loading
I work as a sysadmin and have way too many passwords to keep track of.  I used to use one of those password dongles made for the military, but between flat batteries, the size of the thing and various other annoyances, I decided to make my own that would fit in my wallet -- out of paper.

You can also read about my enigma machine here where I have some more photos of it as well.

I've also made some other spy gadgets, including famously making the worlds first real working and wearable Shoe Phone.

PS: If you enjoy this instructible, perhaps consider making a donation to the campaign to preserve the Bletchley Park complex where the Enigma code was broken, shortening world war two, and saving lots of lives in the process.  Their web site is at www.savebletchleypark.com

Step 1: Cryptoanalytic Discussion

Before we get any further, lets just work through the cryptographic context, and make sure that we aren't raving mad.

Don't worry if the following all sounds like gobbledy-gook, because it probably is.  The bottom line is that because the intended use of the device is to generate passwords, and you only ever transmit those password securely, then it is easier to capture the passwords than it is to break the cipher. 

You can now safely skip to the next step.

But if you would like some more detailed cryptoanaylsis  on the use of this device, read on.

First up, the device is intended to be a generator of passwords.  That is, by taking something much easier to remember, we encipher it and use the cipher text as the password.  This means that the plain text is never revealed to anyone.  It also means that we never need to write anything down. 

Further, since the device does not actually store any passwords, it should not breach any of the usual military password dongle guidelines, which generally expressly forbid the storage of any sensitive password in any device, electronic, paper or otherwise.  That is to say, my paper Enigma(tm)-like machine should be capable of approval for military use! If anyone would like to fund the certification, I'd love to hear from you :)

Also, the cipher text is only conveyed on the kind of channels that you would use to carry a password, we have a further protection.  Add to that the generally short length of passwords, especially when they are composed of pseudo-random characters, and the usual Enigma attacks that were used so successfully during the second world war become impossible: (a)  there is no (or at worst, little) capturable traffic to analyse; and (b) even if the traffic were captured, the message length is too short compared with the cycle length to undertake any extensive analysis.

In particular, because the cipher text is only sent on channels that are ordinarily depended upon as being secure, compromising the cipher requires first obtaining the passwords that it is protecting, even if it the cipher was only ROT13! 

Thus, the security is predicated on the secrecy of the plain text, and the security of the transmission channels, rather on the operation of the enciphering device itself.  What the device offers is a means of transforming a low-quality password into a high-quality password, plus a fair bit of geek cred along the way.

But let's move onto the operation of the device itself, and protocols of operation, to assure ourselves that the cipher is a sensible one, and offers some security in and of itself.

The device consists of two fixed rotors and a reflector, plus an outer index ring.  This is somewhat simpler than the real Enigma machines that used three or four rotors which could be rearranged and selected from a selection, and generally featured a plug-board as well.  However, we do use an alphabet with n=72 instead of n=26, so that we can generate better quality passwords. 

The end result is that the key space is 72^3 = 373,248.  While not huge, it is probably sufficient given that the cipher texts and plain texts are not ever revealed.  Thus it is imperative that the plain texts you use to generate your passwords are kept secret, and that you don't use this device to drive a one-time-pad style login system where the cipher texts can be readily intercepted, especially given that the wiring can be observed when the device is being used. 

If you could conceal the wiring of the device, then the security is improved, because the huge number of wiring combinations, (72!)^3 = lots, offers a fair degree of resilience, especially if short cipher texts are used to limit the quantity of traffic that could be captured.  Calculating how much traffic you would need to mount this kind of attack is beyond the scope of this instructible.


Step 2: Getting Started

Now that we've rambled on about how a paper version of a broken cipher system can actually be usefully secure, lets get on to how you can build your own.  Alternatively, you didn't believe a word of what I said, but want one anyway, that's okay too.

You will need:

1x thumb tack
1x small split pin
1x 50mm paper clip (that 2" if you are in the USA and still using UK measurements)
1x Amazing Wallet Size Enigma(tm)-Like Machine PDF file to print
1x A0 high-speed colour plotter connected to a CIA main-frame you have hacked, or failing that, your desktop computer and printer.
1x laminating machine to make the rotors more resilient (optional)

Since we are operating on a need-to-know basis, all I can provie you with is the PDF file.

Actually, because I am so nice, I have provided you with two PDF files, so that you can make an amazing double-sided enigma-like machine.  This means you will have two different wirings to choose from, doubling your key space, for the small cost of making the thing too fat to easily fit in your wallet! 
(It seemed like a good idea at the time.)

You will also notice that the PDF files have two pages.  The first page has enough wallet-sized rotors to make four whole machines, enough for you and your geeky friends.  The second page has a double size set of rotors, so that you can make a much easier to read "desk version" if you like.

Step 3: Cut Out a Full Set of Rotors

Cut out one or more sets of rotors, and laminate them if you are using a laminator. 

If you are laminating them, make sure you leave at least 10mm (2/5") between the rotors so that you can cut them out with a few millimeters (about 1/8") around them so that they stay nice and strong.

Also, if you are laminating, after you cut the rotors out I find it helpful to cut a little nick into the index position (the double fat black or white mark on the outside of each rotor), so that you can (a) find it; and (b) use a finger nail to easily rotate it.

Step 4: Put It Together

This really just consists of first punching a hole EXACTLY in the centre of each rotor with the thumb tack, and then threading them all together with the split pin. 

Notice I said EXACTLY the centre? That's because it matters.  If you put it off centre, then when you spin your rotors around all sorts of non-linear things will happen, and basically you will end up in a lot of trouble.  If necessary, re-print and make the rotors.

As I said before, the thumb tack is the best way to make this hole, because it will be round.  If you use the split pin to push through, it will make a slot, and when it rounds out, it will almost certainly not end up in the middle.

You can get little biddy split pins from craft shops.  Here in Australia, office works has them for about A$5 for 100 (that's about US$4.50 today, but with the way the Aussie dollar is climbing against the green-back, it could end up being US$10 by the end of the 2009).  I expect if you are in the USA you can get them at Spatula City, WalMart or somewhere like that.

Finally, when you are all done, slip the paper clip over the whole thing, with the smaller side over the head of the split pin.  You might need to trim a little off the outer rotor if it won't fit. 

The paper clip provides a bit of positive pressure on the rotors, thus increasing their friction.  This makes it easier to turn one rotor without them all turning.

If all goes well, yours will look something like mine.

Step 5: Okay, I've Got This Thing, and It Looks Cool and All, But How Do I Use It?

First, set the machine into your desired initial setting, which can be described with a 3 character sequence.  In the first photo here, you can see that I have set it to "CAT".

Then follow the process described in all the little boxes in the second photo.  Note that in that photo I have set the rotors to position "AAA". 

Then, after enciphering each letter, you might want to advance the reflector one position.  The third photo shows the setting changed to "AAB" by advancing the rotor one position. 

If you are enciphering long messages you would also want to advance the other rotors from time to time, but that is beyond the scope of this instructible.  But if you are just using it to turn passwords into a two-factor system, then don't even bother advancing the reflector, as the message length will be very short, typically only 8 or so characters, and thus difficult to attack using frequency analysis.  More to the point, if you are using it for passwords, then the cipher text will never be revealed to anyone, making frequency analysis VERY difficult.

After a bit of practice I found that I could use this procedure to encipher or decipher (remember that this is a symetric cihper, so deciphering uses exactly the same process as enciphering) an 8 letter password in between 60 and 100 seconds. 

Okay, that's not real fast, but it is just using a cardboard code wheel, and it has not batteries to go flat, and can secure a virtually limitless number of passwords!

But there is a faster way to use it, too...

Step 6: I'm Too Lazy to Do All That, Is There a Faster Way to Use It?

Yes, there is, but it is nowhere near so secure, because it relies on the secrecy of the wiring, and trusting the systems where you put your password to not cooperate.  The fast way is also not likely to meet the military and similar requirements for keeping passwords safe. 

In fact, the fast method is really only sensible if the wiring of the machine is secret to you, which it isn't if you are using the PDFs from this Instructible.  However, I do intend to make a web site available some time that will let you generate your own randomly wired machine.

That's the down side. 

The up side is that there is a quick and dirty way to get nice random-looking passwords out of the thing in about 5 to 10 seconds, which is faster than the electronic password keepers that I have used.  Apart from being unexpectedly practical, it also looks really swish.

You do it by setting the rotors to a 3 letter initial setting, as for the slow method.  In the photo I have set it to CAT.  Then, a fourth initialisation letter is used to pick a slice of the wiring to use as the password.  In the example I have used "H", and thus a four letter initialisation of "CATH", which yields that password "afQhONMx".

This method is handy, but leaks lots of information about the wiring of the maching.  This can be helped by using only every other letter of the password, and doing it twice, i.e., using a total of 8 initialisation letters in two lots of 4 to obtain 4 password letters each time, and thus an 8 letter password over all. 

It is possible that this still leaks too much information, or is otherwise cryptographically weak, but I haven't got around to analysing it yet, except to realise that in this mode it is a simple static block substitution cipher.

The only other analysis I have done is that it is FAST.  I can pull a password out using this method in perhaps 10 seconds, which is comparable to the electronic password thing that I used to use that kept having flat batteries and broken buttons.

<p>hey paul. super perfect nice work! what i would like to know is, is there a easy way to make encryption /decription? we would like to make some challenges for a party, but it make no sense if we have to do a big work, to find out what &quot;A&quot; is encrypted, &quot;B&quot;, &quot;C&quot; and so on.... regards, chris</p>
<p>Hi, Really nice job. I just used your template for instructing kids about the Enigma machine (grades 3-6). They really liked it. I did a small modification to support Hebrew characters in the outer router (attached). Thanks.</p>
<p>Nice! Lots of people think these sorts of concepts are too hard for relative young kids, but I believe, and as you have shown, this is not the case.</p><p>I am guessing it was pretty easy to modify the post-script to change the characters on the outer ring?</p><p>Paul.</p>
Actually didn't manage with the postscript. I took a look at it but couldn't figure how to add Hebrew chars. So I just edited the file with image editing software.
Hi. I do not know how to use the software lines you have shown us. Can I do it by hand? changing wirings? If so how?
Great Instructable. When can we generate our wheels.
Today! Just hop over to https://github.com/gardners/whirlenig, download and follow the instructions. Let me know if you hit any problems. <br> <br>Paul.
I had trouble opening the program so I sent you a message, I appreciate any help. <br> <br>GOD Bless you all
I didn't get the centre hole very exact, but mine seems to be okay. I guess I'll figure it out when I use it.
when I make a code wheel I line up all the wheels first then once every is centered right I use a ice pick to punch the hole for all the wheels at once. I hope this helps and <br> <br>GOD Bless you and your family <br> <br>Kenneth Lewis
Paul (at least I hope it's Paul): <br>I stumbled across this in a search of a downloadable Enigma machine... dude, you are a f**king god!!! <br>This is the coolest thing I have seen in ages!!! I'm one of those guys who loves a cool gadget or gizmo and this little devise just blew me away man. <br>I am no computer genius, nor a cryptology genius... I know more than the average guy because I read books for the layman and just hack away at stuff until I figure it out. <br>Anyhow, I just had to share my enthusiasm with you (I kind of go crazy when I find something wicked cool) about this and I'll check out the shoe-phone in a bit. <br>I think I'll let my Facebook friends know about this so don't be surprised if a half a dozen weirdos show up here checking this out... we're all starving artist types. <br>
Hello I was just checking in to see if you had a way that I could make the wiring? <br> <br>Thanks and <br> <br>GOD Bless you and your family <br> <br>
Hello, <br>I haven't made a custom wiring generator, but I have put the postscript program up at: https://github.com/gardners/whirlenig <br> <br>I will write a quick python program to generate custom wiring when I get the chance, or feel free to write one yourself -- all you need to do is randomise the order of the number lists for each of the rotors. <br> <br>Paul.
I appreciate you taking the time I know that you are a busy man. I am not smart enough to know how to write a program but I will be patient. Thanks again and <br> <br>GOD Bless you and your family <br> <br>Kenneth
Still no site to generate a code wheel? Aw man, any chance someone could mail me a customized (or the standard) PDF to danny_nolan@yahoo.co.uk, I need one to start storing random generated passwords for co-workers that dont need to be super secure. I just plan on using their initials to generate the initial setup and selecting the 4th letter randomly.<br><br>Thanks in advance.
Hello, <br> <br>Sorry it took me just about forever, but the script to generate random wirings is now up at: github.com/gardners/whirlenig <br> <br>Running 'python3 random_wiring.py' will prompt for a user-supplied passphrase, and will generate a wiring unique to that pass phrase. <br> <br>Let me know how you go.
1) Any word on the code wheel generator program? <br> <br>2) To simplify the process, you could eliminate the inner most wheel or print the resulting characters directly below the tab without all of the colorful lines. <br> <br>3) What did you use to generator your wheels? <br> <br>
1. See my reply above for the generator program (it is at https://github.com/gardners/whirlenig, but not yet with a wiring randomiser). <br> <br>2. Regarding simplifying the reflector (the inner most wheel), yes, it can likely be improved. We need to have some sort of standardised user test to see whether such changes actually make it easier to use, as there are many potential changes that could be made. <br> <br>3. The postscript program mentioned above actually computes and draws the wheels directly. It is not commonly realised that postscript is actually a full programming language, and can do much more than tell a printer how to print a static page. <br> <br>Paul.
I'm not sure I managed to print mine to the proper size. I can always use my glasses for a magnifyer.
Hey Paul,<br><br>This is all kinds of awesome :)<br><br>So, am I right in thinking that to make a new wiring, I would just need to reproduce the middle disk, with different pairs of points reflected?<br><br>pix
That is possible, but it is FAR better to replace all three rings. The letter rings effectively implement the same kind of wiring as the middle one, but it is just expressed in a different way. I really SHOULD get around to making the web page that will let people generate their own uniquely wired machines. In the mean time, if you would like your own wiring, just let me know and I can email you a PDF with your own special unique wiring. <br> <br>Paul.
I like the spatulas so much, I bought the company!
How many people actually spotted the war games reference?
Congratulations! You are the first! If you happen to be in Adelaide, Sydney, Singapore, Frankfurt or Vienna, let me know and I will arrange a secret rendezvous with you to give you your own genuine code wheel PDF so that you can gloat in the spy cred!
You're kidding me. I was laughing when I saw that, and was thinking it must be a screen saver thing .... where it plays out the movie letter by letter, and maybe some voice gen too. I saw this sometime ago, but never had the color printer available. Is there a way to increase the amount of wheels, or even perhaps a way to generate a custom letter placement? Didn't know if you had a 'wheel' generator to create something like that. I like it, haven't tried it out yet but, I am cutting out the pieces now and am looking forward to generating secret codes.
Hello, I keep meaning to get around to making the wheel generator available online. Also, I do have a black and white wheel generator (it is actually what I use myself). Again, it is a question of time and effort, of which I have limited supplies while I am busy <a href="http://servalproject.org" rel="nofollow">saving the world</a>.<br> <br> Paul.
Here's my idea on how to create a password that is one alternate way. First ... Find a 4 letter word and it can be used as your password hint ... I've tried to come up with ways to disguise it so it's not obvious. but lets just say that after you print out one of the standard sheets, (without mixing them up) assemble it, and think of a 4 letter word. For this demonstration, we'll use four. On way to hide it in a coded clue, say something like 'Warn golfers' or 'Not quite five' ... I understand the spelling for the clue to 'Warn golfers' is spelled -fore- and would be a good clue because most people would be mislead into thinking -that- spelling. So, we'll use that clue. Now on the wheel, we'll line up 'f' first, 'o', and then 'u' ... now for the code look for the 'r' which calculates out to ... @mk=OD3k8 ... nice strong password. if you want to be able to trace back you could add color too to help with that. so the password could be ... @mk=redOD3k8 stronger password and it will help decipher the word used ... if you would need that. I've tried using other ideas but this one is decent to help with remembering passwords without writing anything down as a security risk. Now to get funky, mix the wheels up. Print out ones from one set like pointers at wa,ga and the blue right, and mix it up with the one that have La, -a, blue left ... mix it up ... wa with -a and blue right or wa with ga and blue left ... or .... well, you get the idea ... any one else have any ideas? let me know.
Hello, Yes, what you have suggested is one of the methods I have used with the wheel. It has the advantage of being faster than many electronic devices, and provided the passwords are never disclosed, has acceptable security. However, it must be said that there are some cryptographic deficiencies with the method. First, it produces pairs of letters, thus it really only has a password space of 72^4 (about 2.5 million), not 72^8 (about 5 trillion). Second, the pairs of letters are elements of the wiring, and the first of the two reveals information about the relative position of the rotor. This is BAD BAD BAD. Not only does the collection of a few dozen passwords give an attacker a very good idea about much of the wiring of your device, it also gives them a surprisingly good change of getting your initial 4 letter secret, so that even if you changed wiring regularly, you would be left compromised. Regarding changing wheels, that is a great idea, but I have yet to find a fast and convenient way to do it with the paper device. Paul.
WAR GAMES!!!!!
Hello I like to collect and make code and cipher items and I like this one. I would like to know if you have made the program so that I can make my own settings for the inner rotor? Also I have a idea that came up with awhile back that will make it easier to turn the rotors when I laminate the rotors and I cut them out I cut a tab on the rotor and it makes it easier to turn. The cipher I make was a more basic poly-alphabetic rotor that was based on the Tom Mix Decoder it is not as secure as your enigma version. If you want to see the pictures just email me and I will send them to you. Thanks for a great decoder GOD Bless you and your family Kenneth jolly_green1@yahoo.com
Could you create a pdf file with the order of the rings reversed so that it would be printed double sided?<br />
Yes, you could do that, and then flip rotors to give you 2^n times the key space.<br /> I tried doing it, but got tired of trying to get our laser printers to actually be reliable in their placement on the reverse side. &nbsp;Instead I just did two single-sided prints. &nbsp;you could make a single double sided rotor&nbsp;(still a bit fiddly), or as I did, just make extra rotors and have a double sided machine. &nbsp;<br /> <br /> Doing it this way lets you do double-enigma which squares the key space and avoids the usual problem with enigma not being able to encrypt a letter to itself.
Great god of crypto, I beseech you!<br /> Please explain how this wonderous invention works, because seriously, I can't figure it out! &nbsp;<br /> <br /> <br />
&nbsp;In the words of Peter, I am just a man like you.<br /> <br /> As for how it works, is there a particular aspect that doesn't make sense, or just all of it?<br /> <br />
Well, just really all of it :P<br /> The one that throws me off is the first picture of the explanation, I can't see how you've set it to read CAT, or maybe I just can't see it because it works in a different way than I think it does...<br /> My head hurts.&nbsp;
very cool idea &amp;&nbsp;very clear and useful instructable!<br /> thanks for that, bro :)<br /> <br /> ...i want more crypto-tools for my wallet !!<br />
(tm)?&nbsp; lol ;-)<br /> <br /> I think you can relax. the &quot;third reich&quot; is in no position to enforce it's &quot;trademarks...&quot;<br />
Yup, (TM) it is.&nbsp; Enigma is, or at least was, a trademark of the Enigma company, who are quite independent of the Third Reich(no TM).&nbsp; I vaguely recall reading somewhere that they are still in business, but don't quote me on that.&nbsp; The one piece of trivia that I do have some confidence in is that Zeppelin(tm) is still a trademark of the descendant of the Zeppelin company.&nbsp; These days they just make blimps for sports cameras.&nbsp; For bonus points, without referring to wikipedia, what is the difference between a Zeppelin and a blimp?<br />
AFAIK (without research), Zeppelins are rigid, and <a href="https://www.instructables.com/community/Every-now-and-then-work-is-really-fun/">blimps</a> are not.<br /> <br /> Interesting trivia about <em>Enigma</em>. Seems the original inventor sold the patents to the ChiffriermaschinenAktien-Gesellschaft (Cipher Machines Stock Corporation) in 1923. Is the your Enigma(tm) the owner of the patents, I wonder? Or is this a McDonalds(tm) issue? ;-)<br />
You're right: blimps do not have a (possibly) rigid external structure around the balloon.<br /> <br /> As for the status of the Enigma trademark, sadly I don't recall where I read about the company still existing in some form.&nbsp; Anyway, I suspect their trademark was never valid here in Australia.<br /> <br /> Paul.<br />
<p>lol nice movie reference.</p>
What does this do again?&nbsp; Awe who cares I can put it in my wallet and look cool with my other spy friends... do spys have friends?&nbsp; and if they do would they tell you they were a spy?&nbsp; and if I say I am a spy does that negate the facts that I am a spy?&nbsp;&nbsp; hummmm&nbsp; Really cool tool, Can't wait for the website to generate a random one.
This thing looks IMPRESSIVE! What a job!<br /> <br /> <br />

About This Instructable

32,640views

106favorites

License:

More by gardners:Walking Clacks Tower (Portable Semaphore Tower) Mark 1 Make your own wallet-sized Enigma(tm)-like Machine A Get Smart Style Shoe Phone (gen 2) 
Add instructable to: