Hi,
a question about code-breaking in WWII:
Correct me If I'm wrong, but basically it worked like that: German radio
traffic was encrypted wit ENIGMA machines and settings that were changed
daily. In Bletchley Park, they had a nifty machine (or many) that could
go trough all possible settings (usually within a few hours), so it
could find the correct setting for the day. After that, decrypting all
German radio traffic for the given day was trivial.

Now the 1000$ question: How did the code-breakers identify the correctly
decrypted text among the zillions of garbled attempts? Did they have the
possibility to check for sequences that usually appeared in a
transmission? IIRC, there actually were attempts to get the Germans to
send specific texts, but my memory is a bit hazy there. Possibly that's
only from a novel. For example, if five enemy bombers are observed
dropping mines in a specific location, the British could guess what the
German radio operator would report. But I would be surprised if that
analysis could have been automated back in WW2.
So, how did they do it?

Felix

On Nov 18, 5:35 pm, Felix Reuthner <s...@reuthner.net> wrote:

In fact, most of the Enigma decrypts were some form of known plaintext
attack.  These texts were often called "cribs" and were collected from
a variety of sources, including regular broadcasts from weather
stations, assumptions about routine status messages ("nothing going
on"), as well as deliberate efforts to get a known message sent (for
example the deliberate mining of certain locations), and very
extensive traffic analysis.  In some cases the plaintext came from
messages that were found to have been sent more than once - once in a
low grade code (for example weather reports).

They used machines ("Bombes") to step through vast numbers of
combinations, combining cryptanalysis and brute force.

The code breaking effort was a vast effort, and had considerable
resources.

The Wikipedia article is a decent summary:

http://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma

http://en.wikipedia.org/wiki/Bombe

Boilerplate in messages is one way to verify correct decryption, at least
for a first pass.  Anything that looked real after this could be looked at
by humans.  For example, if I were trying to decrypt email messages,
I'd look for strings like:
  "\nFrom: "
  "\nTo: "
  "\nSubject: "
  "\nDate: "
in the first few hundred bytes of the message.  Further, you can guess a
fair portion of the Date: header, and there will be common repetitions
of sources and destinations of messages.  

You might also get used to the format of messages sent, for example,
a message sent at 5PM from a particular station on a particular frequency
might always have strings like:

  Subject: Daily Weather Report

and another station might usually have:

  From: Col. Wilhelm Klink, Commandant, Stalag 13
  To: General Berkhalter
  Subject: My Perfect No-Escape Record

in the headers for about half of the messages.  There might be
standard headers indicating the origin of the message is the central
command.  Long-winded but standard ways of saying "This message is
classified top secret" might also be useful bits of known plaintext.

It is also possible (I'm not familiar with World War II message
traffic) that every message had "Heil Hitler" after the header.
That could be a big weakness.

I have heard about a few attempts to get the Germans and/or Japanese
to send particular messages, often to break a code-within-a-code.
Things like map coordinates, bases, or unit designations might be
coded this way.  For example, the plaintext might refer to Airbase
Delta Gamma, but you don't know which airbase that is, so you pick
one, overfly it, and see which airbase is reporting spotting enemy
planes.  

I seem to recall identification of a code for a particular Japanese
base/island in the Pacific was made by doing something to the water
tower on the island suspected to be the one in question, then noting
that it reported a water shortage.  I think I heard this on a PBS
documentary.

On Nov 18, 6:35 pm, Felix Reuthner wrote:

Simply put, when the text of the message made sense
they knew they had broken it.

In essence, yes. Successful decoding depended on
finding the correct key to the Enigma wheel settings
for that message and probably all the other messages
transmitted that day..

Finding the key rested in large part on a certain amount of
tedious trial and error as well as guesswork coupled with
having the known identity of the sender and the addressee.

could follow as to what might constitute the basic theme
of the message and possible words and phrases which might
be used within that theme.

Frequently such sequences might be found at the
beginning and end of the message, the portions which would
contain the name(s) of the addressee(s) and of the sender.
These might be already known through signal intelligence which,
from call signs, direction finding, and traffic analysis produced
fairly accurate information regarding the identity of the sender
as well as to whom the message was being sent.

German operators sometimes got careless by using stock
words and phrases in the opening and closing sentences of the message,
those buffer phrases  unrelated to the basic text
and inserted in an attempt to decoy enemy decoders.  Such
opening phrases as "Heil Hitler" and the like were often found
in such locations and were of considerable aid to decoders.

Another decoding aid was an idiosyncracy of the Enigma machine which
kept it from ever substituting the same letter for itself.
(If the letter "H" was used in the real text it would never come out
an "H" in the coded text and the same with all the other letters)
This was of considerable assistance to the code breakers.

WJH

On Nov 18, 10:50 pm, gordonb.4t...@burditt.org (Gordon Burditt) wrote:

The incident you are thinking
of took place before the battle
of Midway. U.S. codebreakers were
at that time reading much of the
Japanese military cipher traffic,
and the intelligence analysts
believed they had uncovered plans
for an attack on Midway. However,
the messaged did not refer to Midway
by name, but to the code name "AO".

To make certain that "AO" stood for
Midway, the Navy had Midway report
that its water distillation plant
had broken down. This report was
sent by radio "in clear", and was
picked up by the Japanese. Shortly
afterwards, a Japanese dispatch
stated that "AO" was short of
fresh water. Bingo!

(The message directing Midway to
make this false report was sent
via the telegraph cable from
Hawaii to Midway, which was intact
and of couse secure. BTW, it was
part of the trans-Pacific telegraph
cable, and the next link - from
Midway to Wake Island - was also
intact, even though Wake had been
occupied by the Japanese. Of course
this cable went unused during the
war, except for an occasional
obscenity or insult.)

On Wed, 18 Nov 2009 18:35:33 -0500, Felix Reuthner

http://www.enigmahistory.org/enigma.html

--
met vriendelijke groet,
Gerard Bok

On 19 Nov, 04:50, gordonb.4t...@burditt.org (Gordon Burditt) wrote:

This is quoted in "The Codebreakers" by David Kahn,
on page 569.  The decrypted Japanese messages were
about a major assault on location "AF", and the US
cryptographers had plenty of other indications that
AF meant Midway, rather than one of two or three
other militarily plausible locations.  However,
before committing their aircraft carriers to its
defence, the top brass wanted more proof, so Midway
was told to radio IN CLEAR that its water purifier
had broken down.  Sure enough, a low-grade Japanese
spy very quickly reported to Tokyo that location AF
would soon be short of fresh water.

The Japanese blunder was using the same encrypted
geographical grid within both the low-grade code
for surveillance information and the high-grade
code for strategic planning and fleet movements.

Of course, the Germans made similar blunders to
give Bletchley park these vital cribs into the
ENIGMA messages.  Roughly speaking, the "bombe"
devices would find the very few places (if any)
within a message where a known plaintext might
occur, then the very few key settings which
would convert the plaintext to that cryptotext
at that place.  Then it was just a matter of
trying out these key settings with a replica
Enigma machine, and looking at the output.
--

On Nov 19, 5:43 am, "wjhopw...@aol.com" <wjhopw...@aol.com> wrote:

Something nobody has mentioned yet is the "indicator". The operator
"randomly" chose a particular 3-letter message key which was supposed
be different for each message (though often as not it was his
girlfriend's initials or something equally non-random!) He then
enciphered the key twice using the standard settings for the day,
before turning the wheels to the key value and enciphering the rest of
the message. The fact that the message key was enciphered _twice_
introduced a pattern which leaked some information about the daily
settings. This was used in some of the early Polish cryptanalysis.

Lots more here:
http://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma

On Nov 18, 5:35 pm, Felix Reuthner <s...@reuthner.net> wrote:

These were called the "bombes". Some were at
Bletchley Park, but most were elsewhere, at
sites linked to BP by teleprinters.

After the U.S. entered the war, U.S. resources
were added to the fight. U.S. analysts went to
work at BP, and the U.S. built and operated a
"fleet" of additional bombes. (Mostly to attack
Kriegsmarine traffic, which was often intercepted
in the U.S.) The U.S. bombes were based on the
British design, but incorporated some improvements
of their own.

This leaves out a lot of details.

For one thing, the Germans had separate
Enigma keys for each service. The settings
used at any given moment by the Luftwaffe,
Heer, and Kriegsmarine were different. As
the war continued, additional separate keys
were established for branches of service
and theaters of operation.

For instance, the Kriegsmarine keys included

HYDRA - general navy operations
TETIS - U-boat training command
TRITON - U-boat operations
SUD - Mediterranean operations
MEDUSA - Mediterranean operations
NEPTUN - battleships, pocket battleships, and cruisers

and several others I can't think of right now.

Thus, breaking an Enigma key would
allow BP to read all traffic on that
key for that day - but only that key.
(And late in the war, some keys were
changed up to three times a day!)

The other important point was that
the bombes were not available at all
until mid-1941. By 1942, there were
a few dozen working, but far more were
needed - the "fleet" ultimately numbered
in the hundreds, including bombes built
and operated by the U.S.

Thus, for the first half of the war,
the codebreakers had to use other
methods.

The original method, which had been
developed by the Poles, attacked a
weakness in the German message format.
The first six letters of the cipher
text in a message were a three letter
group that was repeated. The Poles had
also deduced the wiring of the scrambler
wheels of the German Enigma. They had
further realized that it was not always
possible for an Enigma to cipher a given
letter to the same cipher value three
positions later in the same message. If,
in the ciphertext of that six-letter
preamble, a letter occurred in positions
1 and 4, or 2 and 5, or 3 and 6, that
would rule out some Enigma settings.
Twenty or so messages with such repeats
could pin down the exact setting.

The Allies (Britain, France, and Poles
in exile) used this method to break into
Enigma in early 1940; they read several
thousand Enigma message. Then in May, the
Germans changed their format, dropping
that three letter repetition.

The Allies (after June 1940, the British)
kept going through other tricks, all based
on German sloppiness: Sillies, the Herivel
Tip, and Parkerismus.

Yes. The entire system of breaking
Enigma through bombes depended on
having some knowledge of what the
text of some message on a key was.

Such guessed or known message texts
were called cribs.

For instance, Enigma could never
cipher a letter to itself. If the
analyst thought a particular text
occurred somewere in a message,
he could line up the crib text with
the ciphertext and see if any
letters matched, shifting the crib
text till there were no matches.

There were other analytical tricks
used. The procedure involved setting
up a bombe with a cleartext, a
ciphertext, and a starting position
of the scrambler wheels. The bombe
would tick through the possible
combinations, stopping if at any
point the ciphertext "came through".

The bombes were operated by a small
army (over 2,000 by 1945) of "Wrens"
(Women's Royal Navy Service).

Now, where did the analysts get their
cribs?

If one had been reading the traffic
on a particular key on Monday, Tuesday,
and Wednesday, it was usually possible
to guess what would appear in messages
sent on Thursday. The names and titles
of message senders and recipients were
often useful, and in German such phrases
could be quite long ("STURMBANNFUHRER
VONDEMBACHZELEWSKI", "GENERAL DER
PANZERTRUPPE VONSCHWEPPENBURG"). However,
these assigments could change frequently,
and German operators were taught to scatter
a few random Xs into such phrases.

Stereotyped reports were also useful.
BP became quite fond of a German officer
at an observation post in the impassable
Qattara Depression, who reported every
day that he had nothing to report.

The phrase "AN IDA BISON" was a very
common crib. It represented "A1B", the
designation of the staff officer for
intelligence at a particular HQ.

Yet another source of cribs was the
retransmission of messages on different
keys. Sometimes the message was sent
with Enigma and also some lower-grade
system; or a message sent on a broken
Enigma key was resent unchanged on a
different key. The Germans were very
sloppy about this.

However, it was not always easy for the
British to use this. Sometimes, to break
one key with very "hot" traffic, it was
necessary first to break another key,
which might have nothing of interest
itself, but would provide a crib on the
other key.

Continuity was also extremely important;
the analysts needed to read a key every
day, whether there was anything valuable
on it or not, to be able to read it later
on if it became "hot".

In one area, the British had a huge
advantage. This was the traffic of the
Abwehr (German espionage service). Much
of the Abwehr's message traffic was
reports from or orders to their agents
in Britain - who were all double agents
under British control. So of course the
British had a wealth of cribs for that key.

For Abwehr Enigma, planting cribs was
trivial. If the British passed on some
apparently "hot" secret document, the
Abwehr could not resist transmitting the
original text to Berlin to show off with.

The British did this regularly; the
practice was called "gardening".

news:he1vt7$5tk$1@online.de...

Methods included:
1.  Brute force (all possible combinations), facilitated by
the "bombes" (programmable electro-mechanical machines.)
2.  Exclusion of negative possibilities:  e.g. most ciphers include
(Rule A) that no letter P may be enciphered as itself = P
(Rule B) that no reciprocal Q=R may occur elsewhere as R=Q
These two rules function negatively in any deciphering programme:
i.e. any setting which permits non-A or non-B can be skipped as
a wrong setting:  and brute force methods may usefully winnow
out and discard such non-rule keys.
3.  Enemy breaches of good cipher practice, e.g. replicating
standard terminology in short routine messages (such as
weather reports), e.g. using the same word or the same
number of nonsense characters as filler material to pad
out a message to standard length.

For details see only recent books such as:
Sebag-Montefiore, Enigma: the Battle for the Code (2000)
Simon Singh, The Code Book (1999)
Calvocoressi, Top Secret Ultra (1985)
Earlier books (e.g. by Kahn, Lewin, Winterbotham) do not
really answer your question (i.e. were perhaps censored.)

--
Don Phillipson
Carlsbad Springs
(Ottawa, Canada)

In article <he73s5$ee...@theodyn.ncf.ca>,

This is certainly true of the Enigma, but is
certainly *not* true of "most ciphers". In fact it
would be considered a serious weakness in any
modern cipher.

Again, the enigma actually enforces this; at a
given place in the operation, if plaintext R would
be enciphered to ciphertext Q, it is certainly the
case that plaintext Q would be enciphered as R. In
fact, that is exactly how the operators decrypted!
As for your "elsewhere", I don't know quite what
you mean; at other points in the encryption
process, it is entirely likely that this might
happen, basically by chance.

Greg.
--
Greg Rose
232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C

There was a fascinating look at WWII codebreaking in the book "Battle of
Wits". Well worth searching out.  

"You must be an intellectual to believe such nonsense. No ordinary man
could be such a fool."
                  George Orwell

On Nov 20, 3:17 pm, "Don Phillipson" <e...@SPAMBLOCK.ncf.ca> wrote:

I guess one could view at least in some versions of
the ENIGMA as a very long keyed cipher with a very
short block. The block size being that of a single
character log(26)/log(20) around 5 bits. This made
it very easy to attack by only looking at the start
of message Does anyone know the Unicity Distance
in Characters for the different versions of the
ENIGMA.

 Since among others things since the ENIGMA is
such a short block and easily attacked using only
a ciphertext only attack mode.

 How much harder if the message where first encrypted
with standard enigma then do a bijective BWT
followed by another enigma pass. This would effectively
make the whole message a single block.

 Unlike the original ENIGMA if the first letter A
the output could be A.  Also if two messages identical
except for a singe character in mddle of the input
most likely the outputs will
be totally different again unlike ENIGMA.

 How much harder would it be to attack this in
a ciphertext only attack.

David A. Scott
--
 My Crypto code
http://bijective.dogma.net/crypto/scott19u.zip
http://www.jim.com/jamesd/Kong/scott19u.zip old version
My Compression code http://bijective.dogma.net/
**TO EMAIL ME drop the roman "five" **
Disclaimer:I am in no way responsible for any of the statements
 made in the above text. For all I know I might be drugged.
As a famous person once said "any cryptograhic
system is only as strong as its weakest link"

[snip]

A number of books are available from Bletchley Park Shop:

http://www.bletchleypark.org.uk/shop/index.rhtm/130825/cat.html