Slashdot Mirror
Dial 00000000 To Blow Up the World
Charliemopps writes "For 20 years the password for the U.S. nuclear arsenal was '00000000.' Kennedy instituted a security system on all nuclear warheads to prevent them from being armed by someone unauthorized. It was called PAL, and promised to secure the entire US arsenal around the world. Unfortunately for Kennedy (and I guess, the whole world) U.S. military leadership was more concerned about delaying a launch than securing Armageddon. They technically obeyed the order but then set the password to 8 Zeros, or '00000000'."
You mean to tell me, when WOPR was busy looking for the launch code in Wargames, it was all a bunch of crap?
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
that sending Snake all the way back to the blast furnance and that freezing warehouse to change the shape of the PAL override shape-memory alloy key was a waste of time. Damn it, Kojima!
I knew I needed to stop reading Slashdot and finish my PhD when I started to miss articles by Bennett Haselton.
I guess ease-of-use trumps security...
Karma: Bad
Thankfully this would not happen today, as after adding a captcha it is now totally undecipherable by man or machine.
You have 5 Moderator Points!
Which Helpless Linux zealot/MS basher do you want to mod down today?
Looks like that password worked.
Like the beer commercial "It's only weird if it doesn't work".
Frightening, but this has been known at least since 2004.
who set the code for this thing shatner?
Code zero zero zero. Destruct. Zero.
The codes were changed in 1977. WOPR was installed in 1983.
The world is made by those who show up for the job.
That's the combination for my luggage!
The final password spoken by Kirk to the computer for destruction of The Enterprise in Wrath of Khan, and also in one of the original series' episodes, is something similar like:
000DESTRUCT0
But even ST had THREE passwords - one each for Captain, Chief Engineer and Second in Command.
You mean to tell me, when WOPR was busy looking for the launch code in Wargames, it was all a bunch of crap?
They forgot to tell you that if you dial "1" you get a brand new world.
Actually the password might have been eight zeros, but you have to dial a 1 + area code to get the outside nuclear line.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
http://www.youtube.com/watch?v=a6iW-8xPw3k
Good thinking! If the Romans invade, they'll never be able to launch the missiles.
I saw some idiot claim that people just do not understand probability theory and state that in effect 00000000 is just as secure as 737474757. I would call him ignorant of hacking. What does one start with when cracking password protected systems? . . . a dictionary of common crap people use, like "000000000", "1111111111", "101010101010", "007007007007".
In particular because there is no central computer control. The military has always been real big about having humans in the chain, which is why this code isn't a big deal. It still required the two guys in the silos to turn their keys. There isn't any "OMG we hax the missiles!" shit that can go on. At the end of the day, only the operators in the silos can trigger a launch, it isn't on a network.
Same general deal in planes and so on. Like when a modern bombing mission is conducted, all the stuff is uploaded in to the computers beforehand, flight plan, targeting data, all that. The pilot is told on his HUD a countdown to when to release the bombs. Hitting the button doesn't release them either, the plane's computers decide when it is actually best to release. So what does it do? Allows the plane to release. If the pilot doesn't trigger, it can't drop, no matter if it thinks it should. The human is the final deciding factor.
Maybe the military will change their mind some day as automation increases, but for now they are real, real big on having a human have to be the final factor.
"Welcome to the U.S. nuclear arsenal hotline.
Please listen carefully as some menu items have changed.
Para continuar en Espanol marque numero dos.
Main menu opti--"
Oh damn it. I fucking hate theses things.
Billions blown and I can't get a real human operator on the line?!
"--mutually assured destruction press 4
For scheduling nuclear launches press 3
For prior launch status updates press 2
To change a nuclear launch code press 1
To launch all mis--"
Aargh! Screw it. I know a trick...
:: repeatedly presses 0 until the end of the world ::
Mashing the same button can happen because something has fallen on that button.
Or a cat has walked on the console.
Or you fell asleep.
Or a short pulse is generated by a shorting circuit making a 0 0 0 0 0 0 0 ... which gets to a count of 8 of them. BOOM!
Or another code is needed and has a zero and you forgot the count of zeros.
Even 12345678 would be SAFER because the chance of that randomly happening is really really low.
For a long time as I recall Windows 95, (or was it 2000/XP?) used a string of zeros as the key....that could have been really nasty!
It's not "old ass", it's "carefully fermented just the right time".
the timings required to set off the compression plastique segments simultaneously, thusly rendering a nuclear bomb ineffective without it?
well... at least is not as confusing as having the password be "password"
General:: the deactivation password is "password"
Operator: whats the password...
General: "I Said... the deactivation password is PASSWORD"
Operator: ok but whats the password.......
Genaral: The....."; oops too late
--
Time is on my side
Depends on which level you label the "code". The way the PAL worked was that the firing parameters were stored encrypted, and the code entered was used as a decryption key. Bad code, random firing sequence (and a fizzle).
Oh, and Jimmy Carter once sent his jacket to the dry-cleaner with a paper with the detonation codes still in one of the pockets. Just so you dont have to write a 'news article' on that in the near future...
I got both pieces of info via QI (Quite interesting), wich is normally considered a quiz, but for the author it is probably a news show...
rm -rf --no-preserve-root /
I haven't read TFA but:
I'd like to think that if you ever got to the point where you were in front of something that would accept a password to launch a nuclear strike, and you WEREN'T one of the people authorised to know the passwords, it's game over anyway.
The only thing that device can do is send an electrical signal to something - if you've got that far, especially in the era mentioned - chances are you just insert that signal directly without having to worry about the Password? prompt anyway.
The questions I have are - was the password a variable-length entry? Because if you just typed in 7 zeros and pressed Enter, would it accept it?
And, what did that password actually DO? What did it activate? What systems did it energise? What kind of hardware was behind it? Where was it stored?
That's infinitely more important than what the damn password is.
Hell, given that Slashdot are now printing articles that basically derive from questions asked on QI some years ago, I'd like to bring up another: the UK's equivalent was to have the prime minister's chauffeur stop his car, dial a phone number and ask the operator to reverse the charges, to call the hotline that would give the prime minister the chance to verbally authorise retaliation in the event of a Soviet nuclear strike.
By comparison, 00000000 is positively forward-thinking.
The book Command and Control by Eric Schlosser goes into the issues of the cold war control of our nukes in a wonderful way, detailing just how messed up our control of nukes was and how we are damn lucky that we didn't have an accidental nuclear detonation at some point (there were plenty of accidental conventional detonations that by sheer luck didn't have a nuclear core in them).
Nuclear weapons are "always/never" devices in that they should always work when you want them to and never work when you don't. The military only cared about the "always" side of the equation. So much so that they even nixed the idea of an inertial switch in fusing mechanism of the reentry vehicles of ICBMs that would only connect the detonation systems after detecting the g-forces of reentry.
Further any suggestion of improving the control of the nukes was met with grumpy rage at civilians daring to tell the military how to run its business as well as fights between the Air Force, Army, and Navy over funding and power.
I guess WOPR's brute force attack started from the top, 99999999.
Yes indeed! Big Duck (and Cover) (SFW)
To be, or not to be: isn't that quite logical, Slashdot Beta?
... if the keypads that would accept the code is guarded by a squad of trigger happy elite shooters.
Knowing the password worths squat if you get shoot before touching the keypad - and you will get shoot if you try to get near one without proper authorization.
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
Considering that I saw this mentioned on a QI episode that's at least a year old, certainly this isn't shocking anyone? If it has been on a BBC comedy quiz, even my granny knows about it.
Not only a dupe, but old, old news. This has been publicly and widely known for nearly a decade.
Snowden has the new codes!
Rick B.
The password is actually 8 Unicode capital omicrons.
so the expected payout is lower - the max payout is definitely lower by order of magnitudes, therefore it is stupid to play those numbers and omgwtf stupid if you're using those numbers to educate people on probabilities and expected outcomes. if you take into account the fact that on any given lottery where you can choose the numbers 1-2-3-4-5-6.. is the most played and any big lottery would have 100 players playing those numbers then if you do the math on the expected return vs. any other number combination over several weeks then you should notice how it in fact is pretty stupid to play those numbers.
the only good reason for him to have been playing therefore had to be just donating money to whatever the lottery in said locale was financing... not to even have a chance at striking it rich, because he forfeited it by choosing those numbers - turning a small, tiny, chance of winning big money into 0.
now knowing that the code for the nukes was set by a human then a logical thing to test out would have been 00...
besides, sub commanders could just launch them by themselves.......
world was created 5 seconds before this post as it is.
Note we are not talking about straight launch codes (the envelopes etc.) This was an additional safeguard, a component in the message link (as in un-squelch) layer between SAC and silo.
I learned of this years ago, and since I've tracked the sentiment and reaction to it. How we thoughtfully react to this idea might be crucial to our survival and evolution as a species. Why? It hinges on personal responsibility. Time and again it is portrayed as a farce, a madcap circus-like adventure in the absurd. Or sternly, a waste of money and resource, a breech of protocol, a crime. A mistake. I'm not so sure. This was no mistake. The existence of such robotic barriers in c3i mechanisms breeds a dangerous complacency.
It is my view that the '00000000' PAL code as implemented not only performed well -- it actually added a significant edge to our species' survival impossible to achieve any other way.
Every time a technician would open the little door and inspect the combination at the start of their tour of duty, to ensure it was all zeroes... they'd say "Well this certainty isn't a factor. We'd better be on our toes!" Humans on their toes. The extra little edge. All the assurance we could ever hope to survive. Delivered: I THANK YOU, PERMISSIVE ACTION LINK. No joke.
When judging a system's insecurity by the strength of its passwords, it helps bear in mind such lock-out systems as implemented, may themselves fail or be subverted to achieve an undesirable result. The movie 'Failsafe' illustrates this well.
00000000 kept humans 'in the loop' while making them gravely aware of their personal responsibility to properly authenticate and verify orders.
<blink>down the rabbit hole</blink>
With apologies to Mel Brooks:
"The code is 0 0 0 0 0 0 0 0"
"0 0 0 0 0 0 0 0? That's ridiculous! Only an idiot would choose that as their password!"
Enter the President.
"Sir, the code is 0 0 0 0 0 0 0 0."
"0 0 0 0 0 0 0 0? That's the same combination I use on my luggage...."
Seriously, this is a blogger posting news that broke in 2004. He even admits it. And /. reports is as sensational .. what?
I have the same password on my matched luggage!
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
00000000 is just as random as any other code.
True but irrelevant. The point of having the code was so that the launch decision was not available to whoever happened to be in the hole with the missile. By setting the code to a predetermined number they effectively gave the decision regarding whether to start WWIII to some random guy out in the field. All it would have taken was one or two crazy or misinformed people.
It still required the two guys in the silos to turn their keys.
Great, so it takes just two crazy and/or misinformed people to start WWIII. Sounds like a terrific plan. What could possibly go wrong?
I trust they've now upgraded to the far more secure 12345678?
Must be slow time for 'news'
2004 Reference: http://www.theguardian.com/world/2004/jun/17/usa.oliverburkeman1
And for those interested in the general subject of PALS two blog posts
http://lewis.armscontrolwonk.com/archive/3066/biscuits-cookies-and-nuclear-bombs
http://lewis.armscontrolwonk.com/archive/2088/blair-on-the-ever-ready-misileer
No, that will make it blow up wherever it is. We're talking about launching the rocket.
You mean to tell me, when WOPR was busy looking for the launch code in Wargames, it was all a bunch of crap?
They forgot to tell you that if you dial "1" you get a brand new world.
All I know is that every time I dial Avogadro's number my phone crashes...
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
But the password to my email has to be sixteen characters, with at least one upper case, one lower case, a number, a symbol, an umlaut, a character from the pinyin alphabet, and one of those Arabic squiggles. Assholes.
"That's a battery!" "Correct, horse!"
Thomas Galvin
If I had to launch a nuclear knowing I'd be killing hundreds of thousands of people, I guess my hands would shake pretty badly. Eight zeros would probably be as complex a encryption key I could manage, and I'd probably foul that too by hitting seven or nine zeros.
No, I never qualified for the nuclear troops. Me, I'm just a grunt with an AK-47. I'd probably fare as badly with that one too.
I've been sitting here, entering "Joshua" all this time.
Have gnu, will travel.
So you're implying, "To make the world permanently safe fron nuclear war, William Shatner must die!"? Sad, but inevitably we must surrender to the remorseless logic of realpolitik.
Who is John Cabal?
password was OPE or 007. Reality seems more boring...
With the recent 50 year anniversary of Kennedy's assassination, there has been a flurry of interest in Kennedy's Presidency. Most sum it up: unrealized potential, but not much accomplished.
I think Kennedy, as Krushchev, and most US Presidents and Soviet Leaders up to circa 1990 had a very great accomplishment: they avoided nuclear war.
Kennedy and Krushchev had the biggest risk. In the Cuban Missile Crisis, history has revealed the Soviets had ready to use nukes, battlefield nukes, and even nuclear torpedoes on submarines. Almost the entire US military and civilian leadership was in favor of bombing Soviet Missile sites in Cuba, but Kennedy would did not do that. There was a big gamble either way; it turns out the Soviets shorter range nuclear missiles and battlefield nukes, and more important, the authority to use them. The US intelligence did not know this. Had the US bombed Soviet missile sites, it is likely one or more Soviet officer would have ordered one or more nuclear weapon to be used. No approval from Moscow was needed, and in fact communication between Moscow and the Carribean was anything but instantaneous. At the least, the US 5th fleet probably would have been wiped out, and maybe some short range nuclear missiles would have made it to the American South East. The US would then have probably responded with a massive nuclear attack on the Soviet Union, who may have gotten a few ICBM's off to Europe or the US. Look up Soviet Submarine B-59; the captain believed a nuclear war had already started, and ordered a nuclear torpedo to be loaded and launched at the US 5th Fleet after the fleet dropped practice depth charges on them to force them to surface. Another officer, the head of the submarine fleet in the area, vetoed the order.
Other Presidents and Soviet leaders have faced less intense situations, and more than a few instances of flocks of geese imitating bombers, etc. but many have faced potential nuclear wars. The Soviet Union considered nuking China during the Sino-Soviet Border conflict in 1969. Some of these leaders helped build the insane Strangelove technology of nuclear war, some inherited it. But, so far, none have used it.
My thesis is that by the fall of the Soviet Union, the risk has been greatly reduced, now that the US and Russia are part time bosom-buddies (hah).
Kennedy putting in place any measures to restrict access to nuclear weaponry, is well, Strangelovian, and I think it is even more bizzare that: 1. it had not done before, and 2. that I think it's a good bet some Generals thought Kennedy was committing treason for doing it. What? Take control of a weapons system out of the hands of the military?
End of rant. (The Bulletin of the Atomic Scientists clock currently is at 5 minutes to midnight)
*snort* "Today I found out...", indeed! Pretty old story. Ross Anderson's "Security Engineering" book has this "news" for smth like 5 years already!..http://www.cl.cam.ac.uk/~rja14/book/booksec2.html
VKh
LOVE the English/Spanish instructions... Well done sir.
The really funny thing is that 00000000 is a potential edge case. There could have been a bug in the system where 00000000 is rejected because it's misinterpreted as a null value. Out of a billion possibilities, they chose the one that might not actually have worked.
http://www.youtube.com/watch?v=IPphyjkXnPc
Back around 1980, I worked on a secret project at MacDonnell-Douglas. Access to our secret area was controlled by a 4-digit cipher lock, which was set to 1234. But there was an even better security problem one day. We came in Monday morning to find that the wall beside the cipher-lock protected door had been removed. We dutifully called security and reported a stolen wall.
Upon reading the title, I got excited and tried it on my phone. We are still here. I guess I should have read the whole thing first.
What if it turns out that 1,2,3,4,5,6 is a very rare combination? Then he is maximizing his chances.
http://www.youtube.com/watch?v=_JNGI1dI-e8
Fascism: An authoritarian and nationalistic right-wing system of government and social organization. See also: NAZI's
IIRC, the issue was that the US Navy fleet ballistic subs _always_ had the authority to launch on their own. The Air Force didn't like the idea that the navy was "trusted" but they weren't, so the PAL code was set to 00000000 and never changed (just like how the "war plan 1" and "war plan 2" control on a Minuteman control desk was never used).
And it's not just two guys turning keys. It's much more secure, really. Each silo has two guys who have to turn keys. But that doesn't launch the missile. It sends a message to all missile silos in the wing - and also ALL OTHER command silos in the wing that someone wants to launch a missile. If nobody else _also_ does a keyturn, the missile does not launch. After that message goes out, there is a time window where another silo MUST also do a keyturn to allow the missile to launch, and a _longer_ time window where _any_ silo in the wing can issue a "stand down" order (and other silos include silos that are off-duty, have no missiles under direct control (e.g. the usually-unused control silo three floors underground under the base commander's office), or are "air silos", like a control silo located in an aloft KC-135, with HF radio links rather than copper wiring).
Now, there is a thing called "sole survivor" where there's a rather long timer (90 minutes, IIRC) where a silo can launch on only one keyturn, but that requires that all other silos be silent for that entire timer period (but that also allows one silo to take over and control the entire missile wing).
Forgive me if I got any of this wrong, it's been 30 years since I read the manual.
But PAL wasn't to stop Broken Arrow scenarios. It's to satisfy Congress. The real protection against Broken Arrows was twenty thousand airmen all keeping their wits about them. I salute them.
Great !! Now that we all know that when time travel gets invented we'll know exactly how to use them.
He defines it as one that can't be expressed in fewer bits than the number itself has. In effect, prime numbers are the random set.
...needs a special World Generation Seed in commemoration of this story ;)
Every trollism an AC posts is prefixed, in my mind, with "A. Coward whined, in a weak and cowardly voice:"
But the reason there were always two, highly trained, regularly tested, drilled with no idea of whether or not the actions they were taking were a drill or not was because that envelope with the correct code would never be opened unless it was an actual war scenario. There were supposedly multiple envelopes to chose from and the incoming signal determined which one was to be opened, presumably with targeting instructions. But if the code was incorrect, turning the firing keys would do nothing. The go/no go decision had nothing to do with whether the code given looked "right" it had to do with whether procedures were being followed correctly. Source: War Games One of the major points of the film was the warning about what could happen if we let all people involved stop thinking. After WWII we did not allow the excuse "I was just following orders." After a nuclear holocaust it is important to remember that the world that manages to survive may not be very forgiving either of a nation that initiates a nuclear war for whatever reason.
- I can't help punning, I'm the product of a Jesuit Education. -
The issue of generating random numbers using any means other than physically drawing objects blindly from a container, with or without replacement is problematic. Spreadsheets may have improved their algorithms for generating random numbers but in the '80's and '90's they were at best "pseudo random numbers" which became clear if you had to use them to draw say a random sample of bus or rail one-way trips from a route or system schedule to meet FTA (formerly UMTA) sampling requirements. When testing the use of automated methods it became clear that the generators were highly dependent on the time the sample was drawn and if you just did all the calculations of say 1,024 random numbers at once, you could see the way the seed moved through the cells as it calculated each consecutive random number. Ways around this, such as not looking at the screen hitting the calc key for each cell at "random" times then recording those times were tested and this improved results. But using computers to provide results that were both entirely automated and appeared truly random remained elusive. But I've been out of it for more than a decade, I'm sure things have improved with the incredible calculation speeds available today. Or have they?
- I can't help punning, I'm the product of a Jesuit Education. -
seeded random numbers are a great thing. They don't work for true randomness, but are close enough, and repeatable. The "repeatable" was the great thing. Especially when debugging something.
Learn to love Alaska