In the story below, we've tried to explain why we have created the
Crypto Museum and why we spend so much time with it. If you don't have time
to ready the full text, try the abstract below.
Cryptography - or crypto for short - is all around us: in our credit card,
in our car keys, as part of electronic banking and even in our web browser.
Crypto is generally used to exchange secret messages.
In a war it is important that secrets are kept secret, so it doesn't
come as a surprise that it plays an important role in the military scene.
That was the case during WWII
and also in the dark days of the Cold War
And it is still the case today.
But crypto also plays an important part in our personal life today.
By collecting crypto equipment, we try to capture an important part of
our history. A part that has been kept secret for a long time.
If we don't act now, we might lose it forever. The website is our attempt to
describe the equipment to the best of our abilities.
Whenever possible, we will also try to explain the operating principles and
the underlying history.
If we succeed in this mission we may all learn from it.
The majority of equipment in our collection is in full working order and
we are doing our very best to repair any broken or incomplete devices,
so that we can demonstrate them to the public.
Although at present Crypto Museum is a virtual museum, we want to share our knowledge with as many people as possible. We are therefore seeking to
co-operate with other museums whenever we can.
At the same time we are trying to raise the profile of technology and
engineering in general;
a profession that tends to be forgotten.
Paul Reuvers & Marc Simons
Crypto Museum is an initiative of Paul Reuvers and Marc Simons,
both self-employed engineers from Eindhoven (Netherlands).
Paul established his company – X-Ample Technology BV – in 1986
and has specialized himself in the development of embedded software
and user interfaces for health-care and agricultural applications.
Marc founded his company YiG Engineering BV in 2000 and
specializes in the development of electronic circuits, also known as
hardware, for a variety of applications ranging from the
Senseo coffee machine to state-of-the-art FPGA designs, for companies such as
Philips and Xilinx. He also developed the control system for a well-known
old people's scooter brand.
One of his latest projects is an intelligent weed-control system that he
developed in close co-operation with Paul.
We started building the Crypto Museum collection in 2004,
but our interest in technology dates back to our youth.
Already at an early age we were considered 'strange people'.
Always busy with wires and a soldering iron. Building model trains,
transmitters, audio amplifiers and eventually becoming radio hams
and electronics engineers.
Later in life we both independently took the step to establish our own
company and become self-employed. To do things our own way.
It gave us the liberty to take on the projects that we really cared about,
but also brought great responsibility.
After all, we want our customers to be happy, as at the end of the day,
they pay the bills.
Today, we both have a good running enterprise, but to our dismay we see the interest
in technology from young people declining rapidly.
As if everyone wants to become a manager these days...
Please do not forget that our society has an enormous need for new
technicians with fresh and challenging ideas. Perhaps now more then ever.
It all started in 2001 when a good friend - Nanno van Haaften - lent us the book
Enigma by Robert Harris.
Reading is not the most favorite activity of most engineers, but
he insisted that we'd read the book as, according to him, it was a most intreguing
and appealing story...
And he was right.
Although it was a novel, it was a most fascinating story.
How was it possible that the British broke the Enigma codes during WWII.
Why was this story kept secret until 1974?
And where was this place Bletchley Park ? Did it still exist?
In fact we were so fascinated about it, that a few weeks later
we booked at ferry to the UK to spend our holidays at Bletchley Park (BP).
When we arrived at BP, we saw buildings in decay and an improvised museum.
But despite all that, we were presented with a complete and clear picture of
what had happened there during WWII.
We walked the so-called Crypto Trail and were educated with all
stages of a secret German message. From its origin, through interception, to
the breaking of the codes and finally the intelligence derrived from it.
At the end of the trail there even was a real
Enigma M3 machine!
We were overwelmed; what a beautiful place this was. We spent three days there
and soaked up every piece of information that our limited brains could handle.
The smell of the old huts, the old cipher equipment
and perhaps even the Enigma-ghost.
And it matched Robert Harris' book even in the finest details, making it feel almost
like a deja-vu.
One of the nicest things about British people is that, as soon as they notice
your interest, they are prepaired to explain things in great detail.
From the intercept stations — the so-called Y-Service — to the
Bombe machines that were used for breaking the Enigma messages.
In many ways, the items described in Robert Harris' novel Enigma,
became reality for us.
Apart from the Crypto Trail, BP had a lot more to offer.
Many cipher machines were on display and the principles behind codemaking
and codebreaking were demonstrated.
We came to realise that there was a complete business behind this hush-hush
crypto stuff. (If you search the internet, you will soon realise that this
is still the case today.)
The technology behind the cipher machines is really fascinating.
From a mechanical point of view, some of the machines are real marvels
of human engineering.
A fews days later we were on the ferry back to The Netherlands. We booked
a cabin, so that we could sleep during the 10 hour trip, but the Enigma kept
us awake. We spend the entire night day-dreaming about how wonderful it would
be to posess our own Enigma machine.
When we arrived home, we immediately started to work out the concept of an electronic
version of the Enigma. It would give us – and everybody else – the ability to own
an affordable Enigma machine. The results of our efforts were an
Enigma computer simulation for RISC OS computers
(Acorn) and the now famous Enigma-E self-build kit.
Both 100% compatible with a real war-time Enigma machine.
And from that moment on, we were contaminated with the Crypto-Virus...
In the summer of 2003 we went back to BP. This time with a working prototype
of the Enigma-E under our arm.
We wanted to show it to people at BP and to find out whether it would be an
interesting product for the museum shop. It was just a gamble as we were not
certain whether or not a self-build electronics kit would actually be of interest
to the public.
We were lucky, as we happened to have picked the weekend of the annual Enigma
Reunion and the park was crowded with people 'in the know'. On the first day we
met well-known Enigma researcher
with whom we had so far only exchanged
e-mails. David noticed the small wooden box under Marc's arm and asked what it was.
We demonstrated the Enigma-E to him and David immediately fell in love with it.
He insisted that we would talk to the BP director.
Although it was an extremely busy weekend, David had successfully persuaded BP
director Christine Large to grant us a five minute slot. The rest is history.
Christine spend more than an hour with us and the Enigma-E, and immediately
recognised its promotional potential. And it wouldn't be long before the first
batch of kits was delivered.
That night, David invited us to a closed meeting of the American Cryptogram
Association (ACA) that was held at BP that weekend as well.
The ACA is a group of interesting people who share the same 'strange' hobby.
Many of them are collectors of cryptographic items and related equipment.
It was a real eye-opener to us and we immediately felt comfortable in this
company of friends. The next day we had to admit to ourselves that the
Crypto-Virus had really gotten under our skin.
Since then we have become regular visitors of
Bletchley Park (BP)
The National Museum of Computing (TNMOC),
and we know many people
there now. We made contact with other visitors and collectors and even after
all these years, it still is an inspiring place to be.
The birth of Crypto Museum
In the spring of 2004, the first small cipher machine crossed our path.
On a local aution website, we found our first Hagelin C-446 and a few days later we
showed it to our good friend Cor Moerman. Cor, who is the curator of the
Dutch Ham Radio Museum, immediately recognised our enthusiasm and told us
that he also had a 'forgotten' Hagelin that was dusting away somewhere
on a shelf.
It didn't fit in with his collection, he said. So then we had two Hagelins.
He also jokingly warned us about collecting. "If this really takes off", he said,
"you will need more space and eventually you may have to establish a real
'Crypto Museum' in due course".
At the time, we didn't have a clue what he was talking about
and didn't think that one day we would have
to acknowledge his insights.
After a few years of collecting equipment and stories, Crypto Museum suddenly
became reality in 2008. Cor Moerman came up with the idea to setup a special
temporary exhibition dedicated to
and asked for our help.
Many objects from our collection were given on loan to his museum and they were
complemented by items from Cor's own collection,
the collections of Jan Rijnders, Arthur Bauer and some others.
It was a big experiment, but it turned out to be a
huge success: there were days that some people left the building because
it was too crowded!
A huge compliment to all of us, but especially to the museum volunteers
and the many visitors who told us their fascinating stories.
The event brought us in contact with many new people and they in turn
brought us numerous new objects.
By the end of 2008 we had registered the Crypto Museum website and at the
beginning of 2009 we started to upload detailed descriptions of the
most important items we had in our collection.
We felt the need to share our knowledge with others
and let the world enjoy the things that we had collected. With the website,
we have effectively established a virtual museum. It is open 24/7 and it
gives us the ability to exhibit our collection permanently.
It also puts us in contact
with even more new people and objects.
Ten years on, it has greatly helped expanding the collection.
One of the goals of a museum is to share knowledge. This can be out of personal
interest or as part of a research project. And it seems to work: we get frequent
requests from students needing help with their talks, or from former employees
of the Department of Defence who want to see 'their old kit' again.
In addition we give about 10 to 15
talks on the subject every year and we are
working together with other museums when setting up
Fascination for cryptology
The techniques behind cryptography are really fascinating.
Early systems, like the Caesar Cipher
and the Vigenère Cipher
were mainly based on simple alphabet subsitution.
Who hasn't used these seemingly 'unbreakable' methods as a child,
for exchanging secret messages with friends?
In the 20th century, the first mechanical cipher machines appeared.
Big names in Europe in those days were
Chiffriermaschinen AG (Enigma)
and Boris Hagelin.
Such machines are often called
as most of them consist of
a series of rotating (electro) mechanical wheels.
Rotor machines have become very popular among collectors (including ourselves),
mainly because they are the last generation of cipher machines were you can actually
see how it works. Furthermore they are relatively easy to understand,
repair, maintain and demonstrate.
With rotor machines, the cryptographic key is largely based on the
settings of the rotors at the beginning of a message.
They are based on symmetric key cryptography, as the keys for coding and
decoding are identical. The advantage of such systems, is that the key is much
shorter than the actual message, effectively replacing a large secret by a
smaller – easier to handle – one.
The early 1950s saw the rise of digital telegraphy,
also known as Teletype
or Telex. It replaced earlier systems that relied
on Morse Code.
With telex, letters were transmitted as digital bits,
and messages were stored on so-called punched paper tape.
It allowed larger messages to be sent at much higher speed,
resulting in the need for faster - more versatile -
For military applications, an ancient – and truly unbreakable –
cipher was given a new lease
of life. The One Time Pad (OTP),
was adapted for use with telex machines
and became the heart of so-called Mixer Machines
or Mixers, such as the
Philips Ecolex 4
and the Siemens M-190.
Imagine a noise generator that would produce truely random (and therefore
unpredicatable) numbers that were written to a punched paper tape.
Of that tape, only one copy was made. It was sent to the other end of
the communication link by means of a (secure and trusted) courier.
Plain-text of the sender was 'mixed' with the key-tape using the
Vernam Cipher principle (XOR). The key-tape would only be used once
and was destroyed immediately after use. This way, a secret will forever remain secret.
The disadvantage of OTP
systems is that the key has to have at least the same length as
the message itself in order to prevent repeats in the key period.
For the same reason, an OTP can only be used once.
A drawback of this system is the problem of key distribution.
Both sides need sufficient supply of key tapes and you have to
know in advance who you want to contact. In practice, it
appeared to be too cumbersome for field use.
Nevertheless, it remained in use for a long time for messages at the highest level in
situations where secrecy was paramount.
During the cold war,
the Americans and the Russians exchanged confidential messages with
each other via the Moscow-Washington hotline
using this principle.
Asymmetric key cryptography
In the 1970s, digital microprocessors became widely available and it
wasn't before long that they were used in a new generation of cryptographic
equipment. In 1976, Whitfield Diffie and Martin Hellman introduced a new method
for safely exchanging message keys over an insecure channel.
Unknown to them at the time,
it had already been invented by GCHQ
a few years earlier.
The method is entirely based on mathematics and consists of a public key that is
derived from a chosen private key. Both parties exchange their public keys
and it is impossible to reconstruct the private keys from the public keys.
This method is called asymmetric key cryptography.
Once the keys have been exchanged with asymmetric methods, the message itself
can be transmitted using existing symmetric cryptography.
In recent years, the internet has become increasingly popular for exchanging
messages, even within the Department of Defense.
Cryptographic systems have changed into 'black boxes' that allow secure
systems to exchange information over insecure networks.
Such boxes only have a handful of connectors, switches and indicator lights
and there is nothing much to see anymore.
Inside the boxes are extremely powerfull digital processors and
Field Programmable Gate Arrays (FPGAs),
executing serious crypto-algorithms.
Over the years, cryptography has evolved from simple mechanics to pure mathematics
at the highest possible level. Only a handful of people are capable of developing new
At the same time, codebreaking, or cryptanalysis, has become a serious business
as well. With the ever increasing computing power it is now possible to break
a cipher that was believed to be unbreakable just 10 years ago.
The rate at which cryptographic systems can be broken increases
every day, which means that the live span of
encryption devices decreases equally fast.
In the past, crypto systems were thought to be safe for, say, 15 to 20 years.
By 2010 however, systems were considered safe for just a couple of years,
with a maximum of 10 years for military equipment. And it is dropping fast.
the German Army used the
Enigma cipher machine
to secure their radio traffic. It helped them fighting an efficient
and effective Blitzkrieg,
which no doubt has cost thousands of lives.
It shows that cryptography can be used as a effective tactical and
A single nurdy mathematicians can beat an army
of a thousand muscular Rambos. Fascinating, isn't it?
At the same time, mathematicians can save lives. Take, for example,
the brilliant Alan Turing who worked at
and saved numerous lives by using
to break the German codes.
Today, cryptography is everywhere. Our credit cards, debit cards, ATM machines,
computers, car keys, weapon systems and communication between
embassies: they all involve some kind of cryptography.
Even the Vatican has secrets and uses cryptography to keep them secret.
Cryptography helps to protect a secret only
for a certain period of time; it is used to 'buy time'.
Cryptalanysis – the art of codebreaking – is also everywhere.
Just think about the NSA,
and – in The Netherlands – the AIVD
and MIVD; they have all specialised in
deciphering and reading messages on an extremely large scale.
And don't forget the interest in codebreaking from countries like
India, Iran, China and Russia. They too are after your secrets.
One of the problems we faced when creating the Crypto Museum website, was that we were
not always certain about whether or not we were allowed to make certain information
Some encryption devices are classed as 'secret', but there is no way to find out about
that, as the list of classified equipment is classified itself.
Fortunately, due to our exhibitions and lectures, we were lucky enough to meet the right
people who were kind enough to help us solve that problem.
After 15 years, a crypto system will be obsolete. In practice,
the live span of an encryption device is much shorter than that.
According to the Moorse/House Law, the available processing power
nearly doubles every 18 months. 1
As a result, one continuously has to evaluate the current cryptographic
systems that are in use. As all systems are digital nowadays,
it is fairly easy to increase complexity when there is sufficient processing
power. This is directly related to the number of bits that is often quoted,
e.g.: 56 or 64-bit DES,
or 128-bit SAVILLE.
The computing power available to the code-makers is available to the
code-breakers as well.
If we apply Moore's Law to the above, it means that we only have to add a single
bit every 18 months. Each bit doubles the number of posibilities.
It represents a gained time of 18 months.
According to Moore's Law, the number of transistors on integrated circuits
doubles every two years. It is an observation (rather then an real law)
named after Intel co-founder Gordon E. Moore.
A variation to this law, which is often mistakenly attributed
to Moore, was defined by Intel executive David House, who said that
processing power doubles every 18 months (the combined effect
of more transistors and their being faster).
Back in the 19th century, Auguste Kerckhoffs stated that any cipher system
should be secure even if everything about the system, except the key,
is public knowledge. This statement of 1883, known as
rejects inferior systems that provide security by obscurity. 1
Military organisations and governments worldwide
are often frantic about collectors
trying to obtain military encryption devices, claiming that it enables
them to read military traffic and expose state secrets.
Neither of this is true, of course, but it is caused by
by the hierarchial structure armies in general and lack of knowledge about
the underlying principle.
In the real world,
all encryption devices used by the army, must (and do)
comply with Kerckhoffs's
Principle, as they are likely to fall into enemy hands during a conflict.
For this reason, military cipher machines always have a so-called ZERIOZE-button,
allowing the operator to purge all keys if security is compromised.
Preventing serious collectors from possessing such machines therefore
makes no sense at all, as long as they are not given the original keys
that were used to encrypt the original messages.
Kerckhoffs's principle was later reformulated by Claude Shannon (1916-2001)
as 'The enemy knows the system'. It this form it is known as Shannon's Maxim.
What is the best way to obtain encryption devices? Most of the items shown
on this website have been found in surplus stores or have been swapped with
Auction sites like eBay
are also good sources for affordable items,
but crypto-material is often difficult to recognise.
Security agencies and defense organisations are often not amused when cipher
machines and other cryptographic material appears on the surplus market.
In many cases the items should have
been destroyed, but have accidentally (or intentionally) escaped demolition.
The official policy of these organisations is that they don't want
to inform any 'enemies' about their current state-of-technology;
something that no longer makes sense in this rapidly changing 'open'
The fact that cipher machines sometimes accidently appear on the surplus market is,
of course, not our fault. But we don't want to step on any toes either.
Luckily, we are blessed with a good 'common sense'.
We observe, combine, recombine, think and re-think before we act.
But at the end of the day, we must save the items from demolition.
Losing history is simply not an option.
Many of our fellow museums and collectors, endorse this view.
They too are doing their very best to ensure that history is preserved and
shared with the general public.
Technically interested people, students
and even new cryptologists can learn quite a lot from studying historical
cipher methods and machines. Old cipher machines are easily explained,
and the security issues and human mistakes surrounding key management
haven't really changed that much over the years.
From the start, we have built a good reputation with 'the
agencies' and with our Department of Defense. They endorse that ignorance is a
bigger threat than the necessity to destroy equipment that is no longer in use
and is rendered obsolete.
We do know our boundaries, of course.
We never publish any information on our website before carefully considering
any security issues, as we don't want to endanger any person, organisation or
mission, civil or military.
We only publish the information if we know that the equipment is no longer used,
is obsolete or was never classified.
Because of our backgrounds in mechanics and electronics,
we are able to repair and preserve most of the items in our collection.
Over the years, we have assembled a large network
of experts and specialists that we can always rely on.
And that includes the authorities.
It is our intention to eventually be able to show and demonstrate
as many (working) objects as is technically possible.
Another reason for providing information on the Crypto Museum website
is to warn against indifference and naivity.
Not many people have heard about cryptography,
and very few realise the danger of putting personal information on public
Just look around you: people share their entire life on sites like
Facebook and Linked-in.
Google has been spying on our wireless networks and links all possible kinds of
information together. Very convenient if you want to check someone's credentials, but
also very helpful to criminals wanting to steal your identity.
Can you blame them for it?
After all, you shared it on the world-wide web yourself.
We are becoming increasingly dependant on modern digital networks,
but how safe are these systems? If you only knew how often people
forget to change the network computer's default ADMIN password...
And this is just one example.
How many people use their birth date or their postcode as a password,
or the secret number of their credit card for the burglary alarm system?
Consider this: the city of Eindhoven (where we live) has 250,000 inhibitants.
The PIN-code (secret number) of a bank card only has 4 digits.
Have you ever realised how many people in your city share the same PIN code?
If you are serious about protecting your secrets, safety is paramount.
Luckily, the Cold War is now over. But does that mean that there are no more threats? Certainly not.
Our biggest 'enemies' might even be our closest (international)
business relations. The European national security agencies are constantly warning us for
industrial espionage. It seems to be our biggest threat right now.
Perhaps this is best illustrated by a couple of examples:
- Remote access
Some large companies are currently outsourcing the software maintenance of their PCs.
All PCs in the corporate network are managed remotely from a far away country.
Do you think this is wise? Perhaps not.
A third party gets access to the complete administration of the
company, its strategic partners and, worse, the company's intellectial property (IP).
- Internet Switch
A big international company has developed a new Internet Security Switch.
They have decided to move the production of the new switch to a low-wage country.
Apart from the list of materials, they also give them the design files
and the source code of the software,
so that the production company can provide a 'better' service. Do you think this is smart?
- Information gathering
A civil service needs to collect information about its nationals. They have contracted
an external party to do this on their behalf.
This external party is located in a
far-away country. Nobody in the civil service knows exactly how it works, but
everyone is satisfied with the results, because it 'seems to work well'.
Do you think this is smart?
People often say: "If you have nothing to hide, you have nothing to fear".
We completely disagree with that. What a dull life you have if you have
nothing to hide.
Companies have their intellectual property (IP) and their
industrial interests to protect.
Individuals should protect their passwords, financial data
and their identity,
but most of all their privacy, their thoughts and their freedom.
At the end of the day, all of us — and vulnerable minorities in particular —
have something to hide.
Modern cryptographic equipment consists of nothing more than a 'black box'
with powerful digital processors and complex mathematical algorithms.
There is not much to see, and there are definitely no moving parts.
We realize that this is probably where our collection
of historical cipher equipment will end.
However, there are numerous earlier cipher methods and
machines, much of which are still undiscovered.
'New' old machines will, no doubt, pup-up and many side-tracks will be walked.
Furthermore, the history of some famous cipher machines is still very clouded,
leaving much to be researched and much to be discovered in the years to come.
On the Crypto Museum website, we have done our best to raise an interest in
historical cipher machines, cryptography in general, and many related subjects.
Where possible, we will give as much background information as we technically
and legally can.
Perhaps you too will eventually get infected by the Crypto Virus.
If it happens, be careful as it might get under your skin.
Paul Reuvers & Marc Simons
To the best of our knowledge, this site only contains information that is
either available in the public domain,
that is unclassified,
or that has been officially declassified.
Whenever possible, the source of the information will be credited in
the References section at the bottom of each page.
In cases where the classification status is not entirely
clear — there is no list of classified items in the public domain —
we will try to follow the rules of common sense.
If you come across any information that you think is still classified,
please let us know.
Please note that we are neither cryptologists nor mathematicians.
We don't want to develop new cryptographic systems
and we are not cryptanalists either.
We are not involved or interested in breaking any classified codes.
Also note that some of the objects shown on this website are still restricted
items. We are not in the position to release classified information about such
- Algemene Inlichtingen en Veiligheidsdienst (AIVD), Spionage- en Veiligheidsrisico's
Espionage and safety risks (Dutch).
The Netherlands, July 2005, 2nd issue.
- Algemene Inlichtingen en Veiligheidsdienst (AIVD), Spionage in Nederland.
Espionage in The Netherlands. What is the risk? (Dutch)
The Netherlands, 4 February 2010.
- Algemene Inlichtingen en Veiligheidsdienst (AIVD),
Spionage bij reizen naar het buitenland.
Espionage when travelling abroad. What is the risk? (Dutch)
The Netherlands, 4 February 2010.
- Algemene Inlichtingen en Veiligheidsdienst (AIVD), Digitale spionage.
Digital espionage. What is the risk? (Dutch)
The Netherlands, 4 February 2010.
- Algemene Inlichtingen en Veiligheidsdienst (AIVD), Kwetsbaarheidsanalyse Spionage
Espionage risks and national safety (Dutch)
The Netherlands, 1 April 2010.
- British National Security Service MI5
The threat of espionage did not end with the collapse of Soviet communism...
UK, January 2010.
- Bundesamt für Verfassungsschutz (BfV), Spionage gegen Deutschland
Espionage against Germany (German).
Germany, November 2008.
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?|
© Crypto Museum. Last changed: Sunday, 30 December 2018 - 08:24 CET.