M-209 vs Enigma:
Regarding the cryptologic strength of the M-209 machine versus the plugboard Enigma, the expert on classical cipher systems George Lasry (15) has stated:
‘One comment about the security of the M-209. The claim that the Enigma is more secure than the M- 209 is disputable.
1) The best modern ciphertext-only algorithm for Enigma (Ostward and Weierud, 2017) requires no more than 30 letters. My new algorithm for M-209 requires at least 450 letters (Reeds, Morris, and Ritchie needed 1500). So the M-209 is much better protected against ciphertext-only attacks.
2) The Turing Bombe – the best known-plaintext attack against the Enigma needed no more than 15-20 known plaintext letters. The best known-plaintext attacks against the M-209 require at least 50 known plaintext letters.
3) The Unicity Distance for Enigma is about 28, it is 50 for the M-209.
4) The only aspect in which Enigma is more secure than M-209 is about messages in depth (same key). To break Enigma, you needed a few tens of messages in depth. For M-209, two messages in depth are enough. But with good key management discipline, this weakness can be addressed.
Bottom line – if no two messages are sent in depth (full, or partial depth), then the M-209 is much more secure than Enigma’.
I also added Lasry’s M-209 articles in the notes: