In the story below, we've tried to explain why we have created the
Crypto Museum and why we spend so much time with it. The text will also be
available for download in due course, both in English and in Dutch.
Cryptography - or crypto for short - is all around us: in our credit card,
in our car keys, as part of electronic banking and even in our web browser.
Crypto is generally used to exchange secret messages.
In a war it is important that secrets are kept secret, so it doesn't
come as a surprise that it plays an important role at the Department of
Defense. That was the case during WWII and also in the dark days of the Cold War. And it is still the case today.
But crypto also plays an important part in our personal life today.
By collecting crypto equipment, we try to capture an important part of
our history. A part that has been kept secret for a long time.
If we don't act now, we might lose it forever. The website is our attempt to
describe the equipment to the best of our abilities.
Whenever possible, we will also try to explain the operating principles and
the underlying history.
If we succeed in this mission we may all learn from it.
The majority of equipment in our collection is in full working order and
we are doing our very best to repair any broken or incomplete devices,
so that we can demonstrate them to the public.
Although at present Crypto Museum is a virtual museum, we want to share our knowledge with as many people as possible. We are therefore seeking to
co-operate with other museums whenever we can.
At the same time we are trying to raise the profile of technology in general;
a profession that tends to be forgotten.
Paul Reuvers & Marc Simons
Crypto Museum is an initiative of Paul Reuvers and Marc Simons, both self-employed
engineers from Eindhoven (Netherlands). Paul started his software company
X-Ample Technology BV in 1986.
He has specialized himself in developing embedded software, user interfaces
and health-care software. Most of the embedded software is developed
for Marc's hardware.
Marc founded his company YiG Engineering BV in 2000 and
specializes in the development of electronic circuits, also known as
hardware, for a variety of applications ranging from the
Senseo coffee machine to state-of-the-art FPGA designs, for companies such as
Philips and Xilinx. He also developed the control system for a well-known
old people's scooter brand.
One of his latest projects is an intelligent weed-control system that he
developed in close co-operation with Paul.
We started Crypto Museum in 2004, but our interest in technology dates back to our
youth. Already at an early age we were considered 'strange people'. Always busy with
wires and a soldering iron. Building model trains, transmitters, audio amplifiers
and eventually becoming radio hams and electronics engineers.
Later in life we - surprisingly - both took the step to establish our own company.
To do things our own way. It gave us the liberty to take on the projects that really
interested us, but it also brought great responsibility with it.
After all, we want our customers to be happy, as in the end they have to pay the bills.
Today, we both have a good running enterprise, but to our dismay we see the interest
in technology from young people declining rapidly.
As if everyone wants to become a manager these days...
That said, our society still has an enormous need for new technicians. Perhaps now
more then ever.
It all started in 2001 when a good friend - Nanno van Haaften - lent us the book
Enigma by Robert Harris.
Reading is not the most favorite activity of most engineers, but
he insisted that we'd read the book as, according to him, it was a most intreguing
and appealing story...
And he was right.
Although it was a novel, it was a most fascinating story.
How was it possible that the British broke the Enigma codes during WWII.
Why was this story kept secret until 1974?
And where was this place Bletchley Park ? Did it still exist?
In fact we were so fascinated about it, that we booked at boat to the UK
a few weeks later, to spend our holidays at Bletchley Park.
When we arrived at BP, we saw buildings in decay and an improvised museum.
But despite all that, we were presented with a complete and clear picture of what
happened there during WWII.
We walked the so-called Crypto Trail and were educated with all
stages of a secret German message. From its origin, through interception, to
the breaking of the codes and finally the intelligence derrived from it.
At the end of the trail there even was a real
Enigma M3 machine!
We were overwelmed; what a beautiful place this was. We spend three days at BP
and soaked up everyting. The smell of the old huts, the old cipher equipment
and perhaps even the Enigma-ghost. Everything matched with the book as in a
One of the nicest things about British people is that, as soon as they notice
your interest, they are prepaired to explain things in great detail.
From the intercept stations, the so-called Y-Service, to the
Bombe machines that were used for breaking the Enigma messages.
Robert Harris' novel Enigma became reality for us.
Apart from the Crypto Trail, BP had a lot more to offer.
Many cipher machines were on display and the principles behind codemaking
and codebreaking were demonstrated.
We came to realise that there was a complete business behind this hush-hush
crypto stuff. (If you search the internet, you will soon realise that this
is still the case today.)
The technology behind the cipher machines is really fascinating.
From a mechanical point of view, some of the machines are real marvels
of human engineering.
A fews days later we were on the boat back to The Netherlands. We booked
a cabin, so that we could sleep during the 10 hour trip, but the Enigma kept
us awake. We spend the entire night day-dreaming about how wonderful it would
be to posess our own Enigma machine.
When we arrived home, we immediately started to work out the concept of an electronic
version of the Enigma. It would give us, and everybody else, the ability to own
an affordable Enigma machine. The results of our efforts were an
Enigma computer simulation for RISC OS computers
(Acorn) and the now famous Enigma-E self-build kit.
Both 100% compatible with a real war-time Enigma machine.
By now, we were truly contaminated with the Crypto-Virus...
In the summer of 2003 we went back to BP. This time with a working prototype
of the Enigma-E under our arm.
We wanted to show it to people at BP and to find out whether it would be an
interesting product for the museum shop. It was just a gamble as we were not
certain whether or not a self-build electronics kit would actually be of interest
to the public.
We were lucky, as we happened to have picked the weekend of the annual Enigma
Reunion and the park was crowded with people 'in the know'. On the first day we
met well-known Enigma researcher David Hamer with whom we had so far only exchanged
e-mails. David noticed the small wooden box under Marc's arm and asked what it was.
We demonstrated the Enigma-E to him and David immediately fell in love with it.
He insisted that we would talk to the BP director.
Although it was an extremely busy weekend, David had successfully persuaded BP
director Christine Large to grant us a five minute slot. The rest is history.
Christine spend more than an hour with us and the Enigma-E, and immediately
recognised its promotional potential. And it wouldn't be long before the first
batch of kits was delivered.
That night, David invited us to a closed meeting of the American Cryptogram
Association (ACA) who happened to be at BP that weekend as well.
The ACA is a group of interesting people who share the same 'strange' hobby.
Many of them are collectors of cryptographic devices and related equipment.
It was a real eye-opener to us and we immediately felt comfortable in this
company of friends. The next day we had to admit to ourselves that the
Crypto-Virus had really gotten under our skin.
Since then we have become regular visitors of BP and we know many people
there now. We made contact with other visitors and collectors and even after
all these years, it still is an inspiring place to spend our holidays.
The birth of Crypto Museum
In the spring of 2004, the first small cipher machine crossed our path.
On a local aution website, we found our first Hagelin C-446 and a few days later we
showed it to our good friend Cor Moerman. Cor, who is the curator of the
Dutch Ham Radio Museum, immediately recognised our enthusiasm and told us
that he also had a forgotten Hagelin that was dusting away somewhere on a shelf.
It didn't fit in with his collection, he said. So then we had two Hagelins.
He also jokingly warned us about collecting. "If this really takes off", he said,
"you will need more space and eventually you may have to establish a real
'Crypto Museum' in due course".
At the time, we didn't have a clue what he was talking about
and didn't think that one day we would have
to acknowledge his insights.
After a few years of collecting equipment and stories, Crypto Museum suddenly
became reality in 2008. Cor Moerman came up with the idea to setup a special
temporary exhibition dedicated to
and asked for our help.
Many objects from our collection were given on loan to his museum and they were
complemented by items from Cor's own collection, the collections of Jan Rijnders,
Arthur Bauer en some others.
It was a big experiment, but it turned out to be a
huge success: there were days that some people left the building because
it was too crowded!
A huge compliment to all of us, but especially to the museum volunteers
and the many visitors who told us their fascinating stories.
The event brought us in contact with many new people and they in turn
brought us numerous new objects.
By the end of 2008 we had registered the Crypto Museum website and at the
beginning of 2009 we started to upload detailed descriptions of the
most important items in our collection.
We felt the need to share our knowledge with others
and let the world enjoy the things that we had collected. With the website,
we have effectively established a virtual museum. It is open 24/7 and it
gives us the ability to exhibit our collection permanently.
It also puts us in contact
with even more new people and objects.
It has greatly helped expanding the collection.
One of the goals of a museum is to share knowledge. This can be out of personal
interest or as part of a research project. And it seems to work: we get frequent
requests from students needing help with their talks, or from former employees
of the Department of Defence who want to see 'their old kit' again.
In addition we give about 10 to 15
talks on the subject every year and we are
working together with other museums when setting up
Fascination for Cryptology
The techniques behind cryptography are really fascinating.
Early systems, like the Caesar Cipher
and the Vigenère Cipher
were mainly based on simple alphabet subsitution.
Who hasn't used these seemingly 'unbreakable' methods as a child,
for exchanging secret messages with friends?
In the 20th century, the first mechanical cipher machines appeared.
Big names in Europe in those days were
Chiffriermaschinen AG (Enigma)
and Boris Hagelin.
Such machines are often called rotor machines as most of them consist of
a series of rotating (electro) mechanical wheels.
Rotor machines have become very popular among collectors (including ourselves),
mainly because they are the last generation of cipher machines were you can actually
see how it works. Furthermore they are relatively easy to understand,
repair, maintain and demonstrate.
With rotor machines, the cryptographic key is mainly based on the settings of
the rotors at the beginning of a message.
They are all based on symmetric key cryptography as the keys for coding and
decoding are identical. The advantage of all these systems is that the key is much
shorter than the actual message, effectively replacing a large secret by a smaller one.
The early 1950s saw the rise of digital telegraphy,
sometimes called Teletype
or Telex, whereas earlier system relied
on Morse Code.
With telex, letters were transmitted as a series of digital bits,
and messages were stored on so-called punched paper tape.
It allowed larger messages to be sent at much higher speed,
resulting in the need for faster - more versatile -
For military applications, an ancient truely unbreakable cipher was given a new lease
of life. The One Time Pad (OTP),
was converted for use with teletype machines
and became the heart of so-called Mixer Machines
or Mixers, such as the
Philips Ecolex 4
and the Siemens M-190.
Imagine a noise generator that would produce truely random (and therefore
unpredicatable) numbers that were written to a punched paper tape.
Of that tape, only one copy was made. It was sent to the other end of
the communication link by means of a (secure and trusted) courier.
Plain-text of the sender was 'mixed' with the key-tape using the
Vernam Cipher principle (XOR). The key-tape would only be used once
and was destroyed immediately after use. This way, a secret will forever remain secret.
The disadvantage of OTP systems is that the key has to have at least the same length as
the message itself in order to prevent repeats in the key.
For the same reason, an OTP can only be used once.
A drawback of this system is the problem of key distribution.
Both sides need sufficient supply of key tapes and you have to
know in advance who you want to contact. In practice, it
appeared to be too cumbersome for field use.
Nevertheless, it remained in use for a long time for messages at the highest level in
situations where secrecy was paramount.
During the cold war, the Americans and the Russians exchanged messages with
each other via the Moscow-Washington hotline,
using this principle.
Did you ever hear the enless ranges of seemingly random numbers being read
by a woman on the short wave band during the days of the Cold War? Well,
they were secret messages for foreign spies operating in our countries. And they
were encrypted with the unbreakable OTP.
By the way, this also accounts for the presence of spy radio equipment
such as the Russian R-353 on our website.
Strangely enough, number-transmitters are still in operation on short wave today...
Asymmetric Key Cryptography
In the 1970s, digital microprocessors became widely available and it
wasn't before long that they were used in a new generation of cryptographic
equipment. In 1976, Whitfield Diffie and Martin Hellman introduced a new method
for safely exchanging message keys over an insecure channel.
The same method was independently invented by GCHQ
a few years earlier.
The method is entirely based on mathematics and consists of a public key that is
derived from a chosen private key. Both parties exchange their public keys
and it is impossible to reconstruct the private keys from the public keys.
This method is called asymmetric key cryptography.
Once the keys have been exchanged with asymmetric methods, the message itself
can be transmitted using existing symmetric cryptography.
In recent years, the internet has become increasingly popular for exchanging
messages, even within the Department of Defense.
Cryptographic systems have changed into 'black boxes' that allow secure
systems to exchange information over insecure networks.
Such boxes only have a handful of connectors, switches and indicator lights
and there is nothing much to see anymore.
Inside the boxes are extremely powerfull digital processors and
Field Programmable Gate Arrays (FPGAs),
executing serious crypto-algorithms.
Over the years, cryptography has evolved from simple mechanics to pure mathematics
at the highest possible level. Only a handful of people are capable of developing new
At the same time, codebreaking, or cryptanalysis, has become a serious business.
With the ever increasing computing power it is now possible to break
a cipher that was believed to be unbreakable just 10 years ago.
The rate at which
cryptographic systems are broken is increasing, which means that the live span of
encryption devices is decreasing equally fast.
In the past, crypto systems were thought to be safe for, say, 15 to 20 years.
In 2010 however, systems were considered safe for just a couple of years;
with a maximum of 10 years for military equipment.
During WWII, the German Army used the Enigma cipher machine
to keep their radio traffic secure. It helped them fighting an efficient Blitzkrieg
which no doubt has cost thousands of lives. It shows that cryptography can be used
as a effective tactical weapon. A couple of nurdy mathematicians can beat an army
of a thousand muscular Rambos. Fascinating, isn't it?
At the same time, mathematicians can save lives. Take, for example,
the brilliant Alan Turing who worked at BP
and saved numerous lives by using cryptanalysis to break the German codes.
Today, cryptography is everywhere. Our credit cards, debit cards, ATM machines,
computers, car keys, weapon systems and communication between
embassies: they all involve some kind of cryptography.
Even the Vatican has secrets and uses cryptography to keep them secret.
Cryptography helps to protect a secret
for a certain period of time; it is used to 'gain time'.
Cryptalanysis, the art of codebreaking, is also everywhere. Just think about the NSA,
Echelon, GCHQ and in The Netherlands the AIVD and MIVD; they have all specialised in
intercepting, deciphering and reading messages on an extremely large scale.
And don't forget the interest in codebreaking from countries like
India, Iran, China and Russia. They too are after your secrets.
One of the problems we faced when creating the Crypto Museum website, was that we were
not always certain about whether or not we were allowed to make certain information
Some encryption devices are classed as 'secret', but there is no way to find out about
that, as the list of classified equipment is classified itself.
Fortunately, due to our exhibitions and lectures, we were lucky enough to meet the right
people who were kind enough to help us solve that problem.
After 15 years, a crypto system will be obsolete. In practice,
the live span of an encryption device is much shorter than that.
According to the Moorse/House Law, the available processing power
nearly doubles every 18 months. 1
As a result, one continuously has to evaluate the current cryptographic
systems that are in use. As all systems are digital nowadays, it is fairly easy to
increase complexity when there is sufficient processing power. This is directly related
to the number of bits that is often quoted, e.g.: 56 or 64-bit DES, 128-bit AES
or 128-bit SAVILLE.
The computing power available to the code-makers is available to the
code-breakers as well.
If we apply Moore's Law to the above, it means that we only have to add a single
bit every 18 months. Each bit doubles the number of posibilities.
It represents a gained time of 18 months.
According to Moore's Law, the number of transistors on integrated circuits
doubles every two years. It is an observation (rather then an real law)
named after Intel co-founder Gordon E. Moore.
A variation to this law, which is often mistakenly attributed
to Moore, was defined by Intel executive David House. He said that
processing power doubles every 18 months (the combined effect
of more transistors and their being faster).
Back in the 19th century, Auguste Kerckhoffs stated that any cipher system
should be secure even if everything about the system, except the key,
is public knowledge. This statement of 1883, known as
rejects inferior systems that provide security by obscurity. 1
Military organisations around the world are often frantic about collectors
trying to obtain military encryption devices, saying that it enables
them to read military traffic. That state-secrets are about
to be revealed. None of this is true, of course, but it is caused by
by the hierarchial structure of the Army and lack of knowledge about
the underlying principle.
All encryption devices used by the Army, must (and do)
comply with Kerckhoffs's
Principle, as they are likely to fall into enemy hands during a conflict.
For this reason, military cipher machines always have a so-called ZERIOZE-button,
allowing the operator to purge all keys whenever security is compromised.
Preventing serious collectors from possesing such machines therefore
makes no sense at all, as long as they are not given the keys that were
used to encipher the original messages.
Kerckhoffs's principle was later reformulated by Claude Shannon (1916-2001)
as 'The enemy knows the system'. It this form it is known as Shannon's Maxim.
What is the best way to obtain encryption devices? Most of the items shown on this
website have been found in surplus stores or have been swapped with other collectors.
Ebay is also a good source for affordable items, but crypto-stuff is often difficult
Security agencies and defense organisations are often not amused when cipher machines
appear on the surplus market. In many cases the items should have been destroyed but
have accidently escaped demolition. Their official policy is often that they don't want
to inform any 'enemies' about their current state-of-technology; something that no
longer makes sense in this rapidly changing 'open' digital world.
The fact that cipher machines sometimes accidently appear on the surplus market is,
of course, not our fault. But we don't want to step on any toes either.
Luckily, we are blessed with a good 'common sense'.
We observe, combine, recombine, think and re-think before we act.
But in the end, we have to save the items from demolition.
Losing history is not an option.
Many of our fellow collectors, share the same experience. They too are doing their
very best to ensure that history is preserved and shared with the public.
Technically interested people, students and even new cryptologists can learn quite
a lot from studying historical cipher machines. Old cipher machines are easily explained,
but the security issues surrounding key management haven't really changed that much.
Over the years we have built up quite a good reputation with the various agencies and
with our Department of Defense. They realize that ignorance is a bigger enemy than
the need to destroy machines. Machines that are no longer in use and that were often rendered obsolete many years ago. Of course, we do know our boundaries.
We never publish any information on our website before carefully considering any security
issues as we don't want to endanger any person, organisation or mission.
We only publish information if we know that the equipment is obsolete or was never classified.
Because of our backgrounds in mechanics and electronics,
we are capable of repairing and preserving most of the items in our collection.
Over the years, we have assembled a long list of experts and specialists that
we can always rely on. And that includes the authorities.
It is our goal that eventually we will be able to show and demonstrate
as many (working) objects as possible.
Another reason for providing information on the Crypto Museum website
is to warn against indifference and naivity.
Not many people have heard about cryptography,
and very few realise the danger of putting personal information on public websites.
Just look around you: people share their entire live on sites such as Facebook and
Linked-in. Google is spying on our wireless networks and links all possible kinds of
information together. Very convenient if you want to check someone's credentials, but
also very helpful to criminals wanting to steal your identity.
Can you blame them for it?
After all, you published it on the world-wide web yourself.
We are becoming increasingly dependant on modern digital networks,
but how safe are these systems? If you only knew how often people
forget to change the network computer's default ADMIN password...
And this is just one example.
How many people use their birth date or their postcode as the
secret number for their credit card or their alarm system?
Consider this: the city of Eindhoven (where we live) has 250,000 inhibitants.
The PIN-code (secret number) of a bank card only has 4 digits.
Have you ever realised how many people in your city share the same PIN code?
If you are serious about protecting your secrets, safety is paramount.
Luckily, the Cold War is now over. But does that mean that there are no more enemies? Of course not.
Our biggest 'enemies' might even be our closest (international)
business relations. The European national security agencies are currently warning us for
industrial espionage. It seems to be our biggest threat.
Perhaps this is best illustrated by a couple of examples:
- Remote access
Some large companies are currently outsourcing the software maintenance of their PCs.
All PCs in the corporate network are managed remotely from a far away country.
Do you think this is wise? Perhaps not.
They are given access to the complete administration of the
company, its strategic partners and, worse, the company's intellectial property (IP).
- Internet Switch
A big international company has developed a new Internet Security Switch.
They have decided to move the production of the new switch to a low-wage country.
Apart from the list of materials, they also give them the design files and the software,
so that the production company can provide 'better' service. Do you think this is smart?
- Information gathering
A civil service needs to collect information about its nationals. They have contracted
an external party to do this on their behalf.
This external party is located in a
far-away country. Nobody in the civil service knows exactly how it works, but everyone
is satisfied because it seems to work well. Do you think this is smart?
People often say: "If you don't have anything to hide, you don't have to worry".
We completely disagree with that. What a dull life have you got if you have
nothing to hide.
Companies have intellectual property and company secrets to protect.
Individuals need to protect their privacy, their passwords
and the secret number of their credit card.
At the end of the day, we all have things to hide.
Giving up freedom completely, is the worst way of protecting it.
Modern cryptographic equipment consists of nothing more than a 'black box'
with powerful digital processors and advanced mathematical algorithms.
There is not much to see, and there are definitely no moving parts.
We realize that this is probably where our collection
of historical cipher equipment will end.
However, there are numerous earlier cipher
machines and much of this is still undiscovered.
'New' old machines will, no doubt, pup-up and many side-tracks will be walked.
Furthermore, the history of some famous cipher machines is still very clouded,
leaving much to be researched and much to be discovered in the years to come.
On the Crypto Museum website, we have done our best to raise an interest in
historical cipher machines and cryptology in general.
Where possible, we will give as much background information as we can.
Perhaps you too will eventually get contaminated with the Crypto Virus.
If it happens, be careful as it might get under your skin.
Paul Reuvers & Marc Simons
To the best of our knowledge, this site only contains information that is
either available in the public domain
or that is unclassified
or that has been officially declassified.
Whenever possible, the source of the information will be credited in
the References section at the bottom of each page.
In some cases the classification status of an object is not entirely
clear because there is no list of classified objects available in the
In these cases we will simply try to follow the rules of common sense.
If you come across any information that you think is still classified,
please contact us.
Please note that we are neither cryptologists nor mathematicians.
We don't want to develop new cryptographical methods.
And we are no cryptanalists either.
We are not involved or interested in breaking any codes.
Also note that some of the objects shown on this website are still restricted
items. We are not in the position to release classified information about such
- Algemene Inlichtingen en Veiligheidsdienst (AIVD), Spionage- en Veiligheidsrisico's
Espionage and safety risks (Dutch).
The Netherlands, July 2005, 2nd issue.
- Algemene Inlichtingen en Veiligheidsdienst (AIVD), Spionage in Nederland.
Espionage in The Netherlands. What is the risk? (Dutch)
The Netherlands, 4 February 2010.
- Algemene Inlichtingen en Veiligheidsdienst (AIVD),
Spionage bij reizen naar het buitenland.
Espionage when travelling abroad. What is the risk? (Dutch)
The Netherlands, 4 February 2010.
- Algemene Inlichtingen en Veiligheidsdienst (AIVD), Digitale spionage.
Digital espionage. What is the risk? (Dutch)
The Netherlands, 4 February 2010.
- Algemene Inlichtingen en Veiligheidsdienst (AIVD), Kwetsbaarheidsanalyse Spionage
Espionage risks and national safety (Dutch)
The Netherlands, 1 April 2010.
- British National Security Service MI5
The threat of espionage did not end with the collapse of Soviet communism...
UK, January 2010.
- Bundesamt für Verfassungsschutz (BfV), Spionage gegen Deutschland
Espionage against Germany (German).
Germany, November 2008.
Any links shown in red are currently unavailable.
If you like this website, why not make a donation?|
© Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Tuesday, 10 June 2014 - 09:18 CET