LOGBOOK

HELP

Quiz Entry - updated: 2026.03.11

Why was the Enigma's key size of ~10^17 not sufficient for security, despite being enormous for its time?

The Enigma had a key space of ~10^17 (approximately 56 bits), which was considered unbreakable in the 1940s but was defeated because structural weaknesses drastically reduced the effective key space.

Key facts:

  • The Enigma's rotor system produced ~10^17 possible configurations
  • This corresponds to roughly 56 bits — theoretically equivalent to single-DES
  • In 1943, this was considered absolutely uncrackable by brute force

The structural weaknesses exploited:

  • No letter could encrypt to itself — the biggest flaw. If you guessed a word appeared at a certain position ("crib"), you could rule out positions where any letter mapped to itself
  • Predictable message formats — German operators used standard openings like weather reports ("WETTER") and "HEIL HITLER", giving the codebreakers known plaintext (cribs)
  • Repeated rotor settings — operators sometimes reused settings or used lazy patterns (e.g., three adjacent keys like "QWE")
  • The reflector made the cipher reciprocal (encrypting was the same as decrypting), which halved the effective permutation space
  • Double-enciphered message keys — early Enigma protocol encrypted the 3-letter message key twice at the start, creating a pattern Marian Rejewski exploited to deduce rotor wiring

Who broke it:

  • Marian Rejewski (Polish mathematician, 1932) — first to break Enigma using the double-key weakness and mathematical group theory
  • Alan Turing (Bletchley Park) — built the "Bombe" machine to automate crib-based attacks, exploiting the no-self-encryption property
  • Tommy Flowers built Colossus (1943), the world's first electronic computer, to break the Lorenz cipher (a different German cipher)

The principle this illustrates: A large key size is necessary but not sufficient for security. Structural flaws in the algorithm and operational mistakes by users can make a theoretically strong cipher practically breakable.

Modern parallel: Single-DES (56 bits) was broken by brute force in 1999 in under 24 hours. The Enigma's equivalent key size would be trivially breakable today.

From Quiz: KRYPTOG / Introduction to Cryptology | Updated: Mar 11, 2026