Comments
Erdem Memisyazici • June 25, 2024 3:14 PM
If a military group was using such a machine I would assume that the person writing it must never leave a secured area and the person carrying/transmitting the encrypted message must not know what it says.
4 hours to decrypt it is not bad. Locking someone in a room and injecting them with chemicals to talk would probably take longer but I’m sure it served its purpose at the time as stated. It’s cool that they also abided by RFC 2549 throughout this process.
Christos T. • June 26, 2024 12:36 AM
The converter M-209 was the medium level cipher system of the US military in the period 1943-45. The US Army used it at Division level (Division-Regiment-Battalion and even up to Corps) also widely used by the USAAF and US Navy.
The regular solution of the M-209 in the period 1943-45 was an impressive achievement for the German side and also the Japanese had some success from late 1944.
Regarding its cryptosecurity the expert on classical cipher systems George Lasry has stated:
(http://scienceblogs.de/klausis-krypto-kolumne/2018/01/21/top-50-cryptogram-solved/)
‘One comment about the security of the M-209. The claim that the Enigma is more secure than the M- 209 is disputable.
1) The best modern ciphertext-only algorithm for Enigma (Ostward and Weierud, 2017) requires no more than 30 letters. My new algorithm for M-209 requires at least 450 letters (Reeds, Morris, and Ritchie needed 1500). So the M-209 is much better protected against ciphertext-only attacks.
2) The Turing Bombe – the best known-plaintext attack against the Enigma needed no more than 15-20 known plaintext letters. The best known-plaintext attacks against the M-209 require at least 50 known plaintext letters.
3) The Unicity Distance for Enigma is about 28, it is 50 for the M-209.
4) The only aspect in which Enigma is more secure than M-209 is about messages in depth (same key). To break Enigma, you needed a few tens of messages in depth. For M-209, two messages in depth are enough. But with good key management discipline, this weakness can be addressed.
Bottom line – if no two messages are sent in depth (full, or partial depth), then the M-209 is much more secure than Enigma’.
sqall • June 26, 2024 3:35 AM
While i do not have the crypto-chops to understand the paper fully, it is weird in another way: The authors cite from the translation of a german-language document that was found buried, supposedly, in 1947 in a camp outside Salzburg, Austria (‘DF-114’, unclear whether that designation is for the original or the translation). This document was then translated DE->EN, but some german terms and formulations were left, prudently, probably to hedge against translation errors. Sadly neither the german nor the original translation are available (links in the paper are to ‘not yet online’ national archives material), but the paper’s authors insert some quotes. Those are extremely suspect.
** the title of the ‘german’ document “Technisches Erlaueterung zur maschinellen Bearbeitung von AM-1 Kompromisstextlösung auf 5er Texttiefe” – one umlaut (ö) was spelled out, the other, spelled out with an e (‘aue’ – correct would have been äu), grammar mistakes and the term ‘Kompromisstextlösung’ (‘compromise’ in Englisch has a double meaning, of which only one (‘result of negotiation’) is covered by the german ‘Kompromiss’, so the term ‘Kompromisstextlösung’ would translate to ‘solution regarding a text found after negotiations’, but not ‘solution regarding compromised/cracked text’) – this reeks of EN->DE translation not of DE original text.
** the paper shows a technical drawing from the translated document. it is annoted, in the drawing, in english, and breaks so many rules of german technical drawings it borders on the ludicrous
** throughout the paper, some of the terms are shown in the ‘original’ german, but the english term always fit better to the described situation (example: an ‘arm’ that was supposedly translated from german ‘Zeiger’ – but the described situation would suggest that the german term ‘Arm’ would have been used (which also translates to ‘arm’) ), or are outright wrong (‘test circuits’ supposedly was ‘Diskussionskreise’ in the german original. ‘Diskussionskreise’ translates to ‘talking circle’ (as in small groups of people talking about a subject) )
Either the authors of DF-114-original were english speakers producing german text, or the original got lost before DF-114-translation was complete, and the authors just winged it, or some convoluted counter-counter intelligence was going on.
sqall • June 26, 2024 5:21 AM
While i still have misgivings, a possible scan (the national archives do not have it up, yet) of the ‘DF 114’ report can be seen on https://docs.google.com/file/d/0B_oIJbGCCNYeNXV4Sm1BT1FXblk
It clears up the problem of the drawings: they were done by an analyst, working from drawings done by someone explicitly mentioned to be not a mechanical engineer. It also has a different spelling of the original german title, without any umlaut, which is far more believable for an english typewriter. The weirdness of ‘Kompromisstextlösung’ and other linguistic peculiarities still remains, though. Without the german source material this is highly suspect.
What Price common sense? • June 26, 2024 7:07 AM
@Bob
“… just a week or two after Techdirt revamped their moderation system due to excessive toxicity.”
It’s not unexpected, the level of toxicity is going up due to political events in the world.
Even Alphabet’s sub organisations are pushing increasing levels of political toxic nonsense in search results.
The question is
‘Is it policy or people know how to fritz with the search algorithms?’
As results on other search engines like that of Microsoft have increasingly become “right wing authoritarian” in recent times I’m guessing that it’s not accidental.
As we know from past endeavours making Microsoft AI totally toxic in 24hours or less is a sport for some people.
I would therefore expect AI-v-AI to become like “Pro Wrestling” and just as phoney, before becoming more boardgame like.
Think of it as a new version of “Capture the Flag” in the making.
But how new?
Well back in 1984 for 8bit computers there was a game called Bannercatch for the Apple ][ and other computers in popular use in schools as a “learning aid”. In essence you had to play against four “Robot” AI’s…
Eriadilos • June 26, 2024 2:58 PM
This may be a dumb question but I was wondering : is it possible for a hash function to output the string it was given as an input ?
If one such value was found, what would be the implications for the hash fonction ? Would it be a minor oddity or would it completely/partially break the function ?
Bob • June 26, 2024 7:49 PM
@Erdem Memisyazici
It’s cool that they also abided by RFC 2549 throughout this process.
golfclap
JonKnowsNothing • June 26, 2024 10:34 PM
@Eriadilos , @All
re: Same value returned input-output
At the lower level everything is 11110000. All other interpretations are various overlays with different start-end points blocks: eg 4, 8, 16, etc. Depending on the overlay the underlay will still be 11110000.
Current exploit of this overlay can be seen with URL spoofing. Where characters or values in one overlay renders as the same or similar value as the base overlay but the underlay redirects the URL. Generally to somewhere you didnt want to go.
The mechanism for this issue is below the hash function.
Having a hash function clash is common and generally there is a subroutine to deal with clash tables.
Christos T. • June 27, 2024 12:44 AM
@sqall:
In 1947 the US occupation authorities retrieved the files of the German Army’s codebreaking agency, called Inspectorate 7/VI. These had been buried at the end of the war in a camp in Austria.
The list of the documents that were retrieved is available from NARA as TICOM report IF-272 Tab ‘D’:
https://catalog.archives.gov/id/2811501
In page 12 of that report, it says: ‘Technische Erlaeuterung zur maschinellen Bearbeitung von AM 1 Kompromisstextloesungen auf der Texttiefe’.
The translation of that report is TICOM DF-114 ‘GERMAN CRYPTANALYTIC DEVICE FOR SOLUTION OF M-209 TRAFFIC’ and was released by the NSA to NARA in 2011 and copied and uploaded by me to Scribd and Google drive in 2012.
You can find it at NARA: https://catalog.archives.gov/id/23889821
Clive Robinson • June 27, 2024 1:58 AM
@ Eriadilos
Re : Hash function
“is it possible for a hash function to output the string it was given as an input ?”
You do not say what sort of “hash function” you are talking about.
The basic notion of a “hash function” is one designed to output a distinguisher of the input in a much shortened form. Often used as a method of indexing.
There is nothing in that very general definition to say that any input of the same length as the hash output can not be the same.
If you think about a hash it has two parts,
1, A compression function
2, A mapping function
(These can be combined in some way and often are.)
Simple logic tells you that the mapping function can only output it’s input if it does not invert one or more bits of the input.
More complex logic applies to the compression function. Because if you think about it, the hash can be seen like the least significant digit of a counter. That is there is an infinite number of input strings longer than the hash function output thus there must be an infinite number of input strings that give the same output string.
But when the “effective internal state” size of the hash is exceeded then information is lost and can not be recovered. But using correct design the issues arising can be “designed out”.
So it is possible to design the overall hash function so that you do not get an output that matches the input.
emily's post • June 27, 2024 12:17 PM
I’m not sure whether the proposal to have a sub-event at the Burning Man festival called “Burn before Reading”, that was a crypto bake-off comparing all the mechanical systems, was ever realized.
@Eriadilos
is it possible for a hash function to output the string it was given as an input ?
If the hash function is any good then for inputs of the same size as the output it should be a random permutation.
The probability that a random permutation has no fixed points is 1/e, around 37%.
The expected number of fixed points for a random permutation is 1.
Subscribe to comments on this entry
Leave a comment
All comments are now being held for moderation. For details, see this blog post.
Sidebar photo of Bruce Schneier by Joe MacInnis.
Bob • June 25, 2024 2:30 PM
Interesting seeing moderation changes here just a week or two after Techdirt revamped their moderation system due to excessive toxicity.