Colossus – the first electronic digital computer

Filed Under: Cryptography, Data loss, Privacy

It's a year since my last book review, so I thought I'd write another.

I'm currently finishing off Colossus – The Secrets of Bletchley Park's Codebreaking Computers. This book has been out for four-and-a-half years, so I really ought to have read it long ago, but I'm relishing it now. If you haven't read it, and you have even a passing interest in cryptography or the history of computing, you should read it at once.

The book is edited by Jack Copeland from the University of Canterbury in Christchurch, New Zealand. Remarkably, it includes a collection of essays from people who were at Bletchley Park, during the Second World War – people who designed, built and used the world's first electronic digital computer.

The name most commonly associated with "first electronic computer" is John von Neumann of the USA, although he didn't invent or build it. Indeed, some critics accuse von Neumann of a deliberate sin of omission in failing, in his early papers on computer architecture, to give proper credit to fellow Americans Presper Eckert and John Mauchly. In early histories of computing, they were listed by cognoscenti as the true creators of the first electronic computer – ENIAC, completed in 1946.

What even those cognoscenti didn't know until long after the war was that the British had beaten ENIAC by more than two years. Telecommunications expert Tom Flowers built a programmable electronic computer, called Colossus, to crack the German cipher machine known officially as the Lorenz SZ42, but disparagingly named after a fish (Tunny, the Atlantic Tuna) by British cryptographers. The first Colossus ran in 1943.

Absurdly, the British government not only refused to declassify the details of the Colossus project until fairly recently, but also denied the very existence of any such work until the 1970s. Most of the details of the Colossus project are lost. The Colossi – ten were eventually in use – were destroyed or broken for parts when hostilities ended, and most official documentation destroyed.

Nevertheless, enthusiasts led by a determined science historian named Tony Sale managed, in the 1990s, to save Bletchley Park itself from property developers, and then to reincarnate Colossus – effectively piecing it together from scratch.

So much for history, and for a retrospective chance for the British to beat the Americans into second place. Does the Colossus book have a message for us in 2010? Is it worth reading for that alone?

Yes, it does and it is.

Firstly, it reminds us that good encryption requires good algorithms with correct implementation. The SZ42's designers made half of the cipher's encryption wheels rotate one step per character; they made the other half advance at a variable rate in an effort to mix up the input more. Ironically, this made the final output less random. Ultimately, the cipher could be cracked as if it were two five-wheel ciphers rather than one ten-wheel cipher. This greatly reduced the overall effort needed to break each message.

Secondly, early advances against Tunny were assisted by poor key material chosen by the cipher operators, and by poor operational practices, such as transmitting cryptographic settings in cleartext before switching to encrypted mode, and using ony a small subset of possible settings to simplify key management. (That's rather like using short passwords today because they're easier to remember, and sending those passwords in regular emails for convenience.)

Thirdly, it seems that the Nazis blindly believed in the uncrackability of the SZ42 system until the bitter end. This a very important lesson for us today, as we face an increasingly determined and well-informed cybercriminal enemy.

It is not enough to devise and to enforce security standards. They must be continually verified, reviewed and enhanced. Computer security is an arms race. You need to make sure that you partner with security providers who are well-rehearsed in running that race, and that when new protective techniques present themselves, you make a determined effort to bring them into play.

Now read the book. It's a cracker.

ISBN:978-0-19-284055-4
Published: Feb 2006

, , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog