Make Your Own Wallet-sized Enigma(tm)-like Machine

35,685

111

42

Published

Introduction: Make Your Own Wallet-sized Enigma(tm)-like Machine

I work as a sysadmin and have way too many passwords to keep track of.  I used to use one of those password dongles made for the military, but between flat batteries, the size of the thing and various other annoyances, I decided to make my own that would fit in my wallet -- out of paper.

You can also read about my enigma machine here where I have some more photos of it as well.

I've also made some other spy gadgets, including famously making the worlds first real working and wearable Shoe Phone.

PS: If you enjoy this instructible, perhaps consider making a donation to the campaign to preserve the Bletchley Park complex where the Enigma code was broken, shortening world war two, and saving lots of lives in the process.  Their web site is at www.savebletchleypark.com

Step 1: Cryptoanalytic Discussion

Before we get any further, lets just work through the cryptographic context, and make sure that we aren't raving mad.

Don't worry if the following all sounds like gobbledy-gook, because it probably is.  The bottom line is that because the intended use of the device is to generate passwords, and you only ever transmit those password securely, then it is easier to capture the passwords than it is to break the cipher. 

You can now safely skip to the next step.

But if you would like some more detailed cryptoanaylsis  on the use of this device, read on.

First up, the device is intended to be a generator of passwords.  That is, by taking something much easier to remember, we encipher it and use the cipher text as the password.  This means that the plain text is never revealed to anyone.  It also means that we never need to write anything down. 

Further, since the device does not actually store any passwords, it should not breach any of the usual military password dongle guidelines, which generally expressly forbid the storage of any sensitive password in any device, electronic, paper or otherwise.  That is to say, my paper Enigma(tm)-like machine should be capable of approval for military use! If anyone would like to fund the certification, I'd love to hear from you :)

Also, the cipher text is only conveyed on the kind of channels that you would use to carry a password, we have a further protection.  Add to that the generally short length of passwords, especially when they are composed of pseudo-random characters, and the usual Enigma attacks that were used so successfully during the second world war become impossible: (a)  there is no (or at worst, little) capturable traffic to analyse; and (b) even if the traffic were captured, the message length is too short compared with the cycle length to undertake any extensive analysis.

In particular, because the cipher text is only sent on channels that are ordinarily depended upon as being secure, compromising the cipher requires first obtaining the passwords that it is protecting, even if it the cipher was only ROT13! 

Thus, the security is predicated on the secrecy of the plain text, and the security of the transmission channels, rather on the operation of the enciphering device itself.  What the device offers is a means of transforming a low-quality password into a high-quality password, plus a fair bit of geek cred along the way.

But let's move onto the operation of the device itself, and protocols of operation, to assure ourselves that the cipher is a sensible one, and offers some security in and of itself.

The device consists of two fixed rotors and a reflector, plus an outer index ring.  This is somewhat simpler than the real Enigma machines that used three or four rotors which could be rearranged and selected from a selection, and generally featured a plug-board as well.  However, we do use an alphabet with n=72 instead of n=26, so that we can generate better quality passwords. 

The end result is that the key space is 72^3 = 373,248.  While not huge, it is probably sufficient given that the cipher texts and plain texts are not ever revealed.  Thus it is imperative that the plain texts you use to generate your passwords are kept secret, and that you don't use this device to drive a one-time-pad style login system where the cipher texts can be readily intercepted, especially given that the wiring can be observed when the device is being used. 

If you could conceal the wiring of the device, then the security is improved, because the huge number of wiring combinations, (72!)^3 = lots, offers a fair degree of resilience, especially if short cipher texts are used to limit the quantity of traffic that could be captured.  Calculating how much traffic you would need to mount this kind of attack is beyond the scope of this instructible.


Step 2: Getting Started

Now that we've rambled on about how a paper version of a broken cipher system can actually be usefully secure, lets get on to how you can build your own.  Alternatively, you didn't believe a word of what I said, but want one anyway, that's okay too.

You will need:

1x thumb tack
1x small split pin
1x 50mm paper clip (that 2" if you are in the USA and still using UK measurements)
1x Amazing Wallet Size Enigma(tm)-Like Machine PDF file to print
1x A0 high-speed colour plotter connected to a CIA main-frame you have hacked, or failing that, your desktop computer and printer.
1x laminating machine to make the rotors more resilient (optional)

Since we are operating on a need-to-know basis, all I can provie you with is the PDF file.

Actually, because I am so nice, I have provided you with two PDF files, so that you can make an amazing double-sided enigma-like machine.  This means you will have two different wirings to choose from, doubling your key space, for the small cost of making the thing too fat to easily fit in your wallet! 
(It seemed like a good idea at the time.)

You will also notice that the PDF files have two pages.  The first page has enough wallet-sized rotors to make four whole machines, enough for you and your geeky friends.  The second page has a double size set of rotors, so that you can make a much easier to read "desk version" if you like.

Step 3: Cut Out a Full Set of Rotors

Cut out one or more sets of rotors, and laminate them if you are using a laminator. 

If you are laminating them, make sure you leave at least 10mm (2/5") between the rotors so that you can cut them out with a few millimeters (about 1/8") around them so that they stay nice and strong.

Also, if you are laminating, after you cut the rotors out I find it helpful to cut a little nick into the index position (the double fat black or white mark on the outside of each rotor), so that you can (a) find it; and (b) use a finger nail to easily rotate it.

Step 4: Put It Together

This really just consists of first punching a hole EXACTLY in the centre of each rotor with the thumb tack, and then threading them all together with the split pin. 

Notice I said EXACTLY the centre? That's because it matters.  If you put it off centre, then when you spin your rotors around all sorts of non-linear things will happen, and basically you will end up in a lot of trouble.  If necessary, re-print and make the rotors.

As I said before, the thumb tack is the best way to make this hole, because it will be round.  If you use the split pin to push through, it will make a slot, and when it rounds out, it will almost certainly not end up in the middle.

You can get little biddy split pins from craft shops.  Here in Australia, office works has them for about A$5 for 100 (that's about US$4.50 today, but with the way the Aussie dollar is climbing against the green-back, it could end up being US$10 by the end of the 2009).  I expect if you are in the USA you can get them at Spatula City, WalMart or somewhere like that.

Finally, when you are all done, slip the paper clip over the whole thing, with the smaller side over the head of the split pin.  You might need to trim a little off the outer rotor if it won't fit. 

The paper clip provides a bit of positive pressure on the rotors, thus increasing their friction.  This makes it easier to turn one rotor without them all turning.

If all goes well, yours will look something like mine.

Step 5: Okay, I've Got This Thing, and It Looks Cool and All, But How Do I Use It?

First, set the machine into your desired initial setting, which can be described with a 3 character sequence.  In the first photo here, you can see that I have set it to "CAT".

Then follow the process described in all the little boxes in the second photo.  Note that in that photo I have set the rotors to position "AAA". 

Then, after enciphering each letter, you might want to advance the reflector one position.  The third photo shows the setting changed to "AAB" by advancing the rotor one position. 

If you are enciphering long messages you would also want to advance the other rotors from time to time, but that is beyond the scope of this instructible.  But if you are just using it to turn passwords into a two-factor system, then don't even bother advancing the reflector, as the message length will be very short, typically only 8 or so characters, and thus difficult to attack using frequency analysis.  More to the point, if you are using it for passwords, then the cipher text will never be revealed to anyone, making frequency analysis VERY difficult.

After a bit of practice I found that I could use this procedure to encipher or decipher (remember that this is a symetric cihper, so deciphering uses exactly the same process as enciphering) an 8 letter password in between 60 and 100 seconds. 

Okay, that's not real fast, but it is just using a cardboard code wheel, and it has not batteries to go flat, and can secure a virtually limitless number of passwords!

But there is a faster way to use it, too...

Step 6: I'm Too Lazy to Do All That, Is There a Faster Way to Use It?

Yes, there is, but it is nowhere near so secure, because it relies on the secrecy of the wiring, and trusting the systems where you put your password to not cooperate.  The fast way is also not likely to meet the military and similar requirements for keeping passwords safe. 

In fact, the fast method is really only sensible if the wiring of the machine is secret to you, which it isn't if you are using the PDFs from this Instructible.  However, I do intend to make a web site available some time that will let you generate your own randomly wired machine.

That's the down side. 

The up side is that there is a quick and dirty way to get nice random-looking passwords out of the thing in about 5 to 10 seconds, which is faster than the electronic password keepers that I have used.  Apart from being unexpectedly practical, it also looks really swish.

You do it by setting the rotors to a 3 letter initial setting, as for the slow method.  In the photo I have set it to CAT.  Then, a fourth initialisation letter is used to pick a slice of the wiring to use as the password.  In the example I have used "H", and thus a four letter initialisation of "CATH", which yields that password "afQhONMx".

This method is handy, but leaks lots of information about the wiring of the maching.  This can be helped by using only every other letter of the password, and doing it twice, i.e., using a total of 8 initialisation letters in two lots of 4 to obtain 4 password letters each time, and thus an 8 letter password over all. 

It is possible that this still leaks too much information, or is otherwise cryptographically weak, but I haven't got around to analysing it yet, except to realise that in this mode it is a simple static block substitution cipher.

The only other analysis I have done is that it is FAST.  I can pull a password out using this method in perhaps 10 seconds, which is comparable to the electronic password thing that I used to use that kept having flat batteries and broken buttons.

Share

Recommendations

  • Backpack Challenge

    Backpack Challenge
  • Game Life Contest

    Game Life Contest
  • Clocks Contest

    Clocks Contest

42 Discussions

Great! Ingenious design. Now my little brother wants one. P.S Is there a way to simulate the enigma's plug board on this? That would be awesome :)

hey paul. super perfect nice work! what i would like to know is, is there a easy way to make encryption /decription? we would like to make some challenges for a party, but it make no sense if we have to do a big work, to find out what "A" is encrypted, "B", "C" and so on.... regards, chris

Hi. I do not know how to use the software lines you have shown us. Can I do it by hand? changing wirings? If so how?

Today! Just hop over to https://github.com/gardners/whirlenig, download and follow the instructions. Let me know if you hit any problems.

Paul.

I had trouble opening the program so I sent you a message, I appreciate any help.

GOD Bless you all

I didn't get the centre hole very exact, but mine seems to be okay. I guess I'll figure it out when I use it.

1 reply

when I make a code wheel I line up all the wheels first then once every is centered right I use a ice pick to punch the hole for all the wheels at once. I hope this helps and

GOD Bless you and your family

Kenneth Lewis

Paul (at least I hope it's Paul):
I stumbled across this in a search of a downloadable Enigma machine... dude, you are a f**king god!!!
This is the coolest thing I have seen in ages!!! I'm one of those guys who loves a cool gadget or gizmo and this little devise just blew me away man.
I am no computer genius, nor a cryptology genius... I know more than the average guy because I read books for the layman and just hack away at stuff until I figure it out.
Anyhow, I just had to share my enthusiasm with you (I kind of go crazy when I find something wicked cool) about this and I'll check out the shoe-phone in a bit.
I think I'll let my Facebook friends know about this so don't be surprised if a half a dozen weirdos show up here checking this out... we're all starving artist types.

Hello I was just checking in to see if you had a way that I could make the wiring?

Thanks and

GOD Bless you and your family

2 replies

Hello,
I haven't made a custom wiring generator, but I have put the postscript program up at: https://github.com/gardners/whirlenig

I will write a quick python program to generate custom wiring when I get the chance, or feel free to write one yourself -- all you need to do is randomise the order of the number lists for each of the rotors.

Paul.

I appreciate you taking the time I know that you are a busy man. I am not smart enough to know how to write a program but I will be patient. Thanks again and

GOD Bless you and your family

Kenneth

Still no site to generate a code wheel? Aw man, any chance someone could mail me a customized (or the standard) PDF to danny_nolan@yahoo.co.uk, I need one to start storing random generated passwords for co-workers that dont need to be super secure. I just plan on using their initials to generate the initial setup and selecting the 4th letter randomly.

Thanks in advance.

1 reply

Hello,

Sorry it took me just about forever, but the script to generate random wirings is now up at: github.com/gardners/whirlenig

Running 'python3 random_wiring.py' will prompt for a user-supplied passphrase, and will generate a wiring unique to that pass phrase.

Let me know how you go.

1) Any word on the code wheel generator program?

2) To simplify the process, you could eliminate the inner most wheel or print the resulting characters directly below the tab without all of the colorful lines.

3) What did you use to generator your wheels?

1 reply

1. See my reply above for the generator program (it is at https://github.com/gardners/whirlenig, but not yet with a wiring randomiser).

2. Regarding simplifying the reflector (the inner most wheel), yes, it can likely be improved. We need to have some sort of standardised user test to see whether such changes actually make it easier to use, as there are many potential changes that could be made.

3. The postscript program mentioned above actually computes and draws the wheels directly. It is not commonly realised that postscript is actually a full programming language, and can do much more than tell a printer how to print a static page.

Paul.

I'm not sure I managed to print mine to the proper size. I can always use my glasses for a magnifyer.

Hey Paul,

This is all kinds of awesome :)

So, am I right in thinking that to make a new wiring, I would just need to reproduce the middle disk, with different pairs of points reflected?

pix

1 reply

That is possible, but it is FAR better to replace all three rings. The letter rings effectively implement the same kind of wiring as the middle one, but it is just expressed in a different way. I really SHOULD get around to making the web page that will let people generate their own uniquely wired machines. In the mean time, if you would like your own wiring, just let me know and I can email you a PDF with your own special unique wiring.

Paul.