Kerckhoffs's Principle at War
Kerckhoffs's Principle at War
How WW2 US Paratroopers Secured Their Blind Recognition Protocol
Before the D-Day landings, the 101st paratrooper division parachuted into Normandy.
Operating behind enemy lines, the paratroopers needed a way to reliably identify each other to avoid friendly fire incidents. One of the ways that they had achieved this was with the use of a challenge response system.
A German sentry, when approached at night, would challenge "Halt!". The Allied soldier challenge was “Flash,” and the correct response was “Thunder.” As confirmation, the challenger should reply “Welcome.”
So far so good. Anyone who has seen “Band of Brothers,” or any number of D-Day landing movies, probably remembers this sort of exchange. But there is more to this system than meet the eye, or the ear in this case.
The difficulty with designing this challenge response system was that its security could not rely on secrecy. The paratroopers expected to operate behind enemy lines for several days. The Germans would certainly learn the challenge response. And so the system had to be secure even when the enemy knew its methods.
This is an almost perfect demonstration of Kerckhoffs's principle that security should derive from the secrecy of the key, not the secrecy of the system. The paratroopers needed a shibboleth — a signal, like a word or phrase, that can be interpreted to differentiate in-groups from out-groups.
The words used in for the challenge password (Flash, Thunder, Welcome) were chosen specifically because they were hard for native German speakers to pronounce correctly. They were a shibboleth. The theory was that Germans could not pronounce the English TH sound rendering “Thunder” as “Dunder.” Similarly, German does not have the English W (an archaic holdover from Proto Indo-European) and so “Welcome” would be “Velkom”.¹
In the 1940s, this was no doubt true of the average German soldier. The odds of the average German being able to pronounce uniquely English phonemes was slim to none.²
This is not a new trick of course. The very word shibboleth refers to exactly this method of military identification, and its use has been documented for thousands of years.
What I find interesting is that the security of the system is based on the innate phonological restrictions of the threat actors. This is something missed by all the popular media depictions of D-Day. The real strength of this challenge was not that the Germans didn’t know the words, but that they could say the words.
__
1: p.90 “The Filthy Thirteen,” by Jake McNiece, 2003.
2: Regardless of the veracity of this theory, that’s how it was understood to function by the paratroopers.