BLETCHLEY, England—In a humble array of buildings surrounding a country estate here, the breaking of code helped break the back of the Axis powers during World War II. That alone makes a visit to Bletchley Park a must for anyone studying the history of cryptography.
The accomplishments of Bletchley Park’s unconventional team—by the war’s end, 75 percent female—can rank only as epic. British code breakers, building on pioneering work by their Polish counterparts, defied immense odds to defeat Nazi Germany’s Enigma encoding machines and their roughly 159 quintillion different encryption permutations, with initial encoding combinations changed daily.
A few hours spent wandering around the huts here should yield a much better sense of that effort’s difficulty. But it should also offer useful lessons for today’s arguments over encryption.
Opsec at scale is hard
(Keep your team focused. Educate and motivate.)
Bletchley Park’s boffins beat Berlin’s cryptographers, thanks to exhaustive work and breakthrough logic from such mathematicians as computing pioneer Alan Turing. The Axis’ armed forces also inadvertently helped them by letting consistency creep through their cryptography—mistakes that any target could make today.
An Enigma operator, for example, was supposed to randomize each day’s designated encryption settings—the starting positions of three internal rotors and the arrangements of wires on an external plugboard—by typing random letters into this desktop device. A scrambled version of those letters would then be sent at the start of the message twice, just in case radio glitches garbled it the first time.
A panel on a wall in Hut 8 recounts code breaker Mavis Batey seeing how boredom led Enigma operators to weaken that defense: “You were supposed to be encoding a message to your general, and you had to put three or four letters in these little windows. And in the heat of the battle, you would put up your girlfriend’s name or dirty four-letter German words.”
“Human factors in encryption are tremendously important,” says Steve Bellovin, a computing pioneer and a professor at Columbia University. “A high percentage of [Bletchley Park cryptographers’] successes came because of German operational mistakes.”
“Oftentimes, it’s the human element that gives people away the fastest,” agrees Amie Stepanovich, U.S. policy manager for Access Now, a digital-rights group that, among other things, works to help secure the communications of dissidents and journalists.
Bureaucratic routine was another frequent handicap to German and Italian operational security. One exhibit notes how weather messages almost always began with “Wetter,” German for that noun.
Oversights like that continued even as the Germans deployed more advanced enciphering machines. Their Lorenz series of encryption devices saw their first defeat in 1941, when an operator saw that a message failed to transmit and began resending it in slightly condensed form under the same key—allowing Bletchley’s code breakers a valuable peek into Lorenz’s logic.
Bellovin says the Germans hurt their own cause by ordering people to follow difficult procedures without offering a rationale.
“In the name of cryptological security, they never explained the reasons for things,” he says. “People cooperate more when they understand what the threats are.”
Brute-force attacks can take many forms
(Be wary of how you use your fixed ingredients—and of your enemy’s mutual tools.)
The largest stash of cryptography candy at Bletchley Park awaits in Hut 11A, where exhibits break down the mechanical workings of Bombes—the calculating devices Turing designed to test decryption codes at speeds beyond human capability.
A re-creation of a Bombe whirs to life every few minutes, its wheels spinning and clicking as those of originals did here and in satellite locations across the United Kingdom and on the East Coast of the United States.
READ MORE ON ENCRYPTION
What ‘EFail’ means for your email privacy
Could strong encryption and backdoors coexist? Nope, experts say
Can we abandon email for secure messaging? Not so fast
Why weakening encryption can hurt you
Forget encryption backdoors. The feds really need this (Q&A)
Special report: the encryption debate
While the mathematically inclined will want to linger over adjacent displays inviting them to try to pick out patterns in encrypted text, most visitors might gain an appreciation here for how sustained and intense math can pound the opacity out of an algorithm.
Hut 8 relates to a different type of brute force: the Royal Navy’s successful efforts to seize German ships before their crews could destroy their codebooks. That “pinching” campaign ended 10 months in which German Navy transmissions had returned to opacity, thanks to that branch upgrading to a version of the Enigma with four rotors instead of the original three.
A short video in Hut 8 dramatizes a costly episode in this campaign, during which two Royal Navy sailors swam to a compromised U-559 German submarine, obtained codebooks from German soldiers onboard, and passed them to a third Royal Navy sailor. The third sailor escaped the sub, with the documents, just before it rapidly sank; the first two did not.
Today’s encryption schemes don’t rely on pre-printed sheets of settings sent out from headquarters, but they all have to incorporate fixed ingredients to allow decryption.
And when fixed ingredients—unlock codes, cryptographic keys, biometric indicators—are stored in more than one place and are set up to decrypt more than one end point, the appeal of a brute-force attack increases. Especially if it doesn’t require sending men to their deaths.
Widespread adoption of the same basic cryptographic architectures, meanwhile, should have invalidated the “us vs. them,” “Allies vs. Axis” notion that we can attack the bad guys’ encryption without risking our own. But in today’s popular mind-set, it hasn’t.
“Today, we’re all on the same network; we all use the same tools; we all use the same encryption algorithms,” Stepanovich says. Yet “we somehow still believe we should get to the communications of only the people who intend to do some harm.”
The most valuable hack is one the target refuses to believe happened
(Use deception to keep your enemy off your trail.)
One of the most remarkable bits of Bletchley Park’s exploits was how the Allies successfully spoofed the Axis powers into thinking that no such operation existed. In essence, they exploited a zero-day vulnerability for thousands of days.
Bletchley’s exhibits note the care the British Royal Navy and Air Force took to conceal their code-breaking pursuits.
One early tactic involved crediting a nonexistent MI6 spy code-named Boniface with controlling a network of German agents. Another involved seeding a story among captured Germans and other likely storytellers that “we had absolutely miraculous radar which could detect a U-boat, even if it was submerged from hundreds of miles,” historian and former Bletchley staffer Harry Hinsley recalled in a 1993 speech.
In reality, Hinsley said, “Every one of those ships, before it was attacked and sunk, had to be sighted by a British aeroplane or submarine [that] had been put in a position in which it would sight it.”
Germany didn’t see through those deceptions. And it did not detect, nor try to subvert, weaker points in the code-breaking operation, including the dispatch riders carrying intercepts of encrypted transmissions to Bletchley. (Their instructions, as described on a label next to a 1943 Norton WD16H motorcycle in a garage—“zero curiosity about what is carried, except for the destination and any priority on the dispatch envelope”—evoke petrol-powered Internet Protocol routing.)
The Germans “were perfectly willing to believe any other excuse rather than believe that their cipher was being cracked,” Bellovin says. “People are rationalizing animals, and so they rationalized.”
The subsequent seven decades have provided numerous examples of vulnerabilities going ignored, even as we’ve gotten better about finding these flaws through penetration testing and bug bounties.
So far, we’ve been lucky not to discover hostile exploitation of such long-dormant “vulns” as the Krack weakness in Wi-Fi encryption, the Spectre and Meltdown processor bugs, and the Efail flaw in mail encryption…unless, like Bletchley’s adversaries, we remain a few years from learning otherwise the hard way.