Homepage
Crypto
Spy sets
Burst encoders
Intercept
Covert
Radio
PC
Telex
Agencies
Manufacturers
Donate
Kits
Shop
News
Events
Wanted
Contact
About
Links
Logo (click for homepage)
Mission Statement
In the story below, we've tried to explain why we have created the Crypto Museum and why we spend so much time with it. The text will also be available for download in due course, both in English and in Dutch.
    Abstract
    Cryptography - or crypto for short - is all around us: in our credit card, in our car keys, as part of electronic banking and even in our web browser. Crypto is generally used to exchange secret messages. In a war it is important that secrets are kept secret, so it doesn't come as a surprise that it plays an important role at the Department of Defense. That was the case during WWII and also in the dark days of the Cold War. And it is still the case today. But crypto also plays an important part in our personal life today.

    By collecting crypto equipment, we try to capture an important part of our history. A part that has been kept secret for a long time. If we don't act now, we might lose it forever. The website is our attempt to describe the equipment to the best of our abilities. Whenever possible, we will also try to explain the operating principles and the underlying history. If we succeed in this mission we may all learn from it.

    The majority of equipment in our collection is in full working order and we are doing our very best to repair any broken or incomplete devices, so that we can demonstrate them to the public. Although at present Crypto Museum is a virtual museum, we want to share our knowledge with as many people as possible. We are therefore seeking to co-operate with other museums whenever we can. At the same time we are trying to raise the profile of technology in general; a profession that tends to be forgotten.

    August 2010
    Paul Reuvers & Marc Simons

 

 
About us
Crypto Museum is an initiative of Paul Reuvers and Marc Simons, both self-employed engineers from Eindhoven (Netherlands). Paul started his software company X-Ample Technology BV in 1986. He has specialized himself in developing embedded software, user interfaces and health-care software. Most of the embedded software is developed for Marc's hardware.

Marc founded his company YiG Engineering BV in 2000 and specializes in the development of electronic circuits, also known as hardware, for a variety of applications ranging from the Senseo coffee machine to state-of-the-art FPGA designs, for companies such as Philips and Xilinx. He also developed the control system for a well-known old people's scooter brand. One of his latest projects is an intelligent weed-control system that he developed in close co-operation with Paul.
 
Crazy about technology
We started Crypto Museum in 2004, but our interest in technology dates back to our youth. Already at an early age we were considered 'strange people'. Always busy with wires and a soldering iron. Building model trains, transmitters, audio amplifiers and eventually becoming radio hams and electronics engineers.

Later in life we - surprisingly - both took the step to establish our own company. To do things our own way. It gave us the liberty to take on the projects that really interested us, but it also brought great responsibility with it. After all, we want our customers to be happy, as in the end they have to pay the bills. Today, we both have a good running enterprise, but to our dismay we see the interest in technology from young people declining rapidly. As if everyone wants to become a manager these days... That said, our society still has an enormous need for new technicians. Perhaps now more then ever.
 
Bletchley Park
It all started in 2001 when a good friend - Nanno van Haaften - lent us the book Enigma by Robert Harris. Reading is not the most favorite activity of most engineers, but he insisted that we'd read the book as, according to him, it was a most intreguing and appealing story...
 
And he was right. Although it was a novel, it was a most fascinating story. How was it possible that the British broke the Enigma codes during WWII. Why was this story kept secret until 1974?

And where was this place Bletchley Park ? Did it still exist? In fact we were so fascinated about it, that we booked at boat to the UK a few weeks later, to spend our holidays at Bletchley Park. When we arrived at BP, we saw buildings in decay and an improvised museum. But despite all that, we were presented with a complete and clear picture of what happened there during WWII.
  
The Mansion at Bletchley Park

We walked the so-called Crypto Trail and were educated with all stages of a secret German message. From its origin, through interception, to the breaking of the codes and finally the intelligence derrived from it. At the end of the trail there even was a real Enigma M3 machine!

We were overwelmed; what a beautiful place this was. We spend three days at BP and soaked up everyting. The smell of the old huts, the old cipher equipment and perhaps even the Enigma-ghost. Everything matched with the book as in a real deja-vu.

One of the nicest things about British people is that, as soon as they notice your interest, they are prepaired to explain things in great detail. From the intercept stations, the so-called Y-Service, to the Bombe machines that were used for breaking the Enigma messages. Robert Harris' novel Enigma became reality for us.

Apart from the Crypto Trail, BP had a lot more to offer. Many cipher machines were on display and the principles behind codemaking and codebreaking were demonstrated. We came to realise that there was a complete business behind this hush-hush crypto stuff. (If you search the internet, you will soon realise that this is still the case today.) The technology behind the cipher machines is really fascinating. From a mechanical point of view, some of the machines are real marvels of human engineering.

A fews days later we were on the boat back to The Netherlands. We booked a cabin, so that we could sleep during the 10 hour trip, but the Enigma kept us awake. We spend the entire night day-dreaming about how wonderful it would be to posess our own Enigma machine.

When we arrived home, we immediately started to work out the concept of an electronic version of the Enigma. It would give us, and everybody else, the ability to own an affordable Enigma machine. The results of our efforts were an Enigma computer simulation for RISC OS computers (Acorn) and the now famous Enigma-E self-build kit. Both 100% compatible with a real war-time Enigma machine. By now, we were truly contaminated with the Crypto-Virus...
 
First contact
In the summer of 2003 we went back to BP. This time with a working prototype of the Enigma-E under our arm. We wanted to show it to people at BP and to find out whether it would be an interesting product for the museum shop. It was just a gamble as we were not certain whether or not a self-build electronics kit would actually be of interest to the public.

We were lucky, as we happened to have picked the weekend of the annual Enigma Reunion and the park was crowded with people 'in the know'. On the first day we met well-known Enigma researcher David Hamer with whom we had so far only exchanged e-mails. David noticed the small wooden box under Marc's arm and asked what it was. We demonstrated the Enigma-E to him and David immediately fell in love with it. He insisted that we would talk to the BP director.

Although it was an extremely busy weekend, David had successfully persuaded BP director Christine Large to grant us a five minute slot. The rest is history. Christine spend more than an hour with us and the Enigma-E, and immediately recognised its promotional potential. And it wouldn't be long before the first batch of kits was delivered.

That night, David invited us to a closed meeting of the American Cryptogram Association (ACA) who happened to be at BP that weekend as well. The ACA is a group of interesting people who share the same 'strange' hobby. Many of them are collectors of cryptographic devices and related equipment. It was a real eye-opener to us and we immediately felt comfortable in this company of friends. The next day we had to admit to ourselves that the Crypto-Virus had really gotten under our skin.

Since then we have become regular visitors of BP and we know many people there now. We made contact with other visitors and collectors and even after all these years, it still is an inspiring place to spend our holidays.
 
The birth of Crypto Museum
In the spring of 2004, the first small cipher machine crossed our path. On a local aution website, we found our first Hagelin C-446 and a few days later we showed it to our good friend Cor Moerman. Cor, who is the curator of the Dutch Ham Radio Museum, immediately recognised our enthusiasm and told us that he also had a forgotten Hagelin that was dusting away somewhere on a shelf. It didn't fit in with his collection, he said. So then we had two Hagelins.
 
He also jokingly warned us about collecting. "If this really takes off", he said, "you will need more space and eventually you may have to establish a real 'Crypto Museum' in due course". At the time, we didn't have a clue what he was talking about and didn't think that one day we would have to acknowledge his insights.

After a few years of collecting equipment and stories, Crypto Museum suddenly became reality in 2008. Cor Moerman came up with the idea to setup a special temporary exhibition dedicated to 'secret messages', and asked for our help.
  
The standard C-446A (left) and the special C-446/RT (right) side-by-side

Many objects from our collection were given on loan to his museum and they were complemented by items from Cor's own collection, the collections of Jan Rijnders, Arthur Bauer en some others.
 
It was a big experiment, but it turned out to be a huge success: there were days that some people left the building because it was too crowded! A huge compliment to all of us, but especially to the museum volunteers and the many visitors who told us their fascinating stories. The event brought us in contact with many new people and they in turn brought us numerous new objects.

By the end of 2008 we had registered the Crypto Museum website and at the beginning of 2009 we started to upload detailed descriptions of the most important items in our collection.
  

We felt the need to share our knowledge with others and let the world enjoy the things that we had collected. With the website, we have effectively established a virtual museum. It is open 24/7 and it gives us the ability to exhibit our collection permanently. It also puts us in contact with even more new people and objects. It has greatly helped expanding the collection.

One of the goals of a museum is to share knowledge. This can be out of personal interest or as part of a research project. And it seems to work: we get frequent requests from students needing help with their talks, or from former employees of the Department of Defence who want to see 'their old kit' again. In addition we give about 10 to 15 talks on the subject every year and we are working together with other museums when setting up new exhibitions.
 
Fascination for Cryptology
The techniques behind cryptography are really fascinating. Early systems, like the Caesar Cipher and the Vigenère Cipher were mainly based on simple alphabet subsitution. Who hasn't used these seemingly 'unbreakable' methods as a child, for exchanging secret messages with friends?
 
In the 20th century, the first mechanical cipher machines appeared. Big names in Europe in those days were Chiffriermaschinen AG (Enigma) and Boris Hagelin. Such machines are often called rotor machines as most of them consist of a series of rotating (electro) mechanical wheels.

Rotor machines have become very popular among collectors (including ourselves), mainly because they are the last generation of cipher machines were you can actually see how it works. Furthermore they are relatively easy to understand, repair, maintain and demonstrate.
  
Pressing the wheels together

With rotor machines, the cryptographic key is mainly based on the settings of the rotors at the beginning of a message. They are all based on symmetric key cryptography as the keys for coding and decoding are identical. The advantage of all these systems is that the key is much shorter than the actual message, effectively replacing a large secret by a smaller one.
 
The Unbreakable Code
The early 1950s saw the rise of digital telegraphy, sometimes called Teletype or Telex, whereas earlier system relied on Morse Code. With telex, letters were transmitted as a series of digital bits, and messages were stored on so-called punched paper tape. It allowed larger messages to be sent at much higher speed, resulting in the need for faster - more versatile - cipher machines.
 
For military applications, an ancient truely unbreakable cipher was given a new lease of life. The One Time Pad (OTP), was converted for use with teletype machines and became the heart of so-called Mixer Machines or Mixers, such as the Philips Ecolex 4 and the Siemens M-190.

Imagine a noise generator that would produce truely random (and therefore unpredicatable) numbers that were written to a punched paper tape. Of that tape, only one copy was made. It was sent to the other end of the communication link by means of a (secure and trusted) courier.
  
Close-up detail of an OTP

Plain-text of the sender was 'mixed' with the key-tape using the Vernam Cipher principle (XOR). The key-tape would only be used once and was destroyed immediately after use. This way, a secret will forever remain secret. The disadvantage of OTP systems is that the key has to have at least the same length as the message itself in order to prevent repeats in the key.
 
For the same reason, an OTP can only be used once. A drawback of this system is the problem of key distribution. Both sides need sufficient supply of key tapes and you have to know in advance who you want to contact. In practice, it appeared to be too cumbersome for field use.

Nevertheless, it remained in use for a long time for messages at the highest level in situations where secrecy was paramount. During the cold war, the Americans and the Russians exchanged messages with each other via the Moscow-Washington hotline, using this principle.
  
Siemens M-190 mixer machine

Did you ever hear the enless ranges of seemingly random numbers being read by a woman on the short wave band during the days of the Cold War? Well, they were secret messages for foreign spies operating in our countries. And they were encrypted with the unbreakable OTP. By the way, this also accounts for the presence of spy radio equipment such as the Russian R-353 on our website. Strangely enough, number-transmitters are still in operation on short wave today...
 
Asymmetric Key Cryptography
In the 1970s, digital microprocessors became widely available and it wasn't before long that they were used in a new generation of cryptographic equipment. In 1976, Whitfield Diffie and Martin Hellman introduced a new method for safely exchanging message keys over an insecure channel. The same method was independently invented by GCHQ a few years earlier.

The method is entirely based on mathematics and consists of a public key that is derived from a chosen private key. Both parties exchange their public keys and it is impossible to reconstruct the private keys from the public keys. This method is called asymmetric key cryptography. Once the keys have been exchanged with asymmetric methods, the message itself can be transmitted using existing symmetric cryptography.
 
The Black Box Era
In recent years, the internet has become increasingly popular for exchanging messages, even within the Department of Defense. Cryptographic systems have changed into 'black boxes' that allow secure systems to exchange information over insecure networks. Such boxes only have a handful of connectors, switches and indicator lights and there is nothing much to see anymore.
 
Inside the boxes are extremely powerfull digital processors and Field Programmable Gate Arrays (FPGAs), executing serious crypto-algorithms.

Over the years, cryptography has evolved from simple mechanics to pure mathematics at the highest possible level. Only a handful of people are capable of developing new cryptographic techniques. At the same time, codebreaking, or cryptanalysis, has become a serious business. With the ever increasing computing power it is now possible to break a cipher that was believed to be unbreakable just 10 years ago.
  
Gretacoder 720

The rate at which cryptographic systems are broken is increasing, which means that the live span of encryption devices is decreasing equally fast. In the past, crypto systems were thought to be safe for, say, 15 to 20 years. In 2010 however, systems were considered safe for just a couple of years; with a maximum of 10 years for military equipment.
 
Cryptography as a Weapon
During WWII, the German Army used the Enigma cipher machine to keep their radio traffic secure. It helped them fighting an efficient Blitzkrieg which no doubt has cost thousands of lives. It shows that cryptography can be used as a effective tactical weapon. A couple of nurdy mathematicians can beat an army of a thousand muscular Rambos. Fascinating, isn't it?
 
At the same time, mathematicians can save lives. Take, for example, the brilliant Alan Turing who worked at BP and saved numerous lives by using cryptanalysis to break the German codes.

Today, cryptography is everywhere. Our credit cards, debit cards, ATM machines, computers, car keys, weapon systems and communication between embassies: they all involve some kind of cryptography. Even the Vatican has secrets and uses cryptography to keep them secret. Cryptography helps to protect a secret for a certain period of time; it is used to 'gain time'.
  
Echelon operation at Menwith Hill, Harrogate, UK. Copyright BBC.

Cryptalanysis, the art of codebreaking, is also everywhere. Just think about the NSA, Echelon, GCHQ and in The Netherlands the AIVD and MIVD; they have all specialised in intercepting, deciphering and reading messages on an extremely large scale. And don't forget the interest in codebreaking from countries like India, Iran, China and Russia. They too are after your secrets.


 
Obsolete Equipment
One of the problems we faced when creating the Crypto Museum website, was that we were not always certain about whether or not we were allowed to make certain information public. Some encryption devices are classed as 'secret', but there is no way to find out about that, as the list of classified equipment is classified itself. Fortunately, due to our exhibitions and lectures, we were lucky enough to meet the right people who were kind enough to help us solve that problem.
 
After 15 years, a crypto system will be obsolete. In practice, the live span of an encryption device is much shorter than that. According to the Moorse/House Law, the available processing power nearly doubles every 18 months. 1

As a result, one continuously has to evaluate the current cryptographic systems that are in use. As all systems are digital nowadays, it is fairly easy to increase complexity when there is sufficient processing power. This is directly related to the number of bits that is often quoted, e.g.: 56 or 64-bit DES, 128-bit AES or 128-bit SAVILLE.
  

The computing power available to the code-makers is available to the code-breakers as well. If we apply Moore's Law to the above, it means that we only have to add a single bit every 18 months. Each bit doubles the number of posibilities. It represents a gained time of 18 months.
 
  1. According to Moore's Law, the number of transistors on integrated circuits doubles every two years. It is an observation (rather then an real law) named after Intel co-founder Gordon E. Moore. A variation to this law, which is often mistakenly attributed to Moore, was defined by Intel executive David House. He said that processing power doubles every 18 months (the combined effect of more transistors and their being faster).
Kerckhoffs's Law
Back in the 19th century, Auguste Kerckhoffs stated that any cipher system should be secure even if everything about the system, except the key, is public knowledge. This statement of 1883, known as Kerchoffs's Principle, rejects inferior systems that provide security by obscurity. 1
 
Military organisations around the world are often frantic about collectors trying to obtain military encryption devices, saying that it enables them to read military traffic. That state-secrets are about to be revealed. None of this is true, of course, but it is caused by by the hierarchial structure of the Army and lack of knowledge about the underlying principle.

All encryption devices used by the Army, must (and do) comply with Kerckhoffs's Principle, as they are likely to fall into enemy hands during a conflict. For this reason, military cipher machines always have a so-called ZERIOZE-button, allowing the operator to purge all keys whenever security is compromised. Preventing serious collectors from possesing such machines therefore makes no sense at all, as long as they are not given the keys that were used to encipher the original messages.
  

  1. Kerckhoffs's principle was later reformulated by Claude Shannon (1916-2001)
    as 'The enemy knows the system'. It this form it is known as Shannon's Maxim.
Restoring and Preserving
What is the best way to obtain encryption devices? Most of the items shown on this website have been found in surplus stores or have been swapped with other collectors. Ebay is also a good source for affordable items, but crypto-stuff is often difficult to recognise.

Security agencies and defense organisations are often not amused when cipher machines appear on the surplus market. In many cases the items should have been destroyed but have accidently escaped demolition. Their official policy is often that they don't want to inform any 'enemies' about their current state-of-technology; something that no longer makes sense in this rapidly changing 'open' digital world.

The fact that cipher machines sometimes accidently appear on the surplus market is, of course, not our fault. But we don't want to step on any toes either. Luckily, we are blessed with a good 'common sense'. We observe, combine, recombine, think and re-think before we act. But in the end, we have to save the items from demolition. Losing history is not an option.

Many of our fellow collectors, share the same experience. They too are doing their very best to ensure that history is preserved and shared with the public. Technically interested people, students and even new cryptologists can learn quite a lot from studying historical cipher machines. Old cipher machines are easily explained, but the security issues surrounding key management haven't really changed that much.
 
Over the years we have built up quite a good reputation with the various agencies and with our Department of Defense. They realize that ignorance is a bigger enemy than the need to destroy machines. Machines that are no longer in use and that were often rendered obsolete many years ago. Of course, we do know our boundaries. We never publish any information on our website before carefully considering any security issues as we don't want to endanger any person, organisation or mission. We only publish information if we know that the equipment is obsolete or was never classified.   
Restoring and preserving historical cipher machines

Because of our backgrounds in mechanics and electronics, we are capable of repairing and preserving most of the items in our collection. Over the years, we have assembled a long list of experts and specialists that we can always rely on. And that includes the authorities. It is our goal that eventually we will be able to show and demonstrate as many (working) objects as possible.


 
Indifferent or Naive?
Another reason for providing information on the Crypto Museum website is to warn against indifference and naivity. Not many people have heard about cryptography, and very few realise the danger of putting personal information on public websites. Just look around you: people share their entire live on sites such as Facebook and Linked-in. Google is spying on our wireless networks and links all possible kinds of information together. Very convenient if you want to check someone's credentials, but also very helpful to criminals wanting to steal your identity. Can you blame them for it? After all, you published it on the world-wide web yourself.

We are becoming increasingly dependant on modern digital networks, but how safe are these systems? If you only knew how often people forget to change the network computer's default ADMIN password... And this is just one example. How many people use their birth date or their postcode as the secret number for their credit card or their alarm system?

Consider this: the city of Eindhoven (where we live) has 250,000 inhibitants. The PIN-code (secret number) of a bank card only has 4 digits. Have you ever realised how many people in your city share the same PIN code? If you are serious about protecting your secrets, safety is paramount.


 
Naive or just stupid?
Luckily, the Cold War is now over. But does that mean that there are no more enemies? Of course not. Our biggest 'enemies' might even be our closest (international) business relations. The European national security agencies are currently warning us for industrial espionage. It seems to be our biggest threat. Perhaps this is best illustrated by a couple of examples:
 
  1. Remote access
    Some large companies are currently outsourcing the software maintenance of their PCs. All PCs in the corporate network are managed remotely from a far away country. Do you think this is wise? Perhaps not. They are given access to the complete administration of the company, its strategic partners and, worse, the company's intellectial property (IP).

  2. Internet Switch
    A big international company has developed a new Internet Security Switch. They have decided to move the production of the new switch to a low-wage country. Apart from the list of materials, they also give them the design files and the software, so that the production company can provide 'better' service. Do you think this is smart?

  3. Information gathering
    A civil service needs to collect information about its nationals. They have contracted an external party to do this on their behalf. This external party is located in a far-away country. Nobody in the civil service knows exactly how it works, but everyone is satisfied because it seems to work well. Do you think this is smart?
People often say: "If you don't have anything to hide, you don't have to worry". We completely disagree with that. What a dull life have you got if you have nothing to hide. Companies have intellectual property and company secrets to protect. Individuals need to protect their privacy, their passwords and the secret number of their credit card. At the end of the day, we all have things to hide. Giving up freedom completely, is the worst way of protecting it.


 
The Future
Modern cryptographic equipment consists of nothing more than a 'black box' with powerful digital processors and advanced mathematical algorithms. There is not much to see, and there are definitely no moving parts. We realize that this is probably where our collection of historical cipher equipment will end. However, there are numerous earlier cipher machines and much of this is still undiscovered. 'New' old machines will, no doubt, pup-up and many side-tracks will be walked. Furthermore, the history of some famous cipher machines is still very clouded, leaving much to be researched and much to be discovered in the years to come.

On the Crypto Museum website, we have done our best to raise an interest in historical cipher machines and cryptology in general. Where possible, we will give as much background information as we can. Perhaps you too will eventually get contaminated with the Crypto Virus. If it happens, be careful as it might get under your skin.

August 2010,
Paul Reuvers & Marc Simons
 
Disclaimer
To the best of our knowledge, this site only contains information that is either available in the public domain or that is unclassified or that has been officially declassified. Whenever possible, the source of the information will be credited in the References section at the bottom of each page. In some cases the classification status of an object is not entirely clear because there is no list of classified objects available in the public domain. In these cases we will simply try to follow the rules of common sense. If you come across any information that you think is still classified, please contact us.

Please note that we are neither cryptologists nor mathematicians. We don't want to develop new cryptographical methods. And we are no cryptanalists either. We are not involved or interested in breaking any codes. Also note that some of the objects shown on this website are still restricted items. We are not in the position to release classified information about such items.
 
References
  1. Algemene Inlichtingen en Veiligheidsdienst (AIVD), Spionage- en Veiligheidsrisico's
    Espionage and safety risks (Dutch).
    The Netherlands, July 2005, 2nd issue.

  2. Algemene Inlichtingen en Veiligheidsdienst (AIVD), Spionage in Nederland.
    Espionage in The Netherlands. What is the risk? (Dutch)
    The Netherlands, 4 February 2010.

  3. Algemene Inlichtingen en Veiligheidsdienst (AIVD),
    Spionage bij reizen naar het buitenland.

    Espionage when travelling abroad. What is the risk? (Dutch)
    The Netherlands, 4 February 2010.

  4. Algemene Inlichtingen en Veiligheidsdienst (AIVD), Digitale spionage.
    Digital espionage. What is the risk? (Dutch)
    The Netherlands, 4 February 2010.

  5. Algemene Inlichtingen en Veiligheidsdienst (AIVD), Kwetsbaarheidsanalyse Spionage
    Espionage risks and national safety (Dutch)
    The Netherlands, 1 April 2010.

  6. British National Security Service MI5
    The threat of espionage did not end with the collapse of Soviet communism...
    UK, January 2010.

  7. Bundesamt für Verfassungsschutz (BfV), Spionage gegen Deutschland
    Espionage against Germany (German).
    Germany, November 2008.

Further information

Any links shown in red are currently unavailable. If you like this website, why not make a donation?
© Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Tuesday, 10 June 2014 - 09:18 CET
Click for homepage