Quiz Entry - updated: 2026.03.11
Why was the Enigma's key size of ~10^17 not sufficient for security, despite being enormous for its time?
The Enigma had a key space of ~10^17 (approximately 56 bits), which was considered unbreakable in the 1940s but was defeated because structural weaknesses drastically reduced the effective key space.
Key facts:
- The Enigma's rotor system produced ~10^17 possible configurations
- This corresponds to roughly 56 bits — theoretically equivalent to single-DES
- In 1943, this was considered absolutely uncrackable by brute force
The structural weaknesses exploited:
- No letter could encrypt to itself — the biggest flaw. If you guessed a word appeared at a certain position ("crib"), you could rule out positions where any letter mapped to itself
- Predictable message formats — German operators used standard openings like weather reports ("WETTER") and "HEIL HITLER", giving the codebreakers known plaintext (cribs)
- Repeated rotor settings — operators sometimes reused settings or used lazy patterns (e.g., three adjacent keys like "QWE")
- The reflector made the cipher reciprocal (encrypting was the same as decrypting), which halved the effective permutation space
- Double-enciphered message keys — early Enigma protocol encrypted the 3-letter message key twice at the start, creating a pattern Marian Rejewski exploited to deduce rotor wiring
Who broke it:
- Marian Rejewski (Polish mathematician, 1932) — first to break Enigma using the double-key weakness and mathematical group theory
- Alan Turing (Bletchley Park) — built the "Bombe" machine to automate crib-based attacks, exploiting the no-self-encryption property
- Tommy Flowers built Colossus (1943), the world's first electronic computer, to break the Lorenz cipher (a different German cipher)
The principle this illustrates: A large key size is necessary but not sufficient for security. Structural flaws in the algorithm and operational mistakes by users can make a theoretically strong cipher practically breakable.
Modern parallel: Single-DES (56 bits) was broken by brute force in 1999 in under 24 hours. The Enigma's equivalent key size would be trivially breakable today.