The bulk of the material available from NSA's web site is associated with a long time project called Venona to decrypt Soviet message traffic from the 1940s. It's an interesting exhibition of the practical output of cryptanalysis that, incidentally, contains alleged reference to famous Commie spies of that era (Hiss, the Rosenbergs, etc). One question that I haven't found answered in my perusals of the site is a definitive statement of the cryptographic technology used by the Soviets. I was re-reading Kahn's 1967 chapter on Soviet crypto and he claimed that they relied primarily on one time pads. In fact, he was pretty specific about them using OTPs for exactly the type of traffic appearing in the Venona archive. But when I look at the partial decrypts in the Venona archive I don't understand how you'd get such partial decrypts from OTPs. The intercepts seem to indicate the use of ciphers with some codewords weakly layerd on top. Some intercepts show translations based on the phonetic properties of the extracted Russian plaintext. So I don't think the "unrecovered codegroups" are caused by a classic code that substitutes tokens for word meanings. But you're not going to crack only part of a OTP ciphertext -- presumably you'd need a compromised key tape, and that would either decrypt everything or nothing. So they were either really using rotor machines or they were using something else. Any other ideas? Other references? Rick. smith@sctc.com secure computing corporation