Federal authorities to use Enigma for encryption

The Enigma is about to make a comeback. The German Federal Office for Communications Security (BSK) is currently having 10,000 copies manufactured, which are to be used in all federal agencies under secret protection from May onwards.

English version (translated with DeepL)

The Second World War also brought an end to the use of the well-known Enigma encryption machine in Germany. There was a switch to other machines, and later electronic encryption devices prevailed.

Quelle/Source: Schmeh

According to a press release from the German Federal Office for Communications Security (BSK), however, the Enigma will soon make a comeback. All 122 federal authorities in Germany that are subject to secrecy protection are to use Enigma for encryption from May 2021. This applies in particular to data classified as “EU Districted” and “NATO Districted.” 10,000 new Enigmas are currently being produced for this purpose.

Comeback comes as no surprise

The BSK’s decision does not come as a surprise. In recent years, German authorities have had to contend with numerous IT security attacks, which have also repeatedly undermined encryption programs.

Most recently, the hafnium hack in particular made headlines in this regard. According to press reports, Hafnium manipulated numerous encrypted e-mails from high-ranking politicians, which meant that only meaningless nonsense came out when decrypting them. The attack was facilitated by the fact that no one noticed the meaningless nonsense in many politicians’ emails for several weeks.

The reverse case has also been documented. A hafnium Trojan caused numerous government emails that were supposed to be encrypted before being sent to be sent in plain text. Here, too, the security vulnerabilities were compounded by bad luck: Many of the government e-mails were worded so incomprehensibly that the content filters on the mail gateways did not catch on because they did not notice that the data was unencrypted.

Unlike today’s popular encryption programs, Enigma is not vulnerable to hackers, Trojans and other cyber-attacks. Moreover, unlike most modern encryption methods, the Enigma cannot be solved with a quantum computer, making it one of the methods of post-quantum cryptography. So the switch to the supposedly obsolete encryption device is understandable.

Security has gaps

But what about the security of the Enigma? It already proved to be inadequate during World War II, and with today’s computer-based decryption methods, an Enigma encryption can be cracked all the more. According to BSK President Erna Schonböhm, this problem has long been known. “However, experience shows that cyber attacks on encryption software pose a much greater threat than insecure encryption methods,” Schonböhm said, “so we accept possible vulnerabilities in Enigma encryption and are also planning some additional precautionary measures.”

As part of one such measure, a few days ago I received a letter from the BSK requesting that I remove all information about cracking Enigma messages from my blog. Of course I complied with this request. To my knowledge, Enigma deciphering experts like Frode Weierud, Michael Hörenberg, Olaf Ostwald and George Lasry have also received such notices. Indeed, without the help of such experts, it should become much more difficult to solve Enigma messages.

Another content of the BSK letter: Pictures of the Turing bomb, with which the British cracked the Enigma in World War II, may only be shown pixelated in the future. No details may be recognizable that might indicate how it works. Here is an example of how I will present images of the Turing bomb from now on:

Quelle/Source: Schmeh

I am still allowed to publish pictures of the Enigma in full resolution. After a transitional period of several weeks, however, the Enigma will also only be allowed to be shown in pixelated form.

The production of the 10.000 new Enigma copies will be done by the Berlin company Heimsoeth & Rinke. “The original blueprints are still available,” Schonböhm reports, “and we saw no reason to change them.” It is not yet known whether the new Enigmas will also have a plug board.

For security reasons, only e-mails with a maximum of 100 letters may be encrypted with the Enigma at federal agencies. Longer messages must be spread across multiple mails, with a different key mandated. File attachments must be Base64-encoded by users before typing.

“Admittedly, using an Enigma is a bit cumbersome,” Schonböhm admits, “but our security should be worth it to us.” In addition, he says, the company is working to improve user-friendliness. For example, the new Enigma is to get an “@” key.

Justified and unjustified criticism

As expected, the decision in favor of the Enigma has also been met with criticism. The Chaos Computer Club, for example, was of the opinion that instead of the Enigma, it would have been better to use the Swiss encryption machine Nema, which is not only cheaper, but also offers a higher level of security.

Quelle/Source: Schmeh

“Instead of relying on internationally recognized standards, they preferred a German invention by hook or by crook,” a CCC spokesman criticized, speaking of a ‘not-invented-here’ mentality that prevails among authorities in this country.

In contrast, the criticism by the tabloid magazine “Wild am Sonntag” seems completely unfounded and downright embarrassing. There, the headline read: “Authorities prefer to use helicopter service instead of e-mail”. Background: The editors of the paper had read that the Enigma is a rotor machine – and thought it was a helicopter.

If you want to add a comment, you need to add it to the German version here.

Further reading: My appearance in a new Hollywood movie

Linkedin: https://www.linkedin.com/groups/13501820
Facebook: https://www.facebook.com/groups/763282653806483/

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.