Slashdot Mirror

← Back to Stories (view on slashdot.org)

The World's Most Dangerous Password

Posted by timothy on from the harsh-consequences dept.

NonNullSet writes "Minutemen ICBMs were deployed in the early 1960s, and grew to over 1000 in number. They were allegedly protected from a "rogue launch" by an approach known as PAL (Permissive Action Link). The PAL required that the correct 8-digit launch code be entered by the missiliers before the missile would establish ignition. What if all the PAL codes had been set to '00000000,' and 'everyone' in the Strategic Air Command knew it? That is unbelievably what happened, as described in this article from the Center for Defense Information. Not exactly a great example for getting people to choose difficult passwords!"

13 of 696 comments (clear)

  1. WOPR's 'guesses' by The+Monster · · Score: 4, Informative
    I remember watching WOPR 'cracking' the launch codes - each time it 'found a match' that character in the launch code would lock, while the others would continue to change in seemingly random fashion. I thought at the tima that it was incredibly stupid to have a system that would disclose which characters were correct - if you're using upper-case alpha and digits, that would require no more than 36 guesses to get any code.

    Now I realize that the movie wasn't nearly as stupid as reality.

    --

    [100% ISO 646 Compliant]
    SVM, ERGO MONSTRO.

  2. Re:At least it wasn't... by sik0fewl · · Score: 5, Informative

    Damn, beat me to it. Here it is anyway since you left out Skroob's quote :)

    ROLAND: No, wait, wait. I'll tell. I'll tell.

    HELMET: I knew it would work. All right, give to me.

    ROLAND: The combination is one.

    HELMET: One.

    SANDURZ: One.

    ROLAND: Two.

    HELMET: Two.

    SANDURZ: Two.

    ROLAND: Three.

    HELMET: Three.

    SANDURZ: Three

    ROLAND: Four.

    HELMET: Four.

    SANDURZ: Four.

    ROLAND: Five.

    HELMET: Five.

    SANDURZ: Five.

    HELMET: So the combination is one, two, three, four, five. That's the stupidest combination I've ever heard in my life. That's the kinda thing an idiot would have on his luggage.

    ----

    HELMET: We have the combination.

    SKROOB: Great. Now we can take every last breath fresh air from planet Druidia. What's the combination?

    SANDURZ: One, two, three, four, five.

    SKROOB: One, two, three, four, five? That's amazing. I've got the same combination on my luggage.
    --
    I remember when legal used to mean lawful, now it means some kind of loophole. - Leo Kessler
  3. Re:Reminds me ... by cipher+uk · · Score: 5, Informative

    i believe it was 111-1111111. the sum of the digits of the second area had to equal 7.
    so 111-1111111 aswell as 111-2020201 would work. the first 3 numbers could be anything.

    this was on a lot of pre-98 microsoft cds.

    more info on microsoft cd-keys

  4. Re:hmm by nightgeometry · · Score: 5, Informative

    It was Edgar Allan Poe, The Purloined Letter

    And damn good it is too.

    --
    The best is the enemy of the good
  5. Re:Its only a bad password by Penguinshit · · Score: 4, Informative


    The physical security refers to someone trying to get in from the outside. The two guys inside the silo launch center would be able to get the launch off in time.

    Insofar as a single deranged person trying to launch the missiles, both launch keys have to be turned at the same time. The keylocks are separated by a distance making it impossible for a single human being to turn both simultaneously.

    Crews are rotated such that the same two are not on duty on any but one shift (to prevent conspiracy), and the crewmen are subjected to some excruciatingly serious background and psychological tests before, during, and after their tours of duty in the silos.

    Great care was taken in designing a fail-safe mechanism, where if the protection mechanism fails, it fails into a safe mode (like a default-deny in IPTables).

    It was determined that it was better that a few missiles not leave the silos during a nuclear exchange than a few leave a silo during peace-time.

    --

    I have something in common with Stephen Hawking...

  6. RT()A by dachshund · · Score: 4, Informative
    So what if there was a password set to 0000000? There still has to be a number of other things set by others in numerous locations in order to do this.

    There are five flights, hence five two-man LCCs, in a 50-missile squadron. Since all missiles and LCCs are electronically interconnected, the "normal" launch of any or all missiles in a squadron requires the cooperation of only two crews - no more, no less. ...

    Located in each LCC are two launch keys, one for each member of the crew, and the codes needed to authenticate presidential launch directives. Only the launch keys, not the codes, are physical prerequisites for generating valid launch commands

    The article goes on to explain that the time from launch command to launch was about eight seconds, if two separate launch control centers (ie, 4 people) chose to turn the keys. Also, visitors were often allowed into these sites after giving only a name and social security number-- backgrounds generally weren't checked.

    So assuming the article's correct: a) there wasn't even one password in the launch process at the time, only physical keys, b) four people in the right place could launch nuclear missiles, and no countermeasures would have been able to stop them, and c) given the lack of stringent security in allowing visitors access to those sites, it's not inconceivable that outsiders could have seized the opportunity to take control of two launch centers.

  7. Re:trust by benh57 · · Score: 4, Informative

    Um, Saddam *DID* allow inspectors! In 2002 and 2003! Bush invaded anyway! (look it up)

  8. Re:Not Stupid by MacWiz · · Score: 4, Informative

    I beg to differ. Having formerly done security system installations, this is a quite common practice, especially if you're dealing with security gueards. A large casino I worked for used '2222' for its security codes. McCarren Airport (Las Vegas) prior to 9/11 had '1234' for its password to get into "secure" areas.

    It has to be something the lowest common denominator on the security team can remember.

  9. Re:Its only a bad password by joshki · · Score: 4, Informative
    Besides, the brass may be tough but the grunts guarding it are not above blackmail or greed.

    What?? You thinking putting a bar on someone's shoulder makes them "tough?" And just because you call someone a "grunt" they're more suceptible to "blackmail or greed?" Newsflash -- EVERYBODY is suceptible to blackmail and greed. That's why the people who work with nukes are vetted by the security services -- officers and enlisted alike. You think the techs who worked on those missiles didn't know how to bypass those PALs regardless of what password was used?

    My point is simple -- don't question someone's patriotism because I'm enlisted -- just because they don't get paid as much doesn't mean their values aren't just as strong as an officer's. The enlisted men and women in the military are the ones you have to trust -- we're the ones who make it all work.

    --
    I do not read or respond to AC's. If you want a discussion, log in. Otherwise, don't waste your time.
  10. Re:Poor ICBM security ...who cares? Right? by xnixman · · Score: 4, Informative

    Gee, you KNOW alot.

    Having worked in this field I'll tell you:
    1. A civilian is never allowed in a live LCC.
    2. The crew is sealed in the live LCC's.
    3. To get access to a live LCC is much more then cutting the chain link.
    4. Even if you got into one, you need to get into two to do anything.
    5. Nevermind the hoards of SP's and armed Helicopters descending around you.
    6. While crew members can send messages between LCCs (and I believe between bases, I can't recall) these messages are not and can not be EAM's which are only sendable from the NCA via special terminals.
    7. Even if you could send the EAM, who would believe an order coming from the wrong originator.
    8. The comm systems in question are not as stupid as e-mail, they are part of a dedicated MLS (b3) system.
    9. Nuclear command and control has always relied on personal responsibility, do you think nuclear submarine commanders or the alert bomber force can/could not just decide to launch, or are you deluded enough to think they have some crm114 gizmo that overrides them?

    In my place of business I'd have no problem with a null password if all access to the server required two trusted administrators with keys that are kept stored in seperate combination locked safes. In fact, a password beyond the assertion of two trusted people would be stupid, and if you don't trust the people allowing them access to the keys would also be stupid.

    Your scenario would be something like this:
    1. Something needs done to the server, so you call the CIO
    2. He gives you and your other Sys Admin a one-time password for the server.
    3. You two go open your safes with your combos (each of you only know one of these combos)
    4. You remove your keys and open the server locks.
    5. You enter the password you got from the CIO
    6. You do your business, and relock the server
    7. You put your keys away

    Damn, I'd hate to work in your shop. Most of us only have trusted sys admins and single passwords.

    Dan

  11. Re:At least they're default routers... by ronsonal · · Score: 5, Informative

    While we're on the subject, and before this gets out of hand, just a reminder to everyone about

    The Default Password List

    Indispensible tool.

    --
    Your Mom
  12. Re:Someone's gotta say it by MagicDude · · Score: 4, Informative

    There is someone in the loop. The missle silo's in Colorado are manned by Air Force officers. A college buddy of mine was Air Force ROTC (Reserve Officer Training Corps, pronounced rot-see). In return for the Air Force paying most of his tuition, he serves 4 years active duty and an additional period of time in the reserves. He has been assigned to the "Space and Missiles" program, which means that after a year of training he'll either be sent to "Space" which is mainly research and development, or to "Missiles", which is sitting in the missile silos. Of the people assigned to this program, about 20% go to space, and 80% go to missiles. As my friend describes it, he'd work on a 3 day rotation, where every third day he'd have a 24hr shift in an underground bunker where his primary job would be to wait for the signal to come in and then do the thing with the two keys and entering the final launch code or however it works these days. So there are still people in the loop for the US's long range missiles.

  13. Re:trust by Mostly+a+lurker · · Score: 5, Informative
    If Saddam Hussein didn't have WMDs, all he had to do was cooperate with the inspecters

    Well, according to Dr Hans Blix (the head of the inspection commission) Iraq was cooperating fairly well. The message that cooperation was inadequate was coming from the same source that was claiming incontrovertible evidence of ongoing WMD activity. Most of the world wanted inspections to continue, based on the doubts raised by the US, in spite of the fact that inspections were revealing nothing.