M-94 / CSP-488 US Army strip / disk cipher · 1922
Twenty-five disks on a spindle. Jefferson’s 1795 idea, finally mass-produced — and tactical-only by then.
Why This Matters
Thomas Jefferson sketched a cipher wheel of 36 lettered disks on a spindle around 1795, used it briefly, and tucked the design away — it was rediscovered in his papers in 1922. Within months the US Army adopted essentially the same idea as the M-94 (the Navy version was the CSP-488). It is the only major US cipher system whose direct ancestor is a Founding Father.
The M-94 served as the standard tactical cipher of the US Army through the 1920s and 1930s and was still in field use in early WWII alongside the M-209 and SIGABA. It was retired in 1943, by which point its tactical-level security was acknowledged as marginal.
Twenty-five aluminum or brass disks slide onto a single spindle. Each disk has the 26 letters of the alphabet engraved around its rim in a different mixed order, and each carries a number (1 through 25) for ordering on the spindle. To encrypt:
- Both sender and recipient agree on the order of the 25 disks for the day.
- The sender turns each disk so that the plaintext message reads horizontally across one row.
- The sender then chooses any other row and reads the ciphertext off horizontally.
The recipient stacks the disks in the same agreed order, dials in the ciphertext on the corresponding row, and looks for the row that reads as English. Because there are 25 rows, only one will be sensible plaintext — the rest are gibberish.
The cipher’s key is the daily disk-order permutation (25!) and the chosen offset row. With several intercepts of similar length the analyst can superimpose them at the same offset; columns then come from the same disk, and a multiple-anagram attack on the columns recovers the disk order. The Friedman / Kullback team at the SIS demonstrated practical breaks well before WWII.
A disk set captured intact reduces the daily key from 25! to 25! / (25 ⋅ 24!) — you only need the order, not the wirings. The US Army accepted this risk for tactical traffic and reserved SIGABA for anything strategic.
| M-94 lesson | Modern echo |
|---|---|
| The hardware key (disk wiring) is the standing key | Modern HSMs hold a master key with a long lifetime |
| The session key is just the disk order | Modern session keys are derived per-message from a master |
| Tactical vs strategic security tiers | Modern crypto-agility — different protections for different threat models |
| Jefferson’s 127-year lag to deployment | Good cryptographic ideas often arrive decades before the engineering catches up |
| Origin | United States Army (Mauborgne, Hitt) |
| Year | In service 1922 – 1943 |
| Mechanism | 25 brass disks on a spindle, each a mixed alphabet |
| Lineage | Direct descendant of the Jefferson cipher wheel (1795) |
| Status | Tactical only; never trusted for strategic traffic |