multiple messages on that website and the pattern seems to be triple letters are for single letters and abbreviations. My theory is because if you get a letter wrong in a word and "possible" becomes "possifle" then it is still intelligible, but if "u five one four" means u-boat 514 and you get the U wrong, then it could end up as A514 and mean something airplane 514, so to be safe the letter u gets transmitted thrice.
I think your theory is correct. Back when messages where not checksummed, the French Navy used to do exactly this and sent abbreviations three times in a row. I'm quite certain that the French Navy was not the only one to do this since our communications techniques were heavily influenced by foreign nations like the US.
The machine works a bit weirdly, in that as you find some correct settings, your results converge towards the legible result. You can get 95% of the settings correct, and produce quite legible results, at which point you stop solving. So the correct result there might actually be any other three char combo like "ABC" or "UAK", but the analyst stopped investigating, because the rest of the message was reasonably legible.
It is a bit abbreviated. However it's not hard to add such common abbreviatiosn to a dictionary for attacking (plus the tripled letters should make it even easier).
There's enough German words in there, often appearing twice, that it would be very strange if this wasn't the decrypted data. If they could just read the message and understand it(and they had the German experts and general knowledge to do so), there's really no reason(and no time, the information is only useful for so long) to perform any kind of statistical analysis to confirm it's correct.
I was curious if GPT could handle this. I couldn't get GPT-3.5 to figure it out, but GPT-4 was very quick to propose an interpretation. It's far more confident than I could imagine being, even if I could speak German, but this sort of thing feels like an application that a large language model might excel in.
---
Given that the message is decrypted from German, it seems to be a mix of letters and numbers that are likely military terms, geographical locations, and orders. Here's the translated meaning:
"Vier fünf null eins Y nach R. Stützpunkt Lübeck. Chef Vier. Flotte Mit Vier fünf null zwei und Vier fünf null drei zur Flender Werft Lübeck gehen. Dort folgt Weiteres."
In English, this roughly translates to:
"Four five zero one Y to R. Base Lübeck. Chief Four. Fleet with Four five zero two and Four five zero three go to Flender shipyard Lübeck. More to follow there."
This appears to be a set of instructions for a fleet of ships, possibly submarines (given the context of WWII and German naval operations), directing them to a particular location (the Flender shipyard in Lübeck) and notifying that further instructions will be provided upon arrival. "Four five zero one", "Four five zero two", and "Four five zero three" are likely codes for specific ships or units in the fleet. "Y nach R" could be coordinates or specific route instructions.
> [An] U-4701, nachrichtlich [an] U-Stützpunkt Lübeck von Chef 4. U-Flottille: Mit U-4702 und U-4703 zur Flender Werft Lübeck gehen. Von dort folgt Weiteres.
> Translation (preliminary):
> [To] U-4701, for information [to] Submarine Base Lübeck from Chief of 4th Submarine Flotilla: With U-4702 and U-4703 go to Flender Dockyard at Lübeck. From there more follows.
There are about 2^67 different Enigma machine initial settings. The inverse probability of the appearance of a real seven letter German word (LUEBECK) twice in a random string of similar length to this message is a number that's pretty close to 2^67. So if you decrypted one ciphertext message with all the different incorrect settings you might expect to see one purported plaintext which isn't correct but which has two appearances of LUEBECK, or a similarly misleading occurence. Since there's also one correct plaintext, seeing LUEBECK twice already puts you at roughly 50/50 that it's the real message versus the most convincing wrong plaintext (if you had no prior knowledge of what the settings might be). The additional presence of even a few of the other recognizable German words (or common abbreviations such as triple letters and the shortened names for the numbers) makes it overwhelmingly likely that this is the correct plaintext. LUEBECK + LUEBECK + STUETZPUNKT in one message make the chance that it's not the real message of the order of winning a jackpot in state lottery two weeks running, even if the rest of the message was gibberish. In practice, much shorter pieces of plaintext than the double LUEBECK (like the presence of a single triple U, one spelled-out number, or highly abbreviated weather info) were used to validate guessed settings with a high degree of confidence.
That would be true if it actually did the decryption, but my point was, an LLM doesn't decrypt. It just has the encrypted string followed by the decrypted string in its training data and so it outputs something that's almost correct. (the numbers being wrong 4501, 4502, 4503 instead of 4701, 4702, 4703 - maybe some bugged training data, maybe hallucination).
I find it interesting that it pulled some kind of interpretation from the string. Far more than I would have. I asked it to translate the English data back into a similarly plaintext string and then asked a second instance to decode it and it came back with a similar, slightly distorted response.
The point is more to say that a language model is exactly the sort of thing that would be used to determine whether a given potentially decoded plaintext string is actually decoded, and given various anachronisms and shorthands our personal language models may not be adequate.
But a giant one that's been fed all sorts of data including examples of text of similar usage sounds actually like it might be exactly the tool for this problem.
Rather than raw letter frequency, more powerful is frequency of digraphs, and that surely does not appear random in that context, instead spiking with common digraphs such as IE, EI, UN, NU.
Also going for longer cribs such as NUL, EINS, ZWEI, DREI etc proves generally fruitful. There is also a story about the crib HEILHITLER toward the end of a message being particularly useful for code breakers but I don't know if that is genuine or contemporary disinformation to cover true code breaking capabilities, akin to the story of carrots being good for darksight[1] as cover for improved radar capability.
As mentioned elsewhere, a signature of enigma ciphertext is that a letter can never encode as itself.
This gives you some crude form of error checking.
The rest of it as you mentioned makes it difficult to determine, data mining the possible results for common abbreviations from other plaintext could narrow.It down.
I’m not sure being German or from 1945 has much to do with this. I’d think if I had some candidate plaintext that looked German and where a letter didn’t map to itself it’s likely to be right.
Sure, you could argue that it’s not quite as unambiguous as JSON but, in the realm of all possible plaintext, I’d say JSON and 1945 German aren’t too far apart in terms of likelihood of getting a false positive on a string of non-trivial size.
If you want a bit more certainty you could just try it on another string (which is the next step in the process either way), and then another. At least to me the constraints of “German and a char doesn’t map to itself” seem like pretty limiting factors here.
I don't think it's as simple as you're assuming. The "char doesn't map to itself" is a feature of the hardware design, there's no such thing as a key that allows that to happen so it doesn't reduce your search space. But additionally, the messages were extremely terse (~250 character limit), had no punctuation or spaces, and only had the 26 alphabet characters. Depending on the message in question it already doesn't look much like German, and the ones writing these messages also purposely vary their spelling/names/wording to make it harder to analyze. IMO the chance of finding "potentially plausible messages" seems higher than you'd want if you're starting with zero idea what the plaintext is supposed to be.
Interesting. That probably does makes it a bit harder to verify but there are still plenty of “words” that are to be expected. My point being that if a German receiver can’t parse it, then what’s the point of send it. And if they can parse it we can encode the rules they’re using to parse it (i.e. at the very least a dictionary of “words”) to give us some decent confidence. And beyond that, using the key on multiple messages effectively increases the char limit to “max chars * message count”.
Also, I agree it doesn’t reduce the search space but I think the post I was replying to was talking more about difficulty of verifying the correctness of a decrypt that reducing the search space. That was definitely my point ant least. Either way, as you say, this definitely doesn’t reduce the search space.
Remind me of “Deniable Encryption”[1], where a single encrypted input decrypts to multiple plausible plain texts (including the real one, obviously) so that, if, for example, you were caught and asked to decrypt it, you can decrypt to the non-incriminating version.
I mean I'd use known text of other messages to get some likely statistical properties of the message.
I'd make a fast approx check for some of these properties that can run during brute force, then feed anything that passes that check to a better check, then finally to a human (maybe nowadays put an LLM before the human stage).
There's a chance to miss the translation if it doesn't match other messages but this seems like a decent approach.
It’s an interesting question, but mechanical rotor encryption machines fell out of favour reasonably quickly after WW2 (early 1960s?) - which suggests that even with the limited computing resources of the time they were no longer secure ie you don’t need brute force to crack messages, some other cryptanalysis technique could do it.
Edit: Though it might have been that purely electronic cryptographic machines were just cheaper and stronger by that point.
It would still take many orders of magnitude longer than the current age of the universe to brute-force decrypt an Enigma message on todays fastest desktop.
It's only 2^69, or 512 exa-decryptions. A 4090 does 44 tera ops/sec (roughly 2^45), so we're left with 2^24 × ops per decode. If it takes 1000 ops to check a key, that's 2^34, or 16 billion seconds. About 500 years.
Give or take a few centuries, it's very far from the age of the universe.
The page doesn't make it very clear, but the analysis at the bottom says that is a message that the German recipient tried to decode in several different ways and then gave up. Apparently the message indicates the key (indicator group?) twice, but was VA in one place and VR in another, so the message was clearly received corrupted. Neither indicator worked so the recipient tried other things that also didn't work.
Given that the message is corrupted and the recipient with the key couldn't decode it, it's not surprising that the message remains unbroken. Even brute force isn't going to work if you start with garbage.
Impossible to say. The German commo who was tasked with decrypting this message couldn't/didn't decrypt it, and he had the keys.
For all we know, some bored German submariner sent garbage over the radio as protest; this message was sent two days after Hitler committed suicide, 7 days before VE day. (8 days if you're of the Soviet persuasion) Morale and discipline has a tendency to break down under those circumstances.
Or it could be a transcription error. Modern cryptanalysis tends to be more resilient to transcription errors; one character wrong is gonna be ok, one character inserted/deleted will tend to produce two messages, one with garbage after the insertion/deletion and another with garbage before it. But Enigma messages were...terse, so a half-successful decrypt that gets half garbage and half plaintext might still be recognized by the cryptanalysis algorithm as the wrong key. I expect there would have to be at least two transcription errors to cause both the original German commo to be unable to decrypt it and modern attempts to fail.
Garbled message, or garbled key? I wonder how often mis-keyed messages were sent out. Not typos in the message, but setting the initial state to the wrong value. Transposition, for instance.
Garbled message. If it were a garbled key, that would explain why the original commo couldn't/didn't decrypt it, but if it were just a garbled key, modern cryptanalysis would have decrypted it already.
Actually makes me wonder - given the way encrypted messages were transmitted in the era, wasn’t it possible for an adversary to flood the channel with bogus messages? Transmit messages with valid addressing and header data but fake content, forcing radio operators to transcribe and attempt to decrypt garbage?
Also, what if the machine was broken? Or if there was an error in transcription? There are so many possible reasons why this message may never be decrypted.
Why? You don’t need to be able to understand a cipher to produce plausible cipher text. You can take headers and footers from real messages and just drop in nonsense between. Or retransmit messages you recorded a few days earlier, or random mixtures of bits of real messages. The enemy still has to transcribe them, sort them out, reject the noise.
From what I recall of how Enigma worked, headers (and footers, if the concept applied) were also encrypted.
IIRC a transmission started with the rotor settings for the rest of the message encrypted using the daily setting and sent twice. Even sending this much, such that both copies communicated the same setting, would reveal that Enigma was compromised, I think.
Yes. As such it would be a last resort and even then likely done very carefully (perhaps even to the point of burning a high level human intelligence source or sources as a plausible explanation for it). We're talking "no alternative" levels of desperation.
The coded messages were usually sent over the radio via straight key Morse code.
Once you have a few months experience in Morse code you are able recognize who is "talking" by the way they operate the key. The radiomen would know pretty quick if some new guy came started sending them bogus messages.
Amusing image though this is, Enigma machines were, in case you weren’t aware, not actually radio transmitter/receivers.
An enigma message would be typed in to the machine and the output characters written down on a piece of paper, then the message would be transmitted over Morse by hand, transcribed to paper at the other end, then typed through the correspondingly configured Enigma machine to obtain plaintext.
In absolute terms, pre-digital cryptographic equipment operator isn't the worst wartime job I can think of. However, on a U-boat, all of the jobs were equally worse (due to life expectancy).
I think this is the most likely answer. Everything in Germany was collapsing at the time, so a garbled message being sent, or incorrectly received seems likely. Consider the circumstances:
- 6 days after US and Soviet forces linked up bisecting Germany
- 1 day after Hitler's suicide
- 5 days before the unconditional surrender of the Flensburg Government
I can picture it: a German soldier feeling defeated just set the keys to something random and typed his message, sending a message without expecting anyone to hear...
"In the old days, if someone had a secret they didn’t want to share, they went up a mountain, found a tree, carved a hole in it, and whispered the secret into the hole. Then they covered it with mud and leave the secret there forever." - Wong Kar Wai/In The Mood for Love
That's a pretty good set up for some wild fiction. You could go to the fabled moon / arctic bases, time travel, aliens ... it's a nice foundation. Problem is these days people would start believing in whatever fiction you write. The internet is broken like that.
But back to the internet. Plenty of youtube clips from this program where commenters are insistent that it's evidence that Mermaids are real. And comments linking to the footage of the disclaimer, and resulting dumb arguments. Still! In 2023!
I love a bad/earnest low-budget movie. I think they are often much more revealing about the nature of culture, cinema and art than -- to pick a single counterpoint -- really anything in the MCU except Age of Ultron [0].
There were plenty of things in that to like. I watched it only recently, I'm glad they made it, and I hope the people who make it continue to reject the big bucks.
[0] This is a hill I will die on. Almost everything in the MCU is pointless dross except James Spader as Ultron.
A company I used to work for was partly comprised of hackers, and one of the books they always raved about was called Cryptonomicon. I know that it involves the nazis and encoded secrets, though I never read it (still on my to-read list). I'd recommend checking it out if that kind of thing sounds interesting to you.
I read it back in the day. I can't remember much of the plot, but i do remember that it seemed about twice as long as it needed to be. Which I find ro be typical of Stephenson's fiction. Plenty of people seem to like it though.
He does like regressions into historical causes and effect chains... hell the whole system of the world trilogy is almost nothing BUT that (and contains some character/family crossovers with cryptonomicon)
Th are even great historical starting points for such fiction, like the bunch of German U-Boats spread across the world (mostly the Atlantic), including one (U-234) en route to Japan with special cargo including uranium oxide, high-ranking Germans and Japanese and an Me-262.
Better starting hook that the Last Resort series (US nuclear submarine with intercontinental ballistic missiles refuses weird orders, is fired upon by the US Navy, and decides to occupy a fictitious island).
You could claim that about nearly anything and nobody would/could really challenge you for Gravity's Rainbow!
See also, Finnegan's Wake. For instance, here's a nonsense claim that sounds plausible: Finnegan's Wake is the best book about the Irish Civil War. You feel the frenzy and delirium of the lucid somnambulism that comes with insomnia on the battlefield. As foggy and vivid as war, the words carefully balance the interregnum between the forbidden, forgotten and forsaken laid bare as poetry. Nothing is clear and there is no closure. It shows how hard narratives are to cobble together using shattered pieces. The deconstruction of the language is married with the deconstruction of life as belligerents fight over conflicting dreams.
The middle third or so of GR describes a fairly lucid plot in which the characters are traversing Germany during its final disintegration at the end of WW2 and the beginning of the Allied occupation.
Once in college we ran an online treasure hunt where the participant needs to decode from images, text hidden in source code.
Decoding using enigma was our last question. The word "That's all folks" was encoded in five different ways & configuration for enigma machine would keep changing according to the time of the day. We took reference from computerphile videos & people really loved solving this.
We redirected them to an online enigma decoder (Forgot the link)
Seeing this website here made me chuckle. Mr. Hörenberg was a teacher at my school. He once held a "guest lecture" within my CS class where he told us about his hobby of breaking engima codes and how his software worked. He once used multiple of our schools computer rooms during summer break to run his software. Luckily for him, we had CAD classes and therefore appropriate workstations.
Some of it is explained here:
https://enigma.hoerenberg.com/index.php?cat=Breaking%20the%2...
(A funny sidenote was that he wasn't and admin in our school and had now way of deactivating the screensaver then to walk from desk to desk every 14 minutes and move the mouse.)
Fun fact: The Japanese had a technologically superior encryption machine to Enigma which the Allies dubbed "Purple". Unfortunately, the operators made several blunders which defeated the encryption, among them habitually beginning each message with "I have the honor to inform Your Excellency".
Japan today still hasn't fully grokked how encryption works, as evidenced by the widespread corporate practice of "PPAP", which means sending sensitive info as a password-protected zip file via email, then sending the plaintext password in a separate email to the same recipient address.
That message could be using a new cypher that Klaus Schwab, Hilter's secret kid, is using at WEF to communicate with his buddies in a secret Nazi base in Antarctica
I have a friend--a software engineer--who was convinced when ChatGPT came out that it would be able to do things like invert sha1 hashes, if only you found the right prompt.
There's a lot of magical thinking around LLMs, but in the end they're "just" fancy Markov chains.
I'm sure it's possible for some SHA1 hashes along the lines of "password1234".
A shockingly high number of SHA1 hashes with their cleartext was available on Google Code back in the day. I assume you can crawl github for the same now.
I don't know why you've been downvoted to oblivion but I DO find this thoroughly uninteresting. I am however interested in why anyone WOULD find it interesting.
I actually would find it quite unlikely that this is LLM output, if only because I bet it would have instantly been censored the moment it uttered something alike to "Heil Hitler"
> I'll choose the model "Enigma M3" and use the following settings:
Well it's obviously not that.
The M3 was the 1934 design. In 1942, the German Navy replaced the M3 with the M4, which was incompatible with the M3. This message was sent in May 1945, just days before the end of the war.
Is this a ChatGPT delusion? Please don't do that here.
The most interesting thing is that a bunch of apparently smart people keep treating LLMs as if they were truly capable of something resembling problem-solving or logical thought, or even "understanding" a question.
It should surprise no one that they're bad at string processing, and yet.
We already know it knows nothing – but this doesn't verify it. I could produce a similar response, even though I know you can't crack Enigma in O(n) time.
Until a WREN noticed that the message never contained the letter Z.
One weakness of that generation of Enigma was that it could not self-encode a letter. That is, A was never encrypted to A.
This had no letter Zs. A statistical improbability. Unless, so she reckoned, the entire message consisted of only the letter Z repeated.
Apparently, their best guess was that a bored soldier sent a stream of Zzzzzz to a friend. That was enough to crack that day's key.
Of course, every guide at Bletchley has a range of stories they tell credulous geeks. But it is a delightful tale of how OpSec is everything.