Have a look at http://www.nsa.gov/publications/publi00039.cfm . The one-time pad was used to superencrypt a codebook; two different codebooks were used. Most of the successful decryptions were done by 1952; there was some additional help from a partial codebook recovered in 1953. Here's the key section of that monograph:
The Translations and KGB Cryptographic Systems The VENONA translations from 1942 to 1943 messages occasionally are fragmentary and difficult to understand. The code itself was complex and difficult to exploit using pure analytic techniques. Moreover, the broad contextual sweep of the content of these messages vastly complicated the difficulty of reading these KGB systems. The cryptographic systems used by the KGBís First Chief Directorate involved a codebook in which words and phrases were represented by numbers. These numbers were then further enciphered by the addition of random number groups, additives taken from a so-called one-time pad. A one-time pad comprised pages of random numbers, copies of which were used by the sender and receiver of a message to add and remove an extra layer of encipherment. One-time pads used properly only once are unbreakable; however, the KGB?s cryptographic material manufacturing center in the Soviet Union apparently reused some of the pages from one-time pads. This provided Arlington Hall with an opening. Very few of the 1942 KGB messages could be solved because there was very little duplication of one-time pad pages in those messages. The situation was more favorable in 1943, even more so in 1944, and the success rate improved accordingly. In order to break into the system successfully, Arlington Hall analysts had to first identify strip off the layer of additive in order to attack the underlying code. These two levels of encryption caused immense difficulty in exploiting the codebook, and many code groups were, therefore, never recovered. The KGB messages from 1942 through 1943 and into 1944, as well as from earlier years, were based on one codebook version. The 1944 to 1945 messages were based on a new codebook. Given that intelligence scrutiny of the intercepts continued until 1980, I doubt there's any more to recover. That said, the NSA admits of the possibility: There are still gaps of two different types in the translated messages, as indicated by the words "unrecovered" or "unrecoverable." The phrase "unrecovered" meant that the underlying Russian text in theory could be obtained, but the cryptanalysts did not have sufficient text to do so. "Unrecoverable," on the other hand, indicates passages unaffected by the Soviet misuse of their own system which therefore could never be solved by cryptanalysts --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]