How the ENIGMA Cipher was Hacked in World War 2

The iconic ENIGMA machine was widely used during World War 2 by the German military and thought to be uncrackable. But, the incredible story of how the ENIGMA cipher code was hacked involved brute forcing, an insider threat, human error, and even just plain luck (bad luck for the other side).
Enigma machine cracked - codebreakers.

The Insider Threat that Compromised the ENIGMA Machine

Brilliant cryptologist and mathematicians, Marian Adam Rejewski, Henryk Zygalski, and Jerzy Rózycki, and their team at Poland’s Cipher Bureau were the first to crack the ENIGMA cipher. They had a little help from an “insider threat” that made the completion of the hacking possible. Remember how 2FA makes it so that you need two “factors” to gain access? Well, in the same way, the codebreakers at Cipher Bureau needed a few factors to reconstruct the military version of the ENIGMA machine.
One of those factors handily came from taking advantage of an opportunistic insider – a German spy named Hans-Thilo Schmidt. He sold the ENIGMA operating manual and settings to French Intelligence. The French Intelligence then passed this intel to the Polish Cipher Bureau. Using this knowledge, Rejewski and his team were able to finally begin reading a majority of German military messages. Another factor that was needed was the order of the keys. The Cipher Bureau only had a commercial version of the ENIGMA cipher machine for reference. The new military version set the keys differently. However, the brilliant and intuitive Rejewski made the stunningly guess that the Germans, obsessed with efficiency and order, would place the keys alphabetically. Rejewski’s guess turned out to be correct.
After Hitler invaded Poland, Cipher Bureau passed on their successful codebreaking work and cipher technology to Britain. This is where Alan Turing and 10,000 codebreakers at Bletchley Park (2/3 of which were female) picked up where Marian Rejewski and his team left off. Until Poland was overrun by the German blitzkrieg in 1939, Polish cryptologists led the way to hacking the Nazis.

Brute-Forcing the ENIGMA Cipher with Automation

Codebreakers were racing to decrypt thousands of messages a day. It quickly became apparent that for such tasks to be ultimately successful, some form of automation would have to come into play. The scale of the challenge was simply too much for manual calculations by humans. They needed speed to break the messages faster.

At some point, the Rajewski knew how the ENIGMA machine worked and could reverse-engineer it. But that still doesn’t mean you could just read messages. The problem is that the ENIGMA had too many different key setting combinations. Also, the Germans changed the settings often so finally decrypted messages came too late to be of use.

Now comes the computing power needed to try to decrypt a message against as many combinations as possible – brute-forcing the issue. It’s like if the hacker knew how a password-username system worked, all they need to do is try as many password combinations as possible. Obviously, the Germans weren’t going to make it easy. So, Rajewski’s team built an electromechanical machine (basically a quantum computer for the times) to automate the combination-trying process. They said the machine could do the work of 100 people. This machine was called a “bomba”.

Human Error will Always Mess Things Up

Allied codebreakers were trying to crack the ENIGMA cipher, but they were missing a few pieces of the puzzle. One of the vital clues that led the Allies being able to finally decrypt ENIGMA code was human error German’s part. Every message ended with the phrase “Heil Hitler”, which gave the Allies a baseline to infer how the cipher worked.

Even before that, Rajewski was able to use German communications (human) error to determine how to break the ENIGMA cipher. People are indeed the weakest link.

Capterra Best Value for Authentication Jun-20
Capterra Ease of Use for Authentication Jun-20

See GateKeeper proximity access control in action.

Take a self-guided tour of how you can evolve from passwords. Then you're really saving time with automation.