The effort to break three previously-uncracked codes generated by a German Enigma machine during the Second World War has yielded its second success: see it here. Except that it looks like a string of rubbish German with no spaces - part of the fun of trying to comprehend messages sent by the military for the military. Update: the text is given here.
Even so, it means that this message (the third of the trio) has been broken in just four days. Now only the first remains to be cracked, and with the number of people contributing their time leaping upwards, surely it won't be long before we get an answer to just what that submarine was doing in November in the north Atlantic. Up to no good, probably. You can see some nice graphs of how the search is going here or here (the first looks better, though both use the same stats).
Meanwhile we also had an interesting comment from Mark Stamp, who is based at San Jose State University, explaining
The Enigma machine has an enormous keyspace, so a true brute force attack is out of the question, even today. The point is that shortcut attacks exist and, by modern standards, are relatively painless. To put it in some perspective, if you give me an Enigma encrypted message and I know (or can guess with reasonable probability) a crib of, say, 20 letter, there is an attack that requires work roughly equivalent to a brute force attack on a cipher with a 29 bit key. For comparison, DES has a 56 bit key, and brute force attacks have succeeded on DES. Also, each additional bit doubles the brute force work, so the time to brute force a DES key is roughly the square of the time it takes to run this shortcut attack on Enigma.
Btw, the number above are for the standard 3 rotor Enigma, not the 4 rotor naval Enigma (which was used to encrypt the wether report that was broken, as described in the article). However, the work factor for the equivalent shortcut attack on the 4 rotor Enigma is not massively larger.
It comes down to a fundamental flaw in the Enigma design which essentially allows the attacker to split the stecker (plugboard) from the rotors.
I've written a textbook on information security which has quite a bit of crypto in it (and if you read the back cover you'll discover that I've done cryptanalysis for a super-secret government agency). I'm currently working on another textbook focused on cryptanalysis. One chapter of this new book covers the "big machines" of WWII, namely, Enigma, Purple, and Sigaba.
