Click for homepage
Data
Telex
USA
NSA
NATO
  
KL-7 →
  
KW-7   Orestes
Electronic cipher machine

KW-7 was a highly secure on-line cipher machine, developed by the US National Security Agency (NSA) around 1960, and built by Honeywell in Tampa (Florida, USA). The device was used for low-level tactical offline teleprinter traffic and was the main cipher machine of the US Navy until the 1990s. It is officially known as TSEC/KW-7 and also as ORESTES and NSN 5810-12-149-8282. It was also used aboard aircraft, and by the Foreign Office (FO) of several European countries.

The KW-7 was housed in a rather heavy cubical metal enclosure, with all connections at the rear, and all controls at the front. The cryptographic key has to be set by wiring a plugboard that is located behind the bulged door at the front.

In the early 1960s, the machine was one of the first fully-electronic cipher machines that were used by NATO. Although it was cryptographically more secure than the earlier wheel-based KL-7, the latter remained in service with many army units and with NATO. Despite its better security, the KW-7 was compromised for many years.
  

The machine was part of a new generation of machines, consisting of the KW-26, that was used for high-speed point-to-point traffic at the higher echelons, the KW-37 for broadcast traffic, and the KW-7 for multi-holder tactical operations. Within the navy, the machine was used for ship-to-shore, shore-to-ship and ship-to-ship traffic. It was also used by other NATO countries and by Australia and New-Zealand, for military and governmental teleprinter communications [8].

Aboard US Navy ships, the KW-7 was generally connected to a Teletype Model 28 teleprinter, or to a tape reader (T-D) to send a pre-recorded message. When using a KW-7 over radio, the KW-7 was usually connected to a UHF radio transmitting in AM. The KW-7 was also used aboard aircraft such as the EC/RC-135, in which case the red and yellow push-buttons at the front panel were sometimes modified to prevent them from being pressed accidently. The KW-7 does not provide traffic flow security (TFS), meaning that it didn't send data when there was no message.

The KW-7 was introduced in the early 1960s at a unit price of US$ 4500. Over the next 20 years, an estimated 38,000 units were built [12]. During its operational life, the machine was modified and upgraded several times. The machine was in service until the early 1990s, with some units still being in service as late as 1992 [16]. They were largely replaced by the smaller KG-84, which in turn was replaced in the mid-1990s by the much smaller and backwards compatible KIV-7.

KW-7 cipher machine
KW-7 cipher machine
KW-7 with open door
KW7 with open door
Rear view
Rear view with top panel removed
Honeywell Tampa
Inside the spares kit
A
×
A
1 / 8
KW-7 cipher machine
A
2 / 8
KW-7 cipher machine
A
3 / 8
KW-7 with open door
A
4 / 8
KW7 with open door
A
5 / 8
Rear view
A
6 / 8
Rear view with top panel removed
A
7 / 8
Honeywell Tampa
A
8 / 8
Inside the spares kit

Controls
All controls of the KW-7 are at the lower edge of the front of the machine, below the large metal door. At the left is the MODE selector that has to be pushed-in before its setting can be changed. Next is a red indicator that is lit when the machine is in PLAINTEXT mode. Towards the centre is the POWER switch that is used to select between AC (mains) and DC (24V battery) operation. When the machine is ON, a green indicator will be lit. The large selector at the right is for testing.


In some situations, the KW-7 was not installed close to the teleprinter unit, but in a separate CRYPTO room, sometimes mounted in a 19" rack. In that case, an external remote control unit (RCU) could be connected at the rear of the machine, to allow it to be controlled from the position of the teleprinter. When the RCU is connected, the MODE selector should be set to REMOTE.

The KW-7 was suitable for half-duplex traffic only. Before sending a message, the operator had to press the SEND button and keep it depressed for a few seconds, until the machine at the other end was synchronised. During this time the P&I lamp at the front panel was lit. Once the unit was 'in sync', the SEND button was released and the machine was ready to send a teleprinter message.

When the operator at the other end wanted to answer the message, he too had to press the SEND button in order to send a random stream of synchronisation characters, before sending the actual message. A 'glitch' on the line or interference on the radio channel could cause the machines to lose synchronisation. The KW-7 does not provide Traffic Flow Security (TFS), which means that no characters are sent between messages. This means that an eavesdropper can detect the start and end of a message and derive traffic analysis from that. Some operators reportedly solved this by putting a rubber band over the SEND button, to keep it depressed when the machine was in rest.

At the Air Force, the front panel of the machine was modified shortly after its introduction in airborne command post aircraft. As the machines were mounted close to the floor, the SEND and BREAK buttons were sometimes accidently 'pressed' by the boots of the person sitting at the desk. To avoid this, a 'collar' was mounted around the buttons. As the aircraft personnel had a hard time keeping the KW-7 in sync whilst airborne, some of them jammed the cap of a BIC ballpoint between the SEND button and its collar, to keep it resyncing when not in use [16].


Versions
The following versions of the KW-7 are known:

  1. Wire-cord version
    The original version of the KW-7 had a plugboard behind the door at the front. Each day, the key had to be set by patching the plugboard according to the daily keylist. This was a tedious job, as the machine had to be taken out-of-service for several minutes whilst a new key was being 'programmed', and even longer if the operator had made a mistake. This version had a 'flat' front door.

  2. Plug-block version
    At some point the KW-7 was modified with a removable plug-block at the front. The plug-block assembly was constructed in such a manner, that it could be slotted into the existing patch sockets, e.g. as a field-upgrade. The advantage of a removable plug-block is that several blocks can be prepared (i.e. wired) well in advance of changing the key. This version can be recognized by a front door which has a small square bulge at the center. The machine featured on this page is of that type. NSN 5810-12-149-8282.

  3. Card-reader version
    Between 1977 and 1979, the machine was improved by adding a card reader, which replaced the plug-block mentioned above. This version has a front door with a wide rectangular bulge. The advantage of using punched cards is that it avoids mistakes when wiring the plug-blocks. This version is also known as NSN 5810-00-998-5760. Note that the card-reader version is not compatible with the other two versions.



Plug-block version   KWK-7
The diagram above shows the various features of the plug-block variant of the KW-7. It has a protective door at the front that is locked with a physical key. It is bulged to accomodate the plug-block, and is sealed with a metal gasket for TEMPEST reasons. The door should be locked.

At the centre is the plug-block which is used for setting the cryptographic key. It consists of 30 patch cables, each with two wires and a two-pin plug at either end. One end of each patch cable is hidden behind a metal panel at the lower half, lined up in sequential order (1-30) as engraved.

The other end of each patch cable is wired to the top half, spread over three rows. The plugs are numbered 1-30, and the sockets 1-31. Note that socket 31 should be left empty. Three metal rods are shifted down in order to keep the plugs in place. The plug-block is now ready for use.
  

The plug-block is then installed into the large socket at the center of the front panel, and is kept in place by a metal bracket with a lock. The daily key is now loaded and the TEMPEST door can be closed again. The machine is now ready for use. Whilst the machine is in use, a second (spare) plug-block can be wired up for the next day's key, so it can be swapped in just a few seconds. Note that the patch cables are wired straight through (i.e. 1-to-1 and not cross-connected like on the Enigma-I). This version of the machine is compatible with the earlier wire-cord version.

When the machine was installed nearby the teleprinter, the black control panel at the lower edge of the front was used to control its operation. In some cases, when the machine was installed in another room or in a 19" rack, the external KWX-7 Remote Control Unit (RCU) was used.

KW7 with open door
KW-7 front view with door closed
KW-7 front view with door open
Rear panel
Close-up of the installed plug-block
Physical lock
Straightening tool
Plug-block removed from the machine
The plug-block at the front of the machine
Locked plug-block
Unlocking the plug-block
Releasing the bracket
Removing the plug-block
Plug-block removed from the KW-7
Rear view of the plug-block
Another view of the backside of the plug-block
Rear view of the plug-block
Empty plug-block socket at the front of the machine
Plug-block receptacle
Unlocking the plugs
Plug 22 removed from the plug-block
One plug removed from the plug-block
Engraved numbers on the plug-block
Spare patch cord
B
×
B
1 / 24
KW7 with open door
B
2 / 24
KW-7 front view with door closed
B
3 / 24
KW-7 front view with door open
B
4 / 24
Rear panel
B
5 / 24
Close-up of the installed plug-block
B
6 / 24
Physical lock
B
7 / 24
Straightening tool
B
8 / 24
Plug-block removed from the machine
B
9 / 24
The plug-block at the front of the machine
B
10 / 24
Locked plug-block
B
11 / 24
Unlocking the plug-block
B
12 / 24
Releasing the bracket
B
13 / 24
Removing the plug-block
B
14 / 24
Plug-block removed from the KW-7
B
15 / 24
Rear view of the plug-block
B
16 / 24
Another view of the backside of the plug-block
B
17 / 24
Rear view of the plug-block
B
18 / 24
Empty plug-block socket at the front of the machine
B
19 / 24
Plug-block receptacle
B
20 / 24
Unlocking the plugs
B
21 / 24
Plug 22 removed from the plug-block
B
22 / 24
One plug removed from the plug-block
B
23 / 24
Engraved numbers on the plug-block
B
24 / 24
Spare patch cord

Wire-cord version
This was the initial version of the KW-7, which can be recognised by a flat (i.e. non-bulged) front door. In principle, the later plug-block and card-reader versions are identical, but are extended with the extra facilities that are plugged straight into the existing sockets. If you look closely at the plug-block version above, you will see that the plug-block assembly is actually a separate metal panel that is bolted onto the front of the machine, mounted over the existing plug sockets.

The plug-block assembly can easily be removed by taking out five bolts along the edges. The assembly can now be tilted forward as shown in the image, exposing the original plug sockets.

The are four groups of sockets: two at the upper half and two at the lower half. The upper two sections are marked 1-31, whilst the lower two sections are marked 1-30. Short patch cables were then connected between the lower sockets (1-30) and the upper sockets (1-30) as per key list. Each patch cable had two wires and was terminated with a coaxial plug at either end.
  

Once all 30 patch cables had been installed according to the daily key, the machine was ready for use and the front door had to be closed again, which could be quite cumbersome with all the patch cables being strangled, which is why setting the key was also known as basket weaving.

Note that socket 31, at the upper half, remained unsused. The machine was compatible with the later plug-block version. According to some former users, there might have been two variants: one with plugs at either end of each patch cable, and one where the patch cables were fitted permanently at the lower half [11]. It is believed that most wire-cord machines were eventually converted to plug-block versions, by mounting the plug-board assembly and fitting a new door.

Removing the plug-block assembly
Plug-block partly removed
Plug-block partly removed
One of the plugs removed
Close-up of a plug
Close-up of a socket
C
×
C
1 / 6
Removing the plug-block assembly
C
2 / 6
Plug-block partly removed
C
3 / 6
Plug-block partly removed
C
4 / 6
One of the plugs removed
C
5 / 6
Close-up of a plug
C
6 / 6
Close-up of a socket

Card-reader version   KWX-10
Although the plug-block had great advantages over the original plug board, and allowed quick swapping of the keys at midnight, it was still prone to mistakes. According to some users, wiring errors frequently caused the key to be wrong, causing long delays before getting it going again.

For this reason, a third variant was introduced, that had a card-reader at the front instead of the plug-block. A date-coded card was installed into the card-reader and the machine was ready to go. As the cards were supplied readily punched, this ruled out any operator mistakes.

The reader was known as the KWX-10 extension and the complete machine was identified as the KW-7/TSEC with TSEC/KWX-10. Like with the plug-block version, existing machines could be converted by swapping the assembly and replacing the door by one with a larger bulge. 1
  

The holes in the card reader were read by means of a soft silicone pad infused with ferrite [20]. The exact operation of the card reader is currently unknown, but according to some reports the card reader allowed more permutations than the plug-block, making it potentially more secure, but incompatible with the earlier versions of the machine [11]. Can someone confirm this?

  1. Although the card-reader had many advantages over the plug-block, not all machines were converted. Within NATO, many customers kept using the plug-block version.

CORRECTION, 28 July 2022 — In an earlier version of this page, it was stated that the card was cut in half as soon as the door was closed, so that it could not be resused. This was based on the recollections of a former user. Another user has meanwhile pointed out that this is not correct, and that he was probably confusing the KW-7 with the KW-26 (used at the same time) of which the card was cut in half when the door was closed [20].
KW-7 in use
Although generally speaking only a couple of KW-7 machines would be installed on a single ship, the naval communications centers that were responsible for the ship-to-shore traffic, had large rooms full of them, all linked to teleprinters, punchers and readers elsewhere in the building.

As an example, the image on the right shows the CRYPTO room of NAVCOMMSTA in Stockton (CA, USA). In the image we see at least fourty KW-7 machines of the plug-block variant, mounted in an array of 19" racks, each holding four of them.

NAVCOMMSTA Stockton was part of the Naval Computer and Telecommunications System (NCTS) and was responsible for maintaining communications for command, operational control, and support of administrative functions within the Department of the Navy (DoN). It was an active 3rd Echelon shore command unit [15].
  

When examining the above photograph more closely, it becomes evident that there is another array of KW-7 machines at the right hand side of the room as well. This means that the room probably accomodated 80 such machines, or even more. Try to imagine how much power they must have used and how much heat was produced by them. It required special air conditioning.

In the above image a vertical 2U-space is clearly visible between each of the four machines in a single rack, to provide sufficient ventilation.

The image on the right shows the rear side of the above array of KW-7 units. In this case, each machine is fitted inside a KWX-11 rackmount slide frame, that allows it to be pulled forward without breaking any of the existing connections at the rear. The machine is wired to the slide-out frame by means of flexible cables, whilst the KWX-11 frame is permanently wired to the facility's red/black signal distribution frames.
  

The use of slide-out assemblies greatly improved the serviceability of the machines, as they could be pulled forward, opened and repaired without physically removing them from the rack.

An alternative to the KWX-11 rackmount slide-frame, was the KWF-1 which had a similar function. The image on the right shows a KW-7 mounted inside a KWF-1 frame at the top of the leftmost 19" rack. Click it for a better view.   

User recollections
Ken Pflanz [18]
When I was stationed at Kagnew station in 1968 and 1969, the card reader version was already in use. Part of my job was to keep a good supply of cards on hand as we had a number of them. To setup a connection, corresponding cards (i.e. identical cards) had to be put in at both ends. When the door was closed, it automatically cut the card in half, 1 so that it could not be reused. If sync was lost, the next card in the series had to be used at both ends, so we wound up going through quite a few cards. I also remember a case of a guy who sent a machine back to the states with the card still in it. This was an ASA facility, and we were also using the card version in Korea in 1970.

  1. He is probably confusing the KW-7 with the KW-26. Only the KW-26 had a card cutter.

Michael Teagarden [20]
I was in the Air Force and was trained as a 306x0 Cryptographic and Electronic Technician in 1985. The KW-7 card reader used a soft silicone pad infused with ferrite to read the holes in the card, but the cards were not cut. The only machine to use a card cutter was the KW-26, a much older and tube driven teletype encryption machine. I was stationed at Clark AB in the Philippines, where we had many KW-7's and KW-26's that we maintained.


Part numbers
Part Description NSN
TSEC/KW-7 Main KW-7 cipher machine ?
KWK-7/TSEC Plug-block ?
KWX-7/TSEC Remote control unit ?
KWX-8/TSEC Remote Phasing Unit ?
KWX-10/TSEC Card reader NSN 5810-00-998-5760
KWX-11/TSEC Rackmount slide frame ?
KWF-1 Slide mount ?
KWL-4A Loop adapter ?
KWQ-8 KW-7 spare parts for KW-7 ?
ONO 8757 Stop switch ?
Cryptographic algorithm
This section discusses the operating principle of the KW-7 and in particular the key generator that drives its cryptographic algorithm. Although the algorithm was initially classified, most of it can be reconstructed from the description in the Repair and Maintenance Instructions Volume I that was declassified in 2009 and published in 2021 [C].

Cryptographic keys
The KW-7 uses two cryptographic KEYs:

  • Basic Key
    This is the Basic Key that is set with the 30-patch cables behind the front door of the machine, or with the punched card in case a card reader is present. As it was usually changed only once a day, the Basic Key is also known as the Daily Key.

  • Message Key
    This is a unique key for each message, that was randomly generated. It is used to prevent multiple messages being sent on the same Basic Key only, which would allow an eaves­dropper to break the cipher more easily. There are indications that the Message Key is generated by means of a noisy diode, which means that it is truely random.
Message Key
Some hints can be found in David Boak's internal NSA lectures of 1966, that were declassified by NSA in 2015 [12 p.50]. According to Boak, the KW-7 uses the same Fibonacci principle as the KW-26, but that an extra random stream, created by a noisy diode, was added to the key at the start of each message, thereby generating a unique and truely random message key.


It is currently unknown how the other side was informed of the message key, but this may have been done as part of the preamble that was sent at the beginning of each message. It is also possible however, that the system was self-synchronising (autoclave), which would explain why some users have reported that they had to send a synchronisation stream of arbitrary length. In the latter case a random stream of characters of a certain minimum length would be sent until the LFSRs at both sides were in the same state (i.e. synchronised). Something like this:


In any case, the KW-7 did not have traffic flow security (TFS), which means that it didn't send any data when there was no message to be sent. Before sending out the next message, the user first had to send out a synchronisation sequence, by pressing the SEND button 'for some time'.

Some former users have indicated the use of a rubber band [11], or a BIC ballpoint cap [16], to keep the SEND button depressed between two messages. This kept the machines in-sync and also obscured the beginning and the end of the actual message from a potential eavesdropper. Again, this might indicate that the machine was a self-synchronising autoclave. Although not intended, this is a way of adding traffic flow security (TFS) to the system.

Stream cipher
It is known that the KW-7 is a stream cipher and that it has to be synchronised at the start of each message by means of a preamble. Although its cryptographic algorithm has not been published as such, there are a few hints that can be found in declassified NSA material, such as the damage assessment after the Pueblo incident [8], where it is described on page 12 as:

...the tetrahedral key combining logic and Fibonacci shift register stages...
This indicates that the machine uses a Pseudo Random Number Generator (PRNG) to generate the key stream, and that this PRNG consists of at least one Fibonacci Linear Shift Register (LFSR) [13], of which the behaviour can be controlled by key combining logic. It is likely that some element of non-linearity was used, as this would make the system more resistant to cryptanalytic attacks. In this type of encryption system, the initial state of the LFSRs is generally derived from the KEY.

Key generator
Detailed information about the operation of the KW-7 and in particular its key generator, can be found in the Repair and Maintenance Instructions Volume I that was declassified in 2009 and published in 2021 [C]. On page 163 of this manual is a barely readable block diagram of the Key Generator, but based on the verbal description of the circuits (page 155-165), John Savard was able to reconstruct the circuit diagram with reasonable certainty [19]. The result is shown here:

Provisional circuit diagram of the Key Generator, based on the work of John Savard [19]

At the top is the primary key generator which consists of an LFSR of length 39, with an additional tap at position 35. The outputs of the first 31 stages are available on the patch panel. Also on the patch panel are the 6 inputs of the 5 combining logic circuits (i.e. 30). The patch panel is used to connect the 30 inputs of the combining logic circuits to the 31 outputs of the LFSR in a scrambled order (leaving one socket unpopulated), as per cipher instructions. This is the basic key.

Combining Logic
In the above diagram, the red blocks represent the five combining logic sub-circuits, which are in fact 6-to-1 functions. Each combining logic takes 6 lines from the patch panel and combines them into a single line, of which the state depends on the states of the 6 individual inputs. There are two types, denoted A and B, differing only in the placing of the inverters of the AND inputs:

Combining Logic type A (left) and B (right)

In the above diagrams, six of the inputs of the triple-input AND-gates are inverted. This is represented here by white circles. In reality, these inputs are connected directly to the Q outputs of the corresponding JK flip-flops inside the LFSR. This is possible because each patch cable on the plug­board contains two wires: one for the Q and one for the Q output of the LFSR-stage.

Note that the 4-input OR-gates (shown in blue) are not actually present. In reality, the four outputs of the 3-input NAND gates are interconnected to form a wired-OR. Move the mouse over the image to see how. In the circuit digrams, this wired-OR occurs in many places [D].

Auto Key circuit
At the bottom right of the Key Generator circuit is the Auto Key circuit. It consists of a 5-stage LFSR and a Combining Logic that is very similar (but not identical) to Combining Logic circuits of the main LFSR (type A/B). The Auto Key LFSR steps under control of the A Key Drive signal, and is only effective on the 5 data bits of each character. This part forms a self-synchronising autoclave with ciphertext feedback (CFB).

XOR gates
Also at the bottom right of the Key Generator is the Mixer, which adds the current key stream bit to one bit of the plaintext by means of a modulo-2 addition, also known as exclusive-OR, or XOR. This results in one bit of cipher­text. Several XOR circuits are used to combine the signals.

XOR gate (left) and NOT-XOR gate (right)

Note that the XOR and NXOR gates — there are quite a few — are constructed from NOR-gates in varying arrangements, as a result of which they may be difficult to recognise in the original circuit diagrams [D]. The different arangements are explained in Volume I of the Repair and Maintenance Instructions [C p. 221]. Note that NOR-gates are also used as inverters (inputs interconnected), and that the outputs of some NOR-gates are interconnected to form a wired-OR as shown here:

Two possible arrangements of the NOT-XOR circuits


Clock signals
The device was designed for handling serial data in the 5-bit ITA-2 (CCITT-2) telegraphy standard (TTY). This means that each character is handled one bit at a time, including the start and stop bits. The folowing clock pulses play a major role in this circuit:

  • KG DRIVE
    Generated for all bits of a character, including the start and stop bits.

  • A KEY DRIVE
    Generated only for the 5 data bits of a character.

  • F DRIVE
    This clock signal is derived from the KG DRIVE in combination with the outputs of the last two Combining Logic circuits (the S and T signals). It is used to clock the 39-stage LFSR.

 John Savard's original circuit diagram (off-site)

The above circuit diagrams are based on information provided by John Savard [19], and was derived from a description of the key generator on pages 155 to 165 of the Repair and Maintenance Instructions Volume I [C]. It is subject to changes, as it is a work in progress.  Visit John Savard's original page (off-site)



Compromise
During its lifetime, KW-7 was compromised several times. Based on publicly available research [1], it seems most probable that the Russians were able to break and read messages encrypted with a number of high-level US cipher machines, including the KL-7, the KL-47 and the KW-7.

The Walker Spy Ring
The most famous spying case is that of John Anthony Walker, born 1937, who worked for the US Navy and successfully spied for the Russians for nearly 17 years [2]. Walker joined the US Navy in 1955 and started spying for the Soviets in December 1967, when he had financial difficulties [3].

From that moment, until his retirement from the navy in 1983, he supplied the Russians with the key lists and other critical cipher material of the KL-47, the KW-7 and other encryption systems.

For his information he received several thousand dollars from the Soviets each month. In 1969 he began searching for assistance and befriended Jerry Whitworth, a student who would become a Senior Petty Officer in the US Navy. In 1973, he was able to enlist Whitworth in his spy-ring.

In 1976, Walker left the Navy to become a Private Investigator (PI) but kept spying for the Russians. By 1984, he had enlisted his son Michael and his older brother Arthur, who kept the endless flow of classified documents going for another year.

He also tried to recruit his youngest daughter who had started to work for the US Army, but this attempt failed when she became pregnant and abandoned her military career. By that time, his wife Barbara had already left him after a history of physical abuse and alcohol [3]. The two were divorced and he had to pay alimony.
  
Photograph showing John Anthony Walker during his trial. Taken from www.sodahead.com

When he refused to pay alimony in 1985, she tipped-off the FBI, which eventually led to Walker's arrest. After his arrest, Walker cooperated with the authorities and made a plea bargain in order to lower the sentence of his son Michael. Suffering from Diabetes and throat cancer, Walker died in prison on 28 August 2014. His son Michael was released on parole in February 2000.

According to Walker's KGB handler Boris Solomatin, John Walker and Jerry Whitworth provided the KGB with the technical drawings that allowed them to construct a working replica of the KW-7 and other machines. Walker admitted to the FBI that they had done this [10]. There are also indications that Walker's spying activities induced the capture of the USS Pueblo (see below) [1].

USS Pueblo
Among the documents that John Walker supplied to the Russians on his first contact in December 1967, were detailed descriptions of the KW-7, along with active key lists. According to former KGB general Oleg Kalugin, the Russians wanted to get access to the actual machine and asked the North Koreans to capture the USS Pueblo; an American intelligence gathering ship or spy ship [7].

At that time, the USS Pueblo was operating in the waters off the North Korean coast, 1 disguised as an environmental research vessel. The boat was captured by North Korean forces on 23 January 1968 along with its 83 crew members, one of whom, Duane Hodges, was killed in the attack.

Aboard the spy ship was a wealth of operational cipher machines and active crypto key material, some of which was destroyed by the crew before they were boarded by the North Koreans. Of the two KW-7 machines in the CRYPTO room, one was believed to be destroyed beyond repair.
  

From the other machine, the circuit boards had been removed and were smashed against the far wall, but the crew doubted that this had damaged them. As the ship was already being boarded by the North Koreans at that time, there was no time to fully carry out the destruction orders.

In a damage assessment that was carried out in February 1969 [8], the US Navy assumed that the North Koreans had been able to get the second KW-7 working again, and that they had shared their knowledge with the USSR (i.e. the Russians). This was thought not to be a COMSEC problem, as the KW-7 was designed as a tactical forward cipher machine that could fall into enemy hands. Although it would give the enemy a good insight of the cryptographic abilities of the Americans, it could not be used to break any messages as long as they did not have access to the keys [8].

Unknown to the Americans at the time however, John Walker had been supplying KW-7 key lists to the Russians and kept doing so until his retirement from the Navy in 1983, after which the flow of classified material was kept going by his son Michael and his brother Arthur. With the capture of the actual machine and the continuing supply of key material, the Russians were able to read sensitive US traffic for many years. It is believed that the intelligence derived from this was shared with the North Koreans, which gave them advance warnings of any US B-52 bombing raids. 2

 More about the USS Pueblo

  1. According to the North Koreans, the Pueblo had entered Korean waters illegally several times, but the US maintains that the ship was in international waters at the time of the incident.
  2. This is contradicted by some sources that state that Walker only provided the Russians with keys that were at least two months old and were supposed to have been destroyed. Furthermore, intact KW-7 machines had been lost before in Vietnam, and had almost certainly landed with the Russians [9].

Tehran 1979
US Embassies all over the world used KW-7 and other cipher machines for secure communication with its Home Office. Cipher personnel were trained in the operation of the KW-7, but also in its demolition, should that ever be necessary. They were instructed not to let any working machines fall into enemy hands, and had to destroy all critical components in such an event.

Following the Iranian Revolution, after which Persia became an Islamic Republic on 1 April 1979 [4], a group of angry students supporting the revoluton, raided the US Embassy in Tehran (Iran) on 4 November 1979, taking 52 of the Embassy staff hostage for more than a year.


As the raid came rather unexpectedly, communications personnel had to rush in order to get all crypto gear destroyed in time. The image above shows part of the communications room in the embassy, with a KW-7 unit clearly visible at the front. It has been pulled out of the 19" rack, the top has been removed and the critical cipher boards have been taken out and destroyed.

At the right, on the floor, are the destructed key card readers of the KW-7. In the same way, all technical documentation and key lists had to be destroyed as well. In this case, no critical components fell into enemy hands and the KW-7 was not compromised. Eventually, after long negotiations, the hostages were released on 20 January 1981, after being held for 444 days [5].

US Embassy in Tehran (Iran) on 4 November 1979. Photograph via The Memory Hole [6].
US Embassy in Tehran (Iran) on 4 November 1979. Photograph via The Memory Hole [6].
Radio room in the US Embassy in Tehran (Iran) in 1979. Photograph via The Memory Hole [6].
Teleprinter room in the US Embassy in Tehran in 1979. Photograph via The Memory Hole [6].
US Embassy in Tehran (Iran) on 4 November 1979. Photograph via The Memory Hole [6].
D
×
D
1 / 5
US Embassy in Tehran (Iran) on 4 November 1979. Photograph via The Memory Hole [6].
D
2 / 5
US Embassy in Tehran (Iran) on 4 November 1979. Photograph via The Memory Hole [6].
D
3 / 5
Radio room in the US Embassy in Tehran (Iran) in 1979. Photograph via The Memory Hole [6].
D
4 / 5
Teleprinter room in the US Embassy in Tehran in 1979. Photograph via The Memory Hole [6].
D
5 / 5
US Embassy in Tehran (Iran) on 4 November 1979. Photograph via The Memory Hole [6].

Soviet breaking of KW-7
Although there is no direct proof that confirms that the Russians were able to break the KW-7 cipher, there is sufficient circumstantial evidence to suggest that they did. In her 2001 thesis, Major Laura Heath comes to this conclusion after weighting all publicly available evidence [1].

The Russians got interested in the KW-7 after receiving valuable documents from American spy John Walker in December 1967, and possibly some time before that, after receiving documents from his brother Arthur [1]. Although Walker provided the Russians with service manuals and key lists, he could not give them the actual machines. Eventually, they obtained a working KW-7 after the North Korean forces had captured the USS Pueblo, and were able to complete the puzzle.

In the beginning of his contacts with the Soviets in December 1967, the Russians were pushing Walker to deliver key material to them on a regular basis, which was probably every two or three months. But that changed in 1970, when his handlers began pushing him to hand off his material less frequently. This could indicate that, after two years of studying the documents and the captured KW-7 device(s) they were able to read (part of) the traffic without having the keys, or that they had meanwhile found another source for keys material.

Although the US probably modified the KW-7 after the Pueblo Incident, and possibly also after other incidents, Walker would have received any Modification Work Orders (MWO) and passed them on to the Soviets. This enabled the Russians to reverse engineer any new KW-7 variant that was release, and examine its design for possible – exploitable – flaws [1].


Accessories
Mains power cable
24V DC cable
24V
Vehicle battery adapter
Line connection
Teleprinter connection box
Remote control unit
RCU
Remote phasing unit
Spare parts box
Mains AC power cable
The KW-7 could be powered from any mains AC source with a voltage of 115 or 230V AC, 50/60Hz. A suitable cable for this was supplied with the machine and should be connected at the rear to the 4-pin socket marked AC POWER.

The image on the right shows an example of a suitable mains cable that is fitted with a mains wall plug for continental Europe. Note that the voltage selector at the rear panel has to be set to the correct voltage.
  

24V DC power cable
The machine could also be powered by a 24V DC source, such as the battery of a (military) vehicle, selectable by a switch at the front panel.

A suitable cable for this was supplied with the machine and should be connected at the rear to the 4-pin socket marked 24 VDC. The image on the right shows an example of such a cable, which ends in a rather uncommon vehicle plug.
  

Vehicle battery adapter
The KW-7 could also be powered directly from a car battery, by using the adapter shown here. It consists of two clamps that should be mounted to the (+) and (-) terminals of the battery, and a socket that accepts the 24V cable shown above.   

Line cable
As the KW-7 was intended for the encryption and decription of teleprinter signals, it was inserted between a regular teleprinter and the line to the teleprinter exchange (i.e. telex line).

The cable shown here was used to connect the machine to the external telex line. It is provided here with a 4-contact circular plug, known as a Walzenstecker or ADoS ZB 27.
  

Teleprinter box
This small breakout box was usually connected to one pair of LOOP IN and LOOP OUT sockets at the rear. It allows a teleprinter unit (telex) with a Walzenstecker or an 8-pin ADo 8 plug, to be connected directly to the KW-7.

The circular Walzenstecker was used in the early days of the telex, whilst the 8-pin ADo 8 plug became the defacto standard in Europe in later years. The box is suitable for both standards.
  

Remote Control Unit   KWX-7
Althoug the KW-7 can be controlled completely from its front panel, the machine was often mounted in a 19" rack, together with other equipment, or even in a different room. In order to control the machine from the terminal (tele­type), a separate remote control box was used.

The image on the right shows a KWX-7/TSEC remote control panel. It connects to the KW-7 by means of a thick 32-pin cable and has the same controls and connections 1 as the device itself. Note that this box can only be used when the MODE selector on the control panel of the KW-7 itself is set to REMOTE.
  

  1. All connections, with the exception of the power sockets, are available on the remote control unit.

Remote phasing unit   KWX-8
When connecting two KW-7 units, they had to be synchronized prior to transmission, using a so-called phasing signal, which could be enabled with the KWX-8 phasing unit shown on the right.

The device looks similar to the KWX-7 – with fewer controls – and was usually mounted above the teletype equipment, as shown in this image.

 KWX-8 operating procedure
 Technical drawings
  

KW-7 remote control panel
Rear side of control panel
Close-up of the connectors
KWX-8 unit from the collection of the NCM - Obtained via Nick England [17]
NAVCOMMSTA in Guam in 1969. The KWX-8 is operated by the man at the centre. [17]
E
×
E
1 / 5
KW-7 remote control panel
E
2 / 5
Rear side of control panel
E
3 / 5
Close-up of the connectors
E
4 / 5
KWX-8 unit from the collection of the NCM - Obtained via Nick England [17]
E
5 / 5
NAVCOMMSTA in Guam in 1969. The KWX-8 is operated by the man at the centre. [17]

Spare parts
In Europe, Each KW-7 machine was supplied with a small aluminium box with spare parts and supplies, such as spare lamps, fuses, lamp caps, dummy connectors, spare wires and tools.

Below is a complete list of the items that were present in the European version of the spare parts box. Note the five sheets of self-adhesives with the numbers 1 to 30 on them. They could be used to mark one of the unnumbered patch cables when it was used as a replacement for a broken one.
  

Spares kit
Spares kit contents
Inside the spares kit
Spare patch cord
Male and female terminator plugs
Tool
Pin-straightening tool
Straightening-tool detail
F
×
F
1 / 8
Spares kit
F
2 / 8
Spares kit contents
F
3 / 8
Inside the spares kit
F
4 / 8
Spare patch cord
F
5 / 8
Male and female terminator plugs
F
6 / 8
Tool
F
7 / 8
Pin-straightening tool
F
8 / 8
Straightening-tool detail

Qty Description Part No
1 Dummy, connector, plug (female) 0N008082
1 Dummy, connector, plug (male) 0N008083
2 Lamp type 345 0N008392
1 Lens, indicator light 'send' 0N008399-1
1 Lens, indicator light 'break' 0N008399-2
5 Markers (self-adhesive labels 1-30) 0N008736
5 Cable assembly (spare) 0N008739-31
1 Tine, expander 0N008811
1 Tool, maintenance 0N008820
20 Guide, contact 0N008842
20 Clip, retaining 0N008859
5 Fuse, 2A (30 mm) MS 90078-11-1
5 Fuse, 5A (30 mm) MS 90078-14-1
Interior
The KW-7 consists of two parts: a Power Supply Unit (PSU) at the rear right and the actual cipher machine which is housed in an L-shaped body. The interior can be accessed by removing the L-shaped top cover, after which 14 plug-in circuit boards and the clock unit become visible.


The diagram above shows the interior of the KW-7 as seen from the top after the top cover has been removed. At the rear right is the removable PSU that can be swapped for an alternative one, allowing the machine to be used virtually anywhere in the world. At the rear left is the connection panel, with a small grey unit (the temperature compensated 1 MHz clock) mounted in front of it.

The rest of the space is taken by the 14 plug-in cards that hold the crypto logic, the key stream generator and the combining logic. Some boards are marked with red labels marked with the text:

CONFIDENTIAL - XGDS-2 COMSEC

These boards contain the secret crypto logic and are the first ones to be removed and destroyed when security is compromised. Note that the two frontmost boards can only be extracted after all plugs are removed from the plugboard, which is also mandatory in case of a compromise.
  

All other boards have black labels. They hold the less secret logic. These boards should also be destroyed when the machine is compromised, but with a lower priority than the red ones. Each board has 16 horizontally aligned test points that are accessible from the top of the machine.

Each board holds a series of large integrated building blocks that can be regarded as the forerunners of the Integrated Circuit (IC). They are known as FLYBALL Modules, each of which contains a digital function, such as an AND, OR or XOR circuit, identified by a unique colour.

As an example, the image on the right shows the E-AJV board that is populated with yellow, blue, orange, green and red LEGO-style circuit blocks. The contents of the blocks is currently unknown and the ONO-numbers on their body show that they are uncommon custom-built OEM-parts.
  

Some of the boards hold other parts as well, such as a relay, a diode or a switch. The boards themselves are high-quality double-sided pre-tinned epoxy PCBs, each of which is slotted into a socket at the bottom of the machine and locked by two metal retaining brackets at the top.

In the late 1980s, the E-AJM board of the KW-7 machine shown here was replaced by a modern alternative that was manufactured in Germany in December 1987. Rather than the LEGO-style building blocks, it contains standard Motorola CMOS ICs like the MC14015 and the MC14025, which provide a nearly identical functionality.

Contrary to the earlier boards, the replacement PCB does not provide the 16 test points along the edge of the PCB (under the metal bracket). Furthermore, its label is black, but is marked COMSEC just like the boards with the red labels.
  

Apparently, the replacement boards were drop-in replacements for the existing boards that were no longer available, as production of the brightly coloured circuit blocks had meanswhile been discontinued. It is also possible that the new board was issued as part of a field upgrade as a result of a compromise. The replacement boards effectively gave the machine an extended life.

Of the 14 plug-in cards, 12 can be extracted easily, simply moving the metal levers at the top of each board sideways. The two cards at the front are a little bit more difficult to remove as they hold the plugboard sockets. They can only be extracted after all plugs have been removed.

For the original plugboard version that was a simple job, for the two other versions, which were far more common, this involved removing the plug-block or card-reader sub-assembly and its cabling. The image on the right shows the first two cards, A1 and A2, still in place.
  

In practice, these two board were often left behind in the machine after a security compromise, simply because it took to much time. Nevertheless, the boards are marked CONFIDENTIAL, as they contain the secret tetrahedral key combining logic and the Fibonacci shift register stages [8].

At the bottom of the machine is the backplane, its wiring and a removable teletype interface (TTY). The bottom can be accessed by removing all screws from the bottom panel and taking it away. This exposes the wiring of the front panel and the wiring of the remote panel connector.

At the center of the bottom section is the sub-assembly that holds the TTY interface. It is held in place by five recessed screws and connects to the wiring of the machine via a 25-way D-sub connector at its rear right. The image on the right shows the partly removed TTY interface.
  

The fact that the TTY interface is easily removable, make the machine more service friendly. Note the two cylindrical teleprinter relays at the left. They are the only mechanical parts in the machine and may have to be serviced or replaced at some point. This was done, either by replacing the entire TTY interface, or by opening the individual relays and cleaning its contacts. Once the TTY interface is removed, the bottom side of the backplane is exposed along with its wiring.

 More about the FLYBALL modules

Top of the machine after removing the top lid
Top view of the interior
Releasing a board
Removing one of the boards
E-AJV module (COMSEC)
E-AJO board (COMSEC)
Internal clock generator
KW-7 case seen from the rear, after removing 12 of the 14 cards
The backplate (board A15) at the bottom of the machine
Plugboard mounted directly to the A1 and A2 cards
Bottom view (panel removed)
TTY interface removed
Teleprinter relays
Transistors mounted directly to the frame
Backplane wiring
G
×
G
1 / 16
Top of the machine after removing the top lid
G
2 / 16
Top view of the interior
G
3 / 16
Releasing a board
G
4 / 16
Removing one of the boards
G
5 / 16
E-AJV module (COMSEC)
G
6 / 16
6 / 16
G
7 / 16
E-AJO board (COMSEC)
G
8 / 16
Internal clock generator
G
9 / 16
KW-7 case seen from the rear, after removing 12 of the 14 cards
G
10 / 16
The backplate (board A15) at the bottom of the machine
G
11 / 16
Plugboard mounted directly to the A1 and A2 cards
G
12 / 16
Bottom view (panel removed)
G
13 / 16
TTY interface removed
G
14 / 16
Teleprinter relays
G
15 / 16
Transistors mounted directly to the frame
G
16 / 16
Backplane wiring

Maintenance
According to former users, the KW-7 was a reliable machine with very few electronic problems, and an extremely robust power supply unit (PSU). The only 'problems' that were frequently faced were broken contacts and wires on the plug-block, generally caused by (mis)handling them.

The other problem was caused by the only two (electro)mechanical components in the machine: the TTY relays. These relays are responsible for switching the line current ON and OFF in order to send digital data as a stream of 1s and 0s.

The relays are part of the TTY interface at the bottom of the machine. Getting access to them was quite a bit of work, as it involved removing the bottom panel, removing the TTY interface and finally removing the two relays. The image on the right shows the two relays mounted in a bracket that is part of the TTY sub-assembly.
  

Although the relays were not easily accessible, and were not supposed to be dismantled, it would pay off to clean their contacts regularly in order to avoid data loss. At some point, a small device with a cathode ray tube (CRT) was introduced to test the relays. Whilst driving the relays with a multivibrator, the CRT was used to check the quality of the signal. Dirty contacts would appear on the screen as 'noise', indicating that the contact had to be cleaned. This was generally done with a piece of perforated tape, sprayed with contact cleaner, that was moved between the contacts.

On machines where the SEND button was permanently engaged by means of a rubber band or a BIC ballpoint cap, in order to keep it synchronised between data sessions, the problem of the relay contacts would appear more often, as these machines were continuously sending data.


Circuit boards
The KW-7 has 14 circuit boards or plug-in cards that are slotted from the top of the machine into a so-called backplane at the bottom. Each card is composed from a different arrangement of the FLYBALL modules shown above. Although the function of each board is currently unknown, there are unique markings on each of them, which we have listed in the table below. Any help with the identification of the cards and their function would be much appreciated. → contact us

The two cards that are closest to the front of the machine are the 1A1 and 1A2 boards. They are marked as confidential and should be removed in case of a compromised, but as the plugs of the plugboard are slotted directly into these cards they are difficult to remove. In the Pueblo Incident, these cards were left behind in the machine. According to the damage assessment, these boards contain the tetrahedral key combining logic and the Fibonacci shift register stages [8].

ID 1 PCB 2 Part No Cnf 3 Description
E-AJJ A2 0N007901 Plugboard, key combining logic, Fibonacci shift registers
E-AJK A1 0N007902 Plugboard, key combining logic, Fibonacci shift registers
E-AJL A4 0N007903 ?
E-AKM A3 0N007904 ?
E-AJN A6 0N007905 - ?
E-AJO A5 0N007906 Board with relay and diode
E-AJP A8 0N007907 - ?
E-AJQ A7 0N007908 - ?
E-AJR A10 0N007909 - ?
E-AJS A9 0N007910 - ?
E-AJT A12 0N007911 - ?
E-AJU A11 0N007912 - ?
E-AJV A14 0N007913 Board with 20/60 switch and 2 metal modules
E-AJW A13 0N007914 - ?
- A15 0N040927 - Backplane (bottom)
E-AJX - ? - PSU, 115/230V AC
E-AJY - ? - 1 MHz clock oscillator with oven
E-BAT - 0N142777 - TTY board (bottom)
  1. This is the ID number printed on the label, and aside the card slot.
  2. The is the number printed on the underside of the PCB.
  3. When ticked, this board is marked as CONFIDENTIAL.

Power supply unit
The KW-7 can be powered from a 24V DC source, such as the battery of a vehicle, or directly from the AC mains. In order to be able to use the machine anywhere in the world, the Power Supply Unit (PSU) is a separate block that is installed in a cut-out space at the rear right.

Initially, the KW-7 was supplied with a 110V/60Hz AC PSU that was suitable for use in the USA and other countries with 110V mains. When the machine was also used in Europe, as one of the main NATO cipher machines, it was usually supplied with an external step-down transformer, that converted 220V to 110V. The PSU was later replaced by a universal one that was suitable for both 115V and 230V. A switch at the rear panel of the KW-7 allows selection between the two.

KW-7 units used by the US Air Force, were supplied with a 115V/400 Hz AC PSU that could be connected directly of the 115V power network aboard airplanes. For repair and serviceing, the Air Force workshops used a motor-generator setup that provided the 115V at 400 Hz for work on the KW-7 on the benchtop, without the need for an additional power converter [21].

In operation, the machine could be powered either by the AC mains, or by a 24V DC source, or both. The POWER switch at the front panel is then used to select between the two sources, with a green indicator lamp being lit when the machine is operational. If only one power source is connected, this switch acts as the ON/OFF switch. According to most former users and service engineers, the PSU was of very good quality. Most of them never had to replace a faulty one [11].


Connections
All connections to KW-7 are at the rear side of the machine. At present, most of the connections are unknown, but we hope to be able to complete the diagrams below in due course. Any help would be much appreciated. If you have additional information, please contact us. The pin-out is given when looking into the sockets from the rear of the machine.

AC Power   J1
  1. 220V AC
  2. GND
  3. n.c.
  4. 220V AC
    4-pin AC socket (male)
24V DC Power   J2
  1. +24V
  2. n.c.
  3. 0V
  4. n.c.
    4-pin DC socket (male)
Loop in 1   J3
Information about this socket is conflicting. According to some documents [F], the current loop is at pins C and D rather than pins B and C, but these documents show a different layout of the rear panel of the KW-7.

  1. GND
  2. Current loop (a) - via 270 ohm
  3. Current loop (b)
  4. n.c.
  5. n.c.
  6. n.c.
    6-pin TTY loop-in socket (male)
Loop in 2   J4
In most installations, a loop wire is installed between B and C.

  1. GND
  2. Current loop (a) - via 270 ohm
  3. Current loop (b)
  4. n.c.
  5. n.c.
  6. n.c.
    6-pin TTY loop-in socket (male)
Loop out 1   J7
Information about this socket is conflicting. According to some documents [F], the current loop is at pins C and D rather than pins B and C, but these documents show a different layout of the rear panel of the KW-7.

  1. GND
  2. Current loop (a)
  3. Current loop (b)
  4. n.c.
  5. n.c.
  6. n.c.
    6-pin TTY loop-out socket (female)
Loop out 2   J8
In most installations, a loop wire is installed between B and C.

  1. GND
  2. Current loop (a)
  3. Current loop (b)
  4. n.c.
  5. n.c.
  6. n.c.
    6-pin TTY loop-out socket (female)
TD Step   J5
  1. GND
  2. Step
  3. Step
  4. Bridge to E
  5. Bridge to D
  6. -
    6-pin TS STEP socket (female)
PTS   J6
  1. ?
  2. ?
  3. ?
  4. ?
  5. ?
  6. ?
    6-pin PTS socket (male)
Rear panel sockets
Rear panel connections
Power sockets
Line sockets
Remote connector at the bottom of the rear side
H
×
H
1 / 5
Rear panel sockets
H
2 / 5
Rear panel connections
H
3 / 5
Power sockets
H
4 / 5
Line sockets
H
5 / 5
Remote connector at the bottom of the rear side

Wanted items
We are still looking for the following items:

  • 32-wire cable for connection between KW-7 and the remote control unit (KWX-7).
  • Any documentation for the KW-7, such as the manuals marked in red below.
  • Stories about using the KW-7.
Documentation
  1. TM 11-5810-221-12P - Operator's and Organizational Maintenance Manual
    Electronic Typewriter TSEC/KW-7-2 (NSN 5810-01-080-5613).
    Department of the Army, 23 September 1983.

  2. KAO-83D - Operating Instructions for KW-7
    WANTED

  3. KAM-143B/TSEC - Repair and Maintenance Instructions for TSEC/KW-7
    Volume I - Description, Installation & Theory of Operation.
    NSA, April 1963. 2

  4. KAM-144B/TSEC - Repair and Maintenance Instructions for TSEC/KW-7
    Volume II - Preventive Maintenance Troubleshooting and Circuit Diagrams.
    NSA, April 1963. 2

  5. KAM-145C/TSEC - Repair and Maintenance Instructions for TSEC/KW-7
    Volume III - Illustrated Parts List.
    NSA, February 1969. 2

  6. TSEC/KW-7 Installation requirements, cable diagram and connection details
    Technical Manual for Radio Communications and Teletype Equipment Installation by Forces Afloat. Navships 0967-306-1010. Section 6 - Security Equipment. Unclassified. 1

  7. TSEC/KW-7 Installation in a communications van
    Date unknown. 1

  8. KWX-8 Operation
    Retrieved July 2020.

  9. KWX-8 technical drawings
    Obtained July 2021 via [17].

  10. Equipment serviceability criteria for Communications Security Equipment TSEC/KW-7
    Department of the Army, Washington. 26 March 1970. 3
  1. Document retrieved October 2016 via Nick England [17]. Reproduced here by kind permission. Note that this document shows the layout of the connectors on the KWF-1, which are different from the KW-7.
  2. Document declassified by NSA on 30 March 2009 (E.O. 12958, FOIA 47709). Obtained via Bill Neill and scanned by Nick England in March 2021. [17]. Reproduced here by kind permission.
  3. Document retrieved March 2023 via Nick England [17]. Reproduced here by kind permission.

References
  1. Laura H. Heath, Analysis of Systematic Security Weaknesses of the US Navy...
    M.S., Georgia Institute of Technology, 2001. Fort Leavensworth, Kansas (USA), 2005. Thesis of Major Laura Heath, detailing how John Walker exploited weaknesses in the US Navy Broadcasting System between 1967 and 1974.

  2. Pete Earley, Family of Spies: The John Walker Jr. Spy Case
    TruTV website, crime library. Date unknown.

  3. Wikipedia, John Anthony Walker
    Retrieved November 2010.

  4. Wikipedia, Iranian Revolution
    Retrieved October 2013.

  5. Wikipedia, Iran hostage crisis
    Retrieved October 2013.

  6. Russ Kick, The Memory Hole (website)
    Author unknown. Retrieved October 2013 via WayBack Machine. 1

  7. Oleg Kalugin, Spymaster
    2008. ISBN 1-85685-101-X.

  8. NSA, USS Pueblo, AGER-2, Section V, Cryptographic Damage Assessment
    28 February 1968. 106 pages. 2

  9. Commander Bucher, The KW-7 and John Walker
    23 February 2001. Obtained from the USS Pueblo Veteran's Association.

  10. Pete Earley, Boris Solomatin Interview
    1995. Obtained from the USS Pueblo Veteran's Association.

  11. Jerry Proc and contributors, KW-7 (Orestes)
    Retrieved October 2013.

  12. David G. Boak, A History of U.S. Communications Security
    Fifth Lecture - KW-26, KW-37, CRIB, KW7. p. 50.
    Lectures, 1966. Revised July 1973. 3

  13. Wikipedia, Linear feedback shift register
    Retrieved May 2016.

  14. Anonymouse contributor, Photograph of CRYPTO room at NAVCOMMSTA Stockton
    Retrieved May 2016 via Nick England [17]. Reproduced here by kind permission.

  15. Global Security, Military Facility Stockton
    Retrieved May 2016.

  16. Jerry Kemp, Use of KW-7 at HQ PACAF
    US Pacific Air Force HQ 1990-1993. Personal correspondence.

  17. Nick England (K4NYW), US Navy Crypto Equipment - 1950's-60's
    May 2016, July 2021, March 2023.

  18. Ken Pflanz, Personal correspondence
    May 2021.

  19. John Savard, The KW-7
    Graphical reconstruction of the circuit diagram of the KW-7 key generator.
    March 2022.

  20. Michael Teagarden, Personal correspondence
    July 2022.

  21. Gary Crowell, Personal correspondence
    Former USAF 306x0 at Elisworth AFB in 1972.
    August 2023.
  1. Website with lost US Government files obtained via the FOIA.
    Active from 10 July 2002 until June 2009. On-line again since June 2016.  Wikipedia
  2. Released by NSA on 14 September 2012, FOIA case 40722.
  3. Declassified by Interagency Security Classification Appeals Panel 14 October 2015.
    EO 13526, section 5.3(b)(3).

Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Monday 09 May 2016. Last changed: Wednesday, 25 September 2024 - 20:42 CET.
Click for homepage