Interesting People mailing list archives
more on The worst case of password abuse - ever.
From: David Farber <dave () farber net>
Date: Thu, 03 Jun 2004 08:11:18 -0400
Begin forwarded message: From: Kurt Albershardt <kurt () nv net> Date: June 2, 2004 7:43:04 PM EDT To: dave () farber net Subject: Re: [IP] The worst case of password abuse - ever.
From a friend who still does contract work for LANL and wishes to remain anonymous:
This has been known for years in the nuclear arms community. I don't know why they're making such a big deal out of it. Basically, the password was zeros because the system never got out of field prototype testing and was never officially deployed. There is copious documentation of this in the public record going back to the 1960s. Alas, the press consistently interpreted PAL as a live system, rather than the dead one it was. In reality, there was no way given the technology of the time (prerobust encryption) of implementing PALs, despite what this author says. Any implementation would pose an unacceptable risk of launch failure in a crisis.
In the book "One Point Safe," the author (I forget who) makes the point repeatedly that the U.S. nuclear force depended solely on a trustworthy chain of command to control weapons release. Safeguards such as dual consent, "no lone" zones, and shoot-on-violation were controls that did actually work, so PAL wasn't necessary. Today we would implement that system with SSH ;)The real threat to weapons security was never inside jobs. The exhaustive random selection and personell testing ensured that sleepers can't be planted. The true threat was, and still is, brute-force takeovers of launch facilities. To this day you can still tour many of these sites (as I have) without any credentials beyond a social security card and driver's license. Terrorists could exploit this exposure to take over a facility before any military authority could respond.This issue was a major topic of party conversation at Los Alamos.
From: "Trei, Peter" <ptrei () rsasecurity com> Date: Tue, 01 Jun 2004 10:58:50 -0400 Subj: The worst case of password abuse - ever. [For IP, if you wish] This is just Strangelovesque.... What was the password which controlled the firing of America's ICBMs for years during the height of the Cold War? 00000000 That's right. For *all* of them. The Permissive Action Link codes for all of Americas missiles provided less protection than on an average suitcase. [It's fair to note that there were a lot of other controls, such as the dual key system. However, it appears that a pair of rogue controllers could have unleashed Armmagedon - pt] Peter Trei
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on The worst case of password abuse - ever. David Farber (Jun 03)