Introduction
A couple years ago my wife and I saw the move “The Imitation Game”. It was a good movie, but only recently did I associate the entire concept of the Enigma with what we are dealing with today in IT and user policies.
Also, we all know it’s important for us to know our history so we don’t repeat mistakes. Let’s go through a bit of history and see how exactly this relates to today.
Brief History
Developed in the 1830s, the telegraph was used to send long-distance communication. It used Morse code, and during WWII used radio waves to send and receive. There was no way to send encrypted messages over the air. The broadcast itself was sent “in the clear” and anyone listening was able to hear the Morse code. This is the same as most internet browsing today except now we have internet protocols that encrypt the messages.
The Germans invented the Enigma machine in the early 1920s and it was used by business initially, then by the military in WWII. The machine used a series of wheels to swap out letters. One letter was sent, but when decrypted it returned another letter. The wheels rotated after each character and the position was set based upon the planned setting for the time period. One person would enter the message and it would return the encrypted message that would be sent over the air. The other party would use a similar machine on the other end to enter the encrypted message to get the original decrypted message.
By using the machine, the Germans were able to send their messages securely over the insecure radio waves. All of this hinged upon the position of the wheels. We could call this the “key” or the “password”.
But it wasn’t perfect
The 2014 movie “The Imitation Game” dramatized the Allies’ efforts to crack the Enigma machine. It focused on Alan Turing and his development of an incredible machine that successfully decrypted the German’s encrypted messages. Once they hacked the messages, he had to continue to develop the decryption technique as the Germans modified their machines.
The Allies found the security defects in the process and exploited them. Specific characters were predictable, and even key phrases. Also, a major defect was user-error. Users would use simple wheel “keys” and predictable “keys”. They also didn’t change their keys like they were supposed to on a regular basis. This process of weak keys and “passwords” is a direct correlation to what we deal with today in user passwords. This is why we enforce password policies and why it’s important users have secure passwords so they are more difficult to decipher.
Summary
Our goal is to everyone understand the importance of password policies and why they must be followed. As simple passwords and lack of frequent changes led to the demise of Germany in WWII, we encourage you to have complex passwords with frequent changes so that you don’t lose your “war”.