|
|
|
|
|
|
In the story below, we've tried to explain why we have created the
Crypto Museum and why we spend so much time with it. The text will also be
available for download in due course, both in English and in Dutch.
Cryptography - or crypto for short - is all around us: in our credit card,
in our car keys, as part of electronic banking and even in our web browser.
Crypto is generally used to exchange secret messages.
In a war it is important that secrets are kept secret, so it doesn't
come as a surprise that it plays an important role at the Department of
Defense. That was the case during WWII and also in the dark days of the Cold War. And it is still the case today.
But crypto also plays an important part in our personal life today.
By collecting crypto equipment, we try to capture an important part of
our history. A part that has been kept secret for a long time.
If we don't act now, we might lose it forever. The website is our attempt to
describe the equipment to the best of our abilities.
Whenever possible, we will also try to explain the operating principles and
the underlying history.
If we succeed in this mission we may all learn from it.
The majority of equipment in our collection is in full working order and
we are doing our very best to repair any broken or incomplete devices,
so that we can demonstrate them to the public.
Although at present Crypto Museum is a virtual museum, we want to share our knowledge with as many people as possible. We are therefore seeking to
co-operate with other museums whenever we can.
At the same time we are trying to raise the profile of technology in general;
a profession that tends to be forgotten.
August 2010
Paul Reuvers & Marc Simons
|
|
|
|
Crypto Museum is an initiative of Paul Reuvers and Marc Simons, both self-employed
engineers from Eindhoven (Netherlands). Paul started his software company
X-Ample Technology BV in 1986.
He has specialized himself in developing embedded software, user interfaces
and in writing health-care software. Most of the embedded software is developed
in co-operation with Marc's hardware division.
Marc founded his company YiG Engineering BV in 2000 and
specializes in electronics development,
sometimes called hardware, for a variety of applications ranging from the
Senseo coffee machine to state-of-the-art FPGA designs, for companies such as
Philips and Xilinx. He also developed the control system for a well-known
old people's scooter brand.
One of his latest projects is an intelligent weed-control system that he
developed in close co-operation with Paul.
|
We started Crypto Museum in 2004, but our interest in technology dates back to our
youth. Already at an early age we were considered 'strange people'. Always busy with
wires and a soldering iron. Building model trains, transmitters, audio amplifiers
and eventually becoming radio hams and electronics engineers.
Later in life we - surprisingly - both took the step to establish our own company.
To do things our own way. It gave us the liberty to take on the projects that really
interested us, but it also brought great responsibility with it.
After all, we want our customers to be happy, as in the end they have to pay the bills.
Today, we both have a good running enterprise, but to our sadness we see the interest
in technology from young people declining rapidly.
As if everyone wants to become a manager these days...
That said, our society still has an enormous need for new technicians. Perhaps now
more then ever.
|
It all started in 2001 when a friend - Nanno van Haaften - lent us the book
Enigma by Robert Harris.
Reading is not the most favorite activity of most engineers, but
he insisted that we'd read the book as, according to him, it was a most appealing story.
And he was right. Although it was a novel, it was a most fascinating story.
How was it possible that the British broke the Enigma codes during WWII.
Why was this story kept secret until 1974?
And where was this place Bletchley Park ? Did it still exist?
In fact we were so fascinated about the story, that we booked at boat to the UK
a few weeks later, and spend our holidays at Bletchley Park, or BP as it is caringly
called.
When we arrived at BP, we saw buildings in decay and an improvised museum.
But despite all that, we were presented with a complete and clear picture of what
happened there during WWII.
We walked the so-called Crypto Trail and were educated with all
stages of a secret German message. From its origin, through interception, to
the breaking of the codes and finally the intelligence derrived from it.
At the end of the trail there even was a real Enigma machine!
We were overwelmed; what a beautiful place this was. We spend three days at BP
and soaked up everyting. The smell of the old huts, the old cipher equipment
and perhaps even the Enigma-ghost. Everything matched with the book as in a
real deja-vu.
One of the nicest things about British people is that, as soon as they notice
your interest, they are prepaired to explain things in great detail.
From the intercept stations, the so-called Y-Service, to the
Bombe machines that were used for breaking the Enigma messages.
Robert Harris' novel Enigma became reality for us.
Apart from the Crypto Trail, BP had a lot more to offer.
Many cipher machines were on display and the principles behind codemaking
and codebreaking were demonstrated.
We came to realise that there was a complete business behind this hush-hush
crypto stuff. (If you search the internet, you will soon realise that this
is still the case today.)
The technology behind the cipher machines is really fascinating.
From a mechanical point of view, some of the machines are real marvels
of human engineering.
A fews days later we were on the boat back to The Netherlands. We booked
a cabin, so that we could sleep during the 10 hour trip, but the Enigma kept
us awake. We spend the entire night day-dreaming about how wonderful it would
be to posess our own Enigma machine.
When we arrived home, we immediately started to work out the concept of an electronic
version of the Enigma. It would give us, and everybody else, the ability to own
an affordable Enigma machine. The results of our efforts were an
Enigma computer simulation for RISC OS computers
(Acorn) and the now famous Enigma-E self-build kit.
Both 100% compatible with a real war-time Enigma machine.
By now, we were truly contaminated with the Crypto-Virus...
|
In the summer of 2003 we went back to BP. This time with a working prototype
of the Enigma-E under our arm.
We wanted to show it to people at BP and to find out whether it would be an
interesting product for the museum shop. It was just a gamble as we were not
certain whether or not a self-build electronics kit would actually be of interest
to the public.
We were lucky, as we happened to have picked the weekend of the annual Enigma
Reunion and the park was crowded with people 'in the know'. On the first day we
met well-known Enigma researcher David Hamer with whom we had so far only exchanged
e-mails. David noticed the small wooden box under Marc's arm and asked what it was.
We demonstrated the Enigma-E to him and David immediately fell in love with it.
He insisted that we would talk to the BP director.
Although it was an extremely busy weekend, David had successfully persuaded BP
director Christine Large to grant us a five minute slot. The rest is history.
Christine spend more than an hour with us and the Enigma-E, and immediately
recognised its promotional potential. And it wouldn't be long before the first
batch of kits was delivered.
That night, David invited us to a closed meeting of the American Cryptogram
Association (ACA) who happened to be at BP that weekend as well.
The ACA is a group of interesting people who share the same 'strange' hobby.
Many of them are collectors of cryptographic devices and related equipment.
It was a real eye-opener to us and we immediately felt comfortable in this
company of friends. The next day we had to admit to ourselves that the
Crypto-Virus had really gotten under our skin.
Since then we have become regular visitors of BP and we know many people
there now. We made contact with other visitors and collectors and even after
all these years, it still is an inspiring place to spend our holidays.
|
|
|
The birth of Crypto Museum
|
 |
|
|
In the spring of 2004, the first small cipher machines crossed our path.
On a local aution website, we found our first Hagelin C-446 and a few days later we
showed it to our good friend Cor Moerman. Cor, who is the curator of the
Dutch Ham Radio Museum, immediately recognised our enthusiasm and told us
that he also had a Hagelin that was dusting away somewhere on a forgotten shelf.
It didn't fit in with his collection, he said. So then we had two Hagelins.
He also jokingly warned us about collecting. If this really takes off, he said,
you may have to establish a real 'Crypto Museum' in a while. At the time,
we had no idea that we would one day have to acknowledge his 'vision for the future'.
After a few years of collecting equipment and stories, Crypto Museum suddenly
became reality in 2008. Cor Moerman came up with the idea to setup a special
exhibition dedicated to 'secret messages',
and asked for our help.
Many objects from our collection were given on loan to his museum and they were
complemented with items from Cor's own collection, the collections of Jan Rijnders,
Arthur Bauer en some others. It was a big experiment, but it turned out to be a
huge success: there were days that some people left the building because
it was too crowded!
It was a big compliment to all of us, but especially to the museum volunteers
and the many visitors who told us their fascinating stories.
The exhibition brought us in contact with many new people and they in turn
have offered us numerous new objects.
Early in 2009 we started work on the Crypto Museum website and it finally came online
in August of that year. We felt the need to share our knowledge with others
and let the world enjoy the things that we have collected. With the website,
we have effectively established a virtual museum. It is open 24/7 and it
gives us the ability to exhibit our collection and bring us in contact
with even more new people and objects.
It has greatly helped expanding the collection.
One of the goals of a museum is to share knowledge. This can be out of personal
interest or as part of a research project. And it seems to work: we get frequent
requests from students needing help with their talks, or from former employees
of the Department of Defence who want to see 'their old kit' again.
In addition we give about 10 to 15 talks on the subject every year and we are
working together with other museums when setting up new exhibitions.
|
|
|
Fascination for Cryptology
|
|
|
|
The techniques behind cryptography are really fascinating.
Early systems, like the Caesar Cipher
and the Vigenère Cipher
were mainly based on simple alphabet subsitution.
Who hasn't used these seemingly 'unbreakable' methods as a child,
for exchanging messages with friends?
In the 20th century, the first mechanical cipher machines appeared.
Big names in Europe in those days were
Chiffriermaschinen Aktiengesellschaft (Enigma)
and Hagelin.
Such machines are often called rotor machines as most of them consist of
a series of rotating wheels.
Rotor machines are very popular among collectors (including ourselves),
mainly because they are the last generation of cipher machines were you can actually
see how it works.
Furthermore they are relatively easy to repair and maintain.
With rotor machines, the cryptographic key is mainly based on the settings of
the rotors at the beginning of a message.
They are all based on symmetric key cryptography as the keys for coding and
decoding are identical. The advantage of all these systems is that the key is much
shorter than the actual message, effectively replacing a large secret by a smaller one.
|
The early 1950s saw the rise of digital telegraphy, sometimes called Teletype or Telex.
Letters were transmitted as a series of digital bits, and messages were stored on
so-called punched paper tape. It allowed larger messages to be sent at much higher speed,
and called for faster cipher machines.
For military applications, an ancient truely unbreakable cipher was given a new lease
of life. The One Time Pad (OTP), was converted for use with teletype machines
and became the heart of so-called Mixer Machines like the
Philips Ecolex 4
and the Siemens M-190.
Imagine a noise generator that would produce truely random (and therefore unpredicatable)
numbers that were written to a punched paper tape. Of that tape, only one copy was made.
It was sent to the other end of the communication link by means of a courier.
Plain-text of the sender was 'mixed' with the key-tape using the
Vernam Cipher principle (XOR). The key-tape would only be used once
and was destroyed immediately after use. This way, a secret will forever remain secret.
The disadvantage of OTP systems is that the key has to have at least the same length as
the message itself in order to prevent repeats in the key. For the same reason, an OTP
can only be used once.
The major drawback of this system is the problem of key distribution.
Both sides would need sufficient supply of key tapes and you had to
know in advance who you wanted to exchange messages with. In practice, this method
appeared too cumbersome for field use.
Nevertheless, it remained in use for a long time for messages at the highest level in
situations where secrecy was paramount.
During the cold war, the Americans and the Russians exchanged messages with
each other via the Moscow-Washington hotline, using this principle.
Did you ever hear the enless ranges of seemingly random numbers being read
by a woman on the short wave band during the days of the Cold War? Well,
they were secret messages for foreign spies operating in our countries. And they
were enciphered with the unbreakable OTP.
By the way, this also accounts for the presence of spy radio equipment
such as the Russian R-353 on our website.
Strangely enough, number-transmitters are still in operation on short wave today...
|
|
|
Asymmetric Key Cryptography
|
|
|
|
In the 1970s, digital microprocessors became widely available and it
wasn't before long that they were used in a new generation of cryptographic
equipment. In 1976, Whitfield Diffie and Martin Hellman introduced a new method
for safely exchanging message keys over an insecure channel.
The same method was independently invented by GCHQ
a few years earlier.
The method is entirely based on mathematics and consists of a public key that is
derived from a chosen private key. Both parties exchange their public keys
and it is impossible to reconstruct the private keys from the public keys.
This method is called asymmetric key cryptography.
Once the keys have been exchanged with asymmetric methods, the message itself
can be transmitted using existing symmetric cryptography.
|
In recent years, the internet has become increasingly popular for exchanging
messages, even within the Department of Defense.
Cryptographic systems have changed into 'black boxes' that allow secure
systems to exchange information over insecure networks.
Such boxes only have a handful of connectors, switches and indicator lights
and there is nothing much to see anymore.
Inside the boxes are extremely powerfull digital processors and
Field Programmable Gate Arrays (FPGAs),
executing serious mathematical algorithms.
Over the years, cryptography has evolved from simple mechanics to pure mathematics
at the highest possible level. Only a handful of people are capable of developing new
cryptographic techniques.
At the same time, codebreaking, or cryptanalysis, has become a serious business.
With the increasing processing power of modern computers it is now possible to break
a cipher that was believed to be unbreakable only 10 years ago. The rate at which
cryptographic systems are broken is increasing, which means that the live span of
encryption devices is decreasing equally fast.
In the past, crypto systems were thought to be safe for, say, 15 to 20 years.
In 2010 however, systems were considered safe for just a couple of years;
with a maximum of 10 years for military equipment.
|
During WWII, the German Army used the Enigma cipher machine
for secret radio messages. It helped them fighting an efficient Blitzkrieg
which no doubt has cost thousands of lives. It shows that cryptography can be used
as a tactical weapon. A nurdy mathematician can beat an army of a thousand
muscular Rambos. Fascinating, isn't it?
At the same time, mathematicians, like the brilliant Alan Turing who worked at BP,
were at work to exploit cryptanalysis to break the German codes, which - no doubt-
has saved numerous lives.
Today, cryptography is everywhere. Our credit cards, debit cards, ATM machines, car keys,
weapon systems and even communication with the Vatican; they all involve some kind of
cryptography. Even when we are not at war, cryptography is used to protect a secret
for a certain period of time; it is effectively used to 'gain time'.
Cryptalanysis, the art of codebreaking, is also everywhere. Just think about the NSA,
Echelon, GCHQ and in The Netherlands the AIVD and MIVD; they have all specialised in
deciphering and reading messages.
|
One of the problems we faced when creating the Crypto Museum website, was that we were
not always certain about whether or not we were allowed to make certain information
public.
Some encryption devices are classed as 'secret', but there is no way to find out about
that, as the list of classified equipment itself is classified.
Fortunately, due to our exhibitions and lectures, we were lucky enough to meet the right
people who were kind enough to help us solve that problem.
After 15 years, each crypto system has become obsolete. In practice however,
the live span of an encryption device is often much shorter than that.
According to Moore's Law, the available processing power nearly doubles every
two years. As a result, one continuously has to evaluate the current cryptographic
systems that are in use. As all systems are digital nowadays, it is fairly easy to
increase complexity when there is sufficient processing power. This is directly related
to the number of bits that is often quoted, e.g.: 56-bit DES, 64-bit DES or 128-bit AES.
If we apply Moore's Law to the above, it means that we only have to add a single
bit every two years. Each bit doubles the number of posibilities.
Each bit represents a gained time of two years.
|
Back in the 19th century, Auguste Kerckhoffs stated that any cipher system
should be secure even if everything about the system, except the key,
is public knowledge. This statement, known as
Kerchoffs' Principle,
rejects inferior systems that provide security by obscurity.
Military organisations around the world are often frantic about collectors
trying to obtain military encryption devices. As if state-secrets are about
to be revealed. This is partly caused by the hierarchical structure of
the Army and partly because of lack of knowledge about the underlying
principles by the end-user.
All encryption devices used by the Army however, must comply with Kerckhoffs'
Principle, as they are likely to fall into enemy hands during a conflict.
For this reason, military cipher machines always have a so-called ZERIOZE-button,
allowing the operator to purge all keys whenever security is compromised.
Preventing serious collectors from possesing military cipher machines therefore
makes no sense at all, as long as they are not given the cryptographic keys that were
used to encipher original messages.
|
What is the best way to obtain encryption devices? Most of the items shown on this
website have been found in surplus stores or have been swapped with other collectors.
Ebay is also a good source for affordable items, but crypto-stuff is often difficult
to recognise.
Security agencies and defense organisations are often not amused when cipher machines
appear on the surplus market. In many cases the items should have been destroyed but
have accidently escaped demolition. Their official policy is often that they don't want
to inform any 'enemies' about their current state-of-technology; something that no
longer makes sense in this rapidly changing digital world.
The fact that cipher machines sometimes accidently appear on the surplus market is,
of course, not our fault. But we don't want to step on any toes either.
Luckily, we are blessed with a good 'common sense'.
We observe, combine, recombine, think and re-think before we act.
But in the end, we have to save the items from demolition.
Losing history is not an option.
Many of our fellow collectors, share the same experience. They too are doing their
very best to ensure that history is preserved and shared with the public.
Technically interested people, students and even new cryptologists can learn quite
a lot from studying historical cipher machines. Old cipher machines are easily explained,
but the security issues surrounding key management haven't really changed that much.
Over the years we have built up quite a good reputation with the various agencies and
with our Department of Defense. They realize that ignorance is a bigger enemy than
the need to destroy machines. Machines that are no longer in use and that were often rendered obsolete many years ago. Of course, we do know our boundaries.
We never publish any information on our website before carefully considering any security
issues as we don't want to endanger any person, organisation or mission.
We only publish information if we know that the equipment is obsolete or was never classified.
Because of our backgrounds in mechanics and electronics,
we are capable of repairing and preserving most of the items in our collection.
Over the years, we have assembled a long list of experts and specialists that
we can always rely on. And that includes the authorities.
It is our goal that eventually we will be able to show and demonstrate
as many (working) objects as possible.
|
Another reason for providing information on the Crypto Museum website
is to warn against indifference and naivity.
Not many people have heard about cryptography,
and very few realise the danger of putting personal information on public websites.
Just look around you: people share their entire live on sites such as Hives and
Linked-in. Google is spying on our wireless networks and links all possible kinds of
information together. Very convenient if you want to check someone's credentials, but
also very helpful to criminals wanting to steal your identity.
Can you blame them for it?
After all, you published it on the world-wide web yourself.
We are becoming increasingly dependant on modern digital networks,
but how safe are these systems? If you only knew how often people
forget to change the network computer's default ADMIN password...
And this is just one example.
How many people use their birth date or their postcode as the
secret number for their credit card?
Consider this: the city of Eindhoven (where we live) has 250,000 inhibitants.
The PIN-code (secret number) of a bank card only has 4 digits.
Have you ever realised how many people in your city share the same PIN code?
If you are serious about protecting your secrets, safety is paramount.
|
Luckily, the Cold War is now over. But does that mean that there are no more enemies? Of course not.
Our biggest 'enemies' might even be our closest (international)
business relations. The European national security agencies are currently warning us for
industrial espionage. It seems to be our biggest threat.
Perhaps this is best illustrated by a couple of examples:
|
- Remote access
Some large companies are currently outsourcing the software maintenance of their PCs.
All PCs in the corporate network are managed remotely from a far away country.
Do you think this is wise? Perhaps not.
They are given access to the complete administration of the
company, its strategic partners and, even worse, the intellectial property (IP).
- Internet Switch
A big international company has developed a new Internet Security Switch.
They have decided to move the production of the new switch to a low-wage country.
Apart from the list of materials, they also give them the design files and the software, so that the production company can provide 'better' service. Do you think this is smart?
- Information gathering
A civil service needs to collect information about its nationals. They have contracted
an external party to do this on their behalf.
This external party is located in a
far-away country. Nobody in the civil service knows exactly how it works, but everyone
is satisfied because it seems to work well. Do you think this is smart?
|
Companies have intellectual property and company secrets to protect.
Individuals need to protect their privacy and the secret number of their
credit card. At the end of the day, we all have things to hide.
People often say: "If you don't have anything to hide, you don't have to worry". However,
giving up freedom completely, is the worst way of protecting it.
|
Modern cryptographic equipment consists of nothing more than a 'black box'
with powerful digital processors and advanced mathematical algorithms.
There is not much to see, and there are definitely no moving parts.
We realize that this is probably where our collection
of historical cipher equipment will end.
However, there are numerous earlier cipher
machines and much of this is still undiscovered.
'New' old machines will, no doubt, pup-up and many side-tracks will be walked.
Furthermore, the history of some famous cipher machines is still very clouded,
leaving much to be researched and much to be discovered in the years to come.
On the Crypto Museum website, we have done our best to raise an interest in
historical cipher machines and cryptology in general.
Where possible, we will give as much background information as we can.
Perhaps you too will eventually get contaminated with the Crypto Virus.
If it happens, be careful as it might get under your skin.
August 2010,
Paul Reuvers & Marc Simons
|
To the best of our knowledge, this site only contains information that is
either available in the public domain
or that is unclassified
or that has been officially declassified.
Whenever possible, the source of the information will be credited in
the References section at the bottom of each page.
In some cases the classification status of an object is not entirely
clear because there is no list of classified objects available in the
public domain.
In these cases we will simply try to follow the rules of common sense.
If you come across any information that you think is still classified,
please contact us.
Please note that we are neither cryptologists nor mathematicians.
We don't want to develop new cryptographical methods.
And we are no cryptanalists either.
We are not involved or interested in breaking any codes.
Also note that some of the objects shown on this website are still restricted
items. We are not in the position to release classified information about such
items.
|
- Algemene Inlichtingen en Veiligheidsdienst (AIVD), Spionage- en Veiligheidsrisico's
Espionage and safety risks (Dutch).
The Netherlands, July 2005, 2nd issue.
- Algemene Inlichtingen en Veiligheidsdienst (AIVD), Spionage in Nederland.
Espionage in The Netherlands. What is the risk? (Dutch)
The Netherlands, 4 February 2010.
- Algemene Inlichtingen en Veiligheidsdienst (AIVD),
Spionage bij reizen naar het buitenland.
Espionage when travelling abroad. What is the risk? (Dutch)
The Netherlands, 4 February 2010.
- Algemene Inlichtingen en Veiligheidsdienst (AIVD), Digitale spionage.
Digital espionage. What is the risk? (Dutch)
The Netherlands, 4 February 2010.
- Algemene Inlichtingen en Veiligheidsdienst (AIVD), Kwetsbaarheidsanalyse Spionage
Espionage risks and national safety (Dutch)
The Netherlands, 1 April 2010.
- British National Security Service MI5
The threat of espionage did not end with the collapse of Soviet communism...
UK, January 2010.
- Bundesamt für Verfassungsschutz (BfV), Spionage gegen Deutschland
Espionage against Germany (German).
Germany, November 2008.
|
|
|
|
Any links shown in red are currently unavailable.
If you like this website, why not make a donation?
© Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Sunday, 30 December 2012 - 11:12 CET
|
 |
|
|
