The M-138-A strip cipher carried the most important diplomatic traffic of the United States (at least until late 1944) and by reading these messages the Axis powers gained insights into global US policy.The strip cipher was not a weak system cryptologically, even though it could not offer the security of cipher machines. The success of German and Finnish codebreakers was facilitated in many cases by the poor way that the system was used by the State Department.
Each embassy was provided with 50 ‘special’ alphabet strips and 50 ‘circulars’. The ‘specials’ were used for direct communications between that embassy and Washington. The ‘circulars’ were used for communications between embassies and for messages sent from Washington to more than one embassy.Each day 30 different strips were selected from the 50 and entered into the metal frame. The strips and the order that they were inserted in was the daily ‘key’.
The major mistakes made by the State’s cipher department were:1). During the period that the strips were valid there were only 40 different rearrangements for them and not a separate key for each day.
2). The ‘special’ strips were not destroyed after the period of validity had passed but instead in many cases they were sent to another embassy to be used there.3). The ‘special’ strips used by each embassy differed from those used at other embassies but it seems that the daily ‘key’ was the same for all. (may have changed during the war)
4). The same messages were sometimes sent in ‘circular’ and ‘special’ strips.5). The same messages were sometimes sent in low/mid level book codes and the strip cipher.
Without these mistakes the Axis effort would have been considerably hindered.What kind of department was responsible for the way that the State Department used the M-138 during the war? This question required quite a lot of research into the archives in order to track down the relevant documents.
There is a ‘History of the Division of Cryptography’ which can be found in NARA collection RG 59.
According to this study (and other documents) prior to September 1944, when the Division of Cryptography was established, the State Departments cryptographic functions were performed by a small unit in the Division of Communications and Records, under the supervision of the Division chief mr David A.Salmon. When in August ’43 he was assigned Assistant Security Officer in the Office of the Assistant Secretary for Administration he retained his cryptographic responsibilities.
However it would be dishonest to try to pin all the blame on mr Salmon and his unit. Apparently the State’s leadership had rejected the purchase of secure cipher machines in 1941 due to the financial cost. Instead they kept using the same codebooks (Gray, A1,B1,C1,D1) for decades. The Brown code and the Strip cipher were the only new systems introduced in the 1930’s.