Talk:M-209

From Wikipedia, the free encyclopedia

WikiProject on Cryptography This article is part of WikiProject Cryptography, an attempt to build a comprehensive and detailed guide to cryptography in the Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks.
WikiReader Cryptography It is intended that this article be included in WikiReader Cryptography, a WikiReader on the topic of cryptography. Help and comments for improving this article would be especially welcome. A tool for coordinating the editing and review of these articles is the daily article box.
To-do list for M-209: edit · history · watch · refresh

None listed.

[edit] The key

The page currently says the M-209's wheels were used to set the key:

From the code clerk's point of view, the M-209 was simple to operate. There were six wheels on top of the box that each displayed a letter of the alphabet through a window, and he could set these six wheels to provide the key for enciphering a message. This only gave a limited number of possible keys, but as will be discussed momentarily there were internal settings as well that could provide a much greater range of key settings.

However, David Kahn in The Codebreakers (see pp: 428-429) says that the key material consisted of the settings of the pins on the wheels and the positions of the lugs on the "cage". The positions of the wheels were set to a random position which was transmitted in the clear to the recipient. In other words, the initial positions of the wheels acted like an initialization vector.

I'm inclined to trust Kahn, but I was wondering if there is another source which contradicts him. I'll wait a few days and then make the change. Peter 03:27, 17 Aug 2004 (UTC)

Yep, it seems it could do with fixing. The manual [1] talks about "internal" and "external" "keying elements"; as you note, the initial positions of the wheel ("internal") were used as an IV, and sent in the clear (or optionally encrypted somehow). The "external keying elements" were the positions of the lugs and the settings of the pins. — Matt 03:49, 17 Aug 2004 (UTC)

FYI, the report of the German crack of the M-209 comes from David Kahn's "The Codebreakers", pp. 460-461. Peter 03:07, 21 Aug 2004 (UTC)


An article (in German) about the breaking of the M-209 and other allied codes has appeared yesterday in Telepolis, based on the personal recollections of a former member of the unit who did the crack ("FNAST 5"). Might contain interesting new information, although it does not seem to have been verified yet. regards, High on a tree 12:40, 24 Sep 2004 (UTC)

[edit] Unpublished result: should we weasel it?

Referring to:

"In the 1970s, US researchers Jim Reeds, Dennis Ritchie and Bob Morris are claimed to have developed a ciphertext-only attack on the M-209 that could solve messages of around 2000–2500 letters long. After discussions with the NSA, the authors were persuaded not to publish it as the principle was applicable to machines then still in use by foreign governments."

Should we include the "are claimed to have" bit? I suppose we should look at what sources exist support this; if it's just Ritchie's web page, we should probably keep something like "they claim to have". — Matt Crypto 09:25, 10 September 2006 (UTC)

Even though I'm personally willing to take Ritchie's word on it, I agree with Matt's concern about citing an unpublished paper as fact. Is anyone willing to contact one of the authors and ask if they're ready to publish? inkling 12:02, 10 September 2006 (UTC)
Jim now works for IDA/CRD and is therefore probably not now in a position to publish anything about cryptology.
I removed the "claimed to" since in fact I have read the cited paper, and it does spell out a workable method as advertised; also the "claimed to" read like a challenge to the veracity of the claim, which so far as I am aware has never been seriously challenged by anybody. Since the work and paper is mentioned in Dennis's "Dabbling in the Cryptographic World", which is already a cited reference for the article, you have a separate form of verification. I'm pretty sure several others have seen the paper over the years, via its authors providing copies on request. I could describe the method, which is a reasonably obvious one that various people must have independently thought of (I came up with something similar for attacking block cipher systems), but I feel the particular application to the M-209 is the intellectual property of its authors and one of them should be the one to describe it or release the paper. I think the verifiability requirement is satisfied sufficiently well for the purposes of this particular statement, and that "claimed to" adds nothing of value and detracts from the impact of the text. — DAGwyn 22:53, 12 September 2006 (UTC)
I agree that the "claimed to" does carry an overly-strong connotation of doubt. On the other hand, I don't think we should assert without qualification a result from an unpublished paper on claims the author makes on a website: it's not strong enough a source. However, it is strong enough a source to repeat the claim, so I've tried to reword it to describe what Ritchie says. It might be a bit clumsy at present, so feel free to try and reword it, but I think something along these lines is needed. — Matt Crypto 08:50, 18 September 2006 (UTC)
It looks good enough to me. — DAGwyn 05:35, 19 September 2006 (UTC)