Make Your Own Wallet-sized Enigma(tm)-like Machine

I work as a sysadmin and have way too many passwords to keep track of.  I used to use one of those password dongles made for the military, but between flat batteries, the size of the thing and various other annoyances, I decided to make my own that would fit in my wallet -- out of paper.

You can also read about my enigma machine here where I have some more photos of it as well.

I've also made some other spy gadgets, including famously making the worlds first real working and wearable Shoe Phone.

PS: If you enjoy this instructible, perhaps consider making a donation to the campaign to preserve the Bletchley Park complex where the Enigma code was broken, shortening world war two, and saving lots of lives in the process.  Their web site is at www.savebletchleypark.com

Before we get any further, lets just work through the cryptographic context, and make sure that we aren't raving mad.

Don't worry if the following all sounds like gobbledy-gook, because it probably is.  The bottom line is that because the intended use of the device is to generate passwords, and you only ever transmit those password securely, then it is easier to capture the passwords than it is to break the cipher. 

You can now safely skip to the next step.

But if you would like some more detailed cryptoanaylsis  on the use of this device, read on.

First up, the device is intended to be a generator of passwords.  That is, by taking something much easier to remember, we encipher it and use the cipher text as the password.  This means that the plain text is never revealed to anyone.  It also means that we never need to write anything down. 

Further, since the device does not actually store any passwords, it should not breach any of the usual military password dongle guidelines, which generally expressly forbid the storage of any sensitive password in any device, electronic, paper or otherwise.  That is to say, my paper Enigma(tm)-like machine should be capable of approval for military use! If anyone would like to fund the certification, I'd love to hear from you :)

Also, the cipher text is only conveyed on the kind of channels that you would use to carry a password, we have a further protection.  Add to that the generally short length of passwords, especially when they are composed of pseudo-random characters, and the usual Enigma attacks that were used so successfully during the second world war become impossible: (a)  there is no (or at worst, little) capturable traffic to analyse; and (b) even if the traffic were captured, the message length is too short compared with the cycle length to undertake any extensive analysis.

In particular, because the cipher text is only sent on channels that are ordinarily depended upon as being secure, compromising the cipher requires first obtaining the passwords that it is protecting, even if it the cipher was only ROT13! 

Thus, the security is predicated on the secrecy of the plain text, and the security of the transmission channels, rather on the operation of the enciphering device itself.  What the device offers is a means of transforming a low-quality password into a high-quality password, plus a fair bit of geek cred along the way.

But let's move onto the operation of the device itself, and protocols of operation, to assure ourselves that the cipher is a sensible one, and offers some security in and of itself.

The device consists of two fixed rotors and a reflector, plus an outer index ring.  This is somewhat simpler than the real Enigma machines that used three or four rotors which could be rearranged and selected from a selection, and generally featured a plug-board as well.  However, we do use an alphabet with n=72 instead of n=26, so that we can generate better quality passwords. 

The end result is that the key space is 72^3 = 373,248.  While not huge, it is probably sufficient given that the cipher texts and plain texts are not ever revealed.  Thus it is imperative that the plain texts you use to generate your passwords are kept secret, and that you don't use this device to drive a one-time-pad style login system where the cipher texts can be readily intercepted, especially given that the wiring can be observed when the device is being used. 

If you could conceal the wiring of the device, then the security is improved, because the huge number of wiring combinations, (72!)^3 = lots, offers a fair degree of resilience, especially if short cipher texts are used to limit the quantity of traffic that could be captured.  Calculating how much traffic you would need to mount this kind of attack is beyond the scope of this instructible.

Now that we've rambled on about how a paper version of a broken cipher system can actually be usefully secure, lets get on to how you can build your own.  Alternatively, you didn't believe a word of what I said, but want one anyway, that's okay too.

You will need:

1x thumb tack
1x small split pin
1x 50mm paper clip (that 2" if you are in the USA and still using UK measurements)
1x Amazing Wallet Size Enigma(tm)-Like Machine PDF file to print
1x A0 high-speed colour plotter connected to a CIA main-frame you have hacked, or failing that, your desktop computer and printer.
1x laminating machine to make the rotors more resilient (optional)

Since we are operating on a need-to-know basis, all I can provie you with is the PDF file.

Actually, because I am so nice, I have provided you with two PDF files, so that you can make an amazing double-sided enigma-like machine.  This means you will have two different wirings to choose from, doubling your key space, for the small cost of making the thing too fat to easily fit in your wallet! 
(It seemed like a good idea at the time.)

You will also notice that the PDF files have two pages.  The first page has enough wallet-sized rotors to make four whole machines, enough for you and your geeky friends.  The second page has a double size set of rotors, so that you can make a much easier to read "desk version" if you like.

Cut out one or more sets of rotors, and laminate them if you are using a laminator. 

If you are laminating them, make sure you leave at least 10mm (2/5") between the rotors so that you can cut them out with a few millimeters (about 1/8") around them so that they stay nice and strong.

Also, if you are laminating, after you cut the rotors out I find it helpful to cut a little nick into the index position (the double fat black or white mark on the outside of each rotor), so that you can (a) find it; and (b) use a finger nail to easily rotate it.

This really just consists of first punching a hole EXACTLY in the centre of each rotor with the thumb tack, and then threading them all together with the split pin. 

Notice I said EXACTLY the centre? That's because it matters.  If you put it off centre, then when you spin your rotors around all sorts of non-linear things will happen, and basically you will end up in a lot of trouble.  If necessary, re-print and make the rotors.

As I said before, the thumb tack is the best way to make this hole, because it will be round.  If you use the split pin to push through, it will make a slot, and when it rounds out, it will almost certainly not end up in the middle.

You can get little biddy split pins from craft shops.  Here in Australia, office works has them for about A$5 for 100 (that's about US$4.50 today, but with the way the Aussie dollar is climbing against the green-back, it could end up being US$10 by the end of the 2009).  I expect if you are in the USA you can get them at Spatula City, WalMart or somewhere like that.

Finally, when you are all done, slip the paper clip over the whole thing, with the smaller side over the head of the split pin.  You might need to trim a little off the outer rotor if it won't fit. 

The paper clip provides a bit of positive pressure on the rotors, thus increasing their friction.  This makes it easier to turn one rotor without them all turning.

If all goes well, yours will look something like mine.

First, set the machine into your desired initial setting, which can be described with a 3 character sequence.  In the first photo here, you can see that I have set it to "CAT".

Then follow the process described in all the little boxes in the second photo.  Note that in that photo I have set the rotors to position "AAA". 

Then, after enciphering each letter, you might want to advance the reflector one position.  The third photo shows the setting changed to "AAB" by advancing the rotor one position. 

If you are enciphering long messages you would also want to advance the other rotors from time to time, but that is beyond the scope of this instructible.  But if you are just using it to turn passwords into a two-factor system, then don't even bother advancing the reflector, as the message length will be very short, typically only 8 or so characters, and thus difficult to attack using frequency analysis.  More to the point, if you are using it for passwords, then the cipher text will never be revealed to anyone, making frequency analysis VERY difficult.

After a bit of practice I found that I could use this procedure to encipher or decipher (remember that this is a symetric cihper, so deciphering uses exactly the same process as enciphering) an 8 letter password in between 60 and 100 seconds. 

Okay, that's not real fast, but it is just using a cardboard code wheel, and it has not batteries to go flat, and can secure a virtually limitless number of passwords!

But there is a faster way to use it, too...

Yes, there is, but it is nowhere near so secure, because it relies on the secrecy of the wiring, and trusting the systems where you put your password to not cooperate.  The fast way is also not likely to meet the military and similar requirements for keeping passwords safe. 

In fact, the fast method is really only sensible if the wiring of the machine is secret to you, which it isn't if you are using the PDFs from this Instructible.  However, I do intend to make a web site available some time that will let you generate your own randomly wired machine.

That's the down side. 

The up side is that there is a quick and dirty way to get nice random-looking passwords out of the thing in about 5 to 10 seconds, which is faster than the electronic password keepers that I have used.  Apart from being unexpectedly practical, it also looks really swish.

You do it by setting the rotors to a 3 letter initial setting, as for the slow method.  In the photo I have set it to CAT.  Then, a fourth initialisation letter is used to pick a slice of the wiring to use as the password.  In the example I have used "H", and thus a four letter initialisation of "CATH", which yields that password "afQhONMx".

This method is handy, but leaks lots of information about the wiring of the maching.  This can be helped by using only every other letter of the password, and doing it twice, i.e., using a total of 8 initialisation letters in two lots of 4 to obtain 4 password letters each time, and thus an 8 letter password over all. 

It is possible that this still leaks too much information, or is otherwise cryptographically weak, but I haven't got around to analysing it yet, except to realise that in this mode it is a simple static block substitution cipher.

The only other analysis I have done is that it is FAST.  I can pull a password out using this method in perhaps 10 seconds, which is comparable to the electronic password thing that I used to use that kept having flat batteries and broken buttons.