Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
United States The Military

Dial 00000000 To Blow Up the World 306

Charliemopps writes "For 20 years the password for the U.S. nuclear arsenal was '00000000.' Kennedy instituted a security system on all nuclear warheads to prevent them from being armed by someone unauthorized. It was called PAL, and promised to secure the entire US arsenal around the world. Unfortunately for Kennedy (and I guess, the whole world) U.S. military leadership was more concerned about delaying a launch than securing Armageddon. They technically obeyed the order but then set the password to 8 Zeros, or '00000000'."
This discussion has been archived. No new comments can be posted.

Dial 00000000 To Blow Up the World

Comments Filter:
  • by Rosco P. Coltrane ( 209368 ) on Sunday December 01, 2013 @06:54AM (#45567061)

    You mean to tell me, when WOPR was busy looking for the launch code in Wargames, it was all a bunch of crap?

    • Nah, WOPR was more intelligent than the average general and therefore decided the code wasn't 00000000 because that would be stupid.

      How often would you try 00000 as the PIN for someone's bank card?

      • by DarkOx ( 621550 ) on Sunday December 01, 2013 @07:15AM (#45567149) Journal

        Never, because bank card PINs are usually 4-digits

        • by kav2k ( 1545689 )

          Depends.. Here in Switzerland they are usually 6-digit.

        • by rapiddescent ( 572442 ) on Sunday December 01, 2013 @11:13AM (#45568107)

          The EMV (ISO/IEC 7816-3) standard allows for a change PIN function that will take a 6 digit PIN. Some banks around the world operate with a 6-digit PIN.

      • The generals using 00000000 was not dumb at all. The civilian leadership demanded that they create a launch code to take control away from the generals and make sure that nobody could go rogue (Jack D. Ripper style). The generals were terrified that a Soviet sneak attack could kill all of those civilians and leave the Air Force unable to retaliate against the dirty Reds. Using a non-secret code complied with the letter of the order while still keeping the control that they wanted. I'm actually impresse

    • The codes were changed in 1977. WOPR was installed in 1983.

    • 00000000 is just as random as any other code. My grandfather used to play 1-2-3-4-5-6 in the lottery, and when someone would point out that that number would never come up, he'd gleefully educate that person on probability.

      Besides, the code that WOPR was trying to crack was a 12-digit alphanumeric string of the style JPE-1704-TKS.

      • by Anonymous Coward on Sunday December 01, 2013 @07:49AM (#45567265)

        Off-topic, but note that playing an easily remembered set of numbers (not just 1-2-3-4-5-6, any set of numbers that you'll recognize) is bad for several reasons. One reason is that numbers which are special to you have a high probability of being special to someone else. The expected result of playing those numbers in a lottery is therefore lower than for other numbers. There are probably hundreds if not thousands of smartasses like your grandfather with whom he would have had to split the jackpot in case those numbers came up. Another important reason is that, however unlikely it is to have your special numbers come up, it is not impossible. When they do come up and just that time you didn't play, you'll kick your own arse for the rest of your life. This risk is a strong motivation to keep playing, which can lead to gambling addiction. So to lower your risk of getting addicted to gambling, don't ever bet on the same numbers.

      • by Anonymous Coward on Sunday December 01, 2013 @07:52AM (#45567271)

        00000000 is just as random as any other code. My grandfather used to play 1-2-3-4-5-6 in the lottery, and when someone would point out that that number would never come up, he'd gleefully educate that person on probability.

        A pity that those numbers never came; then he and thousands of other "I understand probability" blowhards might have actually learned something. The object in the lottery is not just to pick the winning numbers, but also to share the jackpot with as few others as possible. 1-2-3-4-5-6 is, in fact, the worst possible choice.

        • by mrclisdue ( 1321513 ) on Sunday December 01, 2013 @08:09AM (#45567321)

          ...as few others as possible. 1-2-3-4-5-6 is, in fact, the worst possible choice...

          That's why I always play 6-5-4-3-2-1, instead.

          I'm gonna be rich! Rich! Rich!!!!

          suckers,

        • The object in the lottery is not just to pick the winning numbers, but also to share the jackpot with as few others as possible. 1-2-3-4-5-6 is, in fact, the worst possible choice.

          That's why you buy 100,000 tickets marked 1-2-3-4-5-6 every lottery. When it finally pays out, you'll get half of the winnings.

      • by masonc ( 125950 )

        "00000000 is just as random as any other code"
        Except that you can lean on the button pad and enter it by mistake. Bye Bye world.

        • ""00000000 is just as random as any other code""
          "Except that you can lean on the button pad and enter it by mistake. Bye Bye world."
          Or a short develops - in a button that's used underground or on a submarine.
      • by jbolden ( 176878 )

        00000000 is highly non random. It is just as likely as any other number to be guessed randomly, but substantially more likely to be guessed non-randomly.

        Your grandfather at least was going against a random number generator. A person guessing nuclear codes is not constrained to guessing randomly.

      • by DarkOx ( 621550 )

        Where your Granpa's lottery ticket is concerned his correct or should be if the lotto is truly random.

        Humans picking numbers though are not good sources of random. People tend to do things like choose 0000000, 1111111, 12345..., because they are easy to remember. They also often pick numbers such that the first pairs of digits might represent a valid date because its their dogs birthday or whatever. Knowing this means you try the list of common pattern first (dictionary), then you try the smaller key spa

        • But what if the prng generates a code with all zeros?

          • If you run a prng and reject any combination with less than 4 distinct digits, you're likely to have a combination in a small number of attempts, most usually 1. Calculate the likelihood of a prng producing ten combinations in a row that have less than 4 distinct digits. (For an 8 digit code it's say, 1/10000 or about that, and decreases by a factor of sqrt(10) for each additional digit, something like that).

            A program of the form
            int[] f() {
            int[] a;
            do {
            a = ArrayO
      • by John Allsup ( 987 ) <slashdot@chal i s q u e.net> on Sunday December 01, 2013 @10:02AM (#45567729) Homepage Journal
        The best example to be aware of in the UK Lotto, referred to here: http://news.bbc.co.uk/1/hi/sci/tech/240734.stm

        "The remarkable draw on 14 November 1995 when 133 tickets shared the &pound;16 million jackpot prize is a clear example of the effects the team had deduced.

        The winning numbers were 7, 17, 23, 32, 38, 42 and 48, all of which lie in central columns of the ticket, and the players won only &pound;120,000 each. The average number of jackpot winners is five and the average amount won is &pound;2 million."

        This illustrates the difference picking common combinations can make.  Once a presenter told you how much you'd win if you did the 1-2-3-4-5-6 thing: only a few thousand!  (While only a small minority have this 'clever' thought, it's enough to elevate the number of entries with 1-2-3-4-5-6 to significantly more than a typical combination.)
      • by hey! ( 33014 ) on Sunday December 01, 2013 @10:09AM (#45567765) Homepage Journal

        This is an example of "begging the question". "Randomness" is not a property of a number, it is a property of a sequence.

        This sounds like splitting hairs, but it actually makes a lot of confusing things clearer if instead of asking "Is this number random?" you ask "Was this number produced by a process that generates a random sequence?"

        Lets take the example of a combination. "0000000" is just as random as "3115435", but "0000000" was generated by a process which spits out easily keyed-in, easy-for-humans-to-remember numbers. In other words it's generated by a process that is biased towards spitting out numbers like "0000000" and "1234567".

      • 00000000 is just as random as any other code.

        True but irrelevant. The point of having the code was so that the launch decision was not available to whoever happened to be in the hole with the missile. By setting the code to a predetermined number they effectively gave the decision regarding whether to start WWIII to some random guy out in the field. All it would have taken was one or two crazy or misinformed people.

      • by ildon ( 413912 )

        If he actually understood probability he wouldn't have wasted his money on lottery tickets.

      • So your grandfather was basically messing with simpleton brains. He must have been a character and I for one would probably have appreciated his conversation.
      • by AK Marc ( 707885 )

        00000000 is just as random as any other code.

        Given that it was likely not generated randomly, then it isn't random. It was selected by a person, likely with the intent of being remembered. That makes it very non-random.

    • Well... ya (Score:5, Interesting)

      by Sycraft-fu ( 314770 ) on Sunday December 01, 2013 @07:35AM (#45567211)

      In particular because there is no central computer control. The military has always been real big about having humans in the chain, which is why this code isn't a big deal. It still required the two guys in the silos to turn their keys. There isn't any "OMG we hax the missiles!" shit that can go on. At the end of the day, only the operators in the silos can trigger a launch, it isn't on a network.

      Same general deal in planes and so on. Like when a modern bombing mission is conducted, all the stuff is uploaded in to the computers beforehand, flight plan, targeting data, all that. The pilot is told on his HUD a countdown to when to release the bombs. Hitting the button doesn't release them either, the plane's computers decide when it is actually best to release. So what does it do? Allows the plane to release. If the pilot doesn't trigger, it can't drop, no matter if it thinks it should. The human is the final deciding factor.

      Maybe the military will change their mind some day as automation increases, but for now they are real, real big on having a human have to be the final factor.

  • by UberVegeta ( 3450067 ) on Sunday December 01, 2013 @06:56AM (#45567065)
    that sending Snake all the way back to the blast furnance and that freezing warehouse to change the shape of the PAL override shape-memory alloy key was a waste of time. Damn it, Kojima!
  • by bobthesungeek76036 ( 2697689 ) on Sunday December 01, 2013 @06:58AM (#45567073)
    I guess ease-of-use trumps security...
  • by sjwt ( 161428 ) on Sunday December 01, 2013 @06:58AM (#45567075)

    Thankfully this would not happen today, as after adding a captcha it is now totally undecipherable by man or machine.

  • by garlicbready ( 846542 ) on Sunday December 01, 2013 @07:02AM (#45567097)

    who set the code for this thing shatner?

    Code zero zero zero. Destruct. Zero.

  • Obligatory (Score:5, Funny)

    by jones_supa ( 887896 ) on Sunday December 01, 2013 @07:06AM (#45567119)
    That's the combination for my luggage!
  • by Anonymous Coward on Sunday December 01, 2013 @07:08AM (#45567123)

    The final password spoken by Kirk to the computer for destruction of The Enterprise in Wrath of Khan, and also in one of the original series' episodes, is something similar like:

    000DESTRUCT0

    But even ST had THREE passwords - one each for Captain, Chief Engineer and Second in Command.

  • Roman-proof (Score:5, Funny)

    by Anonymous Coward on Sunday December 01, 2013 @07:15AM (#45567151)

    Good thinking! If the Romans invade, they'll never be able to launch the missiles.

  • by mowchine ( 908700 ) on Sunday December 01, 2013 @07:30AM (#45567189) Homepage
    I saw some idiot claim that people just do not understand probability theory and state that in effect 00000000 is just as secure as 737474757. I would call him ignorant of hacking. What does one start with when cracking password protected systems? . . . a dictionary of common crap people use, like "000000000", "1111111111", "101010101010", "007007007007".
    • by Anonymous Coward

      Mashing the same button can happen because something has fallen on that button.

      Or a cat has walked on the console.

      Or you fell asleep.

      Or a short pulse is generated by a shorting circuit making a 0 0 0 0 0 0 0 ... which gets to a count of 8 of them. BOOM!

      Or another code is needed and has a zero and you forgot the count of zeros.

      Even 12345678 would be SAFER because the chance of that randomly happening is really really low.

      • ISIS headquarters makes fort knox look like a gingerbread house. Only two means of ingress. The first, at street level, impenetrable after six. The second through an access door on the roof, inexplicably unprotected. But even if you ziplined across.. reach the access door, and somehow made it into ISIS headquarters, youâ(TM)d still have to find the mainframe. But wait, it gets worse. Inside there are three countermeasure systems. The first is pressue sensitive, in the floor. Even a mouse triggers it. T
      • Or a short pulse is generated by a shorting circuit making a 0 0 0 0 0 0 0 ... which gets to a count of 8 of them. BOOM!

        This is actually far from hypothetical. Quoting Lee Earnest (http://www.stanford.edu/~learnest/gump.htm):

        In 1960, I somehow was assigned the responsibility of leading a study group to get approval for putting nuclear warheads on the second-generation BOMARC ground-to-air missiles. This involved proving to a government nuclear safety board in Albuquerque, New Mexico, that the probability of

        • In the bad old days of pulse dialing, entering 00000000 would take 10x as long as entering 11111111.

          Maybe they were going for maximum delay.

    • by Anonymous Coward on Sunday December 01, 2013 @08:00AM (#45567295)

      00000000 is so unsafe. It would be ten times better to use 000000000.

    • Maybe it is. Seriously, imagine that you have just broken into a missile launch complex and are trying to guess the combo. Would 00000000 really be one of the first you would try?

      More seriously, nuclear launch is too important for passwords of any kind. If some reasonable set of people know the password you can threaten or torture it out of them - a minor effort compared to breaking the physical security around a launch complex. Remember its not like you can remotely log in to the launch computer for a Tit

      • Maybe it is. Seriously, imagine that you have just broken into a missile launch complex and are trying to guess the combo. Would 00000000 really be one of the first you would try?

        Since this isn't news (and we've discussed it here before) yes, yes I would try all zeroes. I'd also try all ones, 1-whatever, whatever-1, 0-whatever, etc. on the assumption that whoever initially implemented the password knew as much about security as you do, and due to the vagaries of government contracts it was never changed.

      • by D'Arque Bishop ( 84624 ) on Sunday December 01, 2013 @11:00AM (#45568019) Homepage

        At one place I worked, the marketing director had arrived at work, but had forgotten her alarm code. So, she typed in "123456". The system seemingly disarmed, and she went to her office.

        Very shortly after, the police arrived. What she didn't know was that criminals trying that code first was so common that the alarm company dispatched police immediately when it was used, figuring that someone using it was trying to break in. Needless to say she was more than a little upset after everything was straightened out... ;-)

        • That's a good idea to provide a code like that in case you are compelled to reveal the code under duress. Suppose that you were taken hostage, and the HT threatened you with harm unless you revealed the security code. You could tell them "123456", and they would get off your back, but when they tried to use it, BAM - Here come the cops.

          However, if I was the HT in this case, and the hostage told me the code was "123456", I would slap them, just on principal.
        • by AK Marc ( 707885 )
          Yeah, where I worked, the alarm code was written on the keypad. Much easier to never forget.
    • And since no one read TFA.. I'll just point out that the code was on the checklist... Written in plain sight.

      Our launch checklist in fact instructed us, the firing crew, to double-check the locking panel in our underground launch bunker to ensure that no digits other than zero had been inadvertently dialed into the panel.

    • by erice ( 13380 )

      Depends on how it is implemented. If all zero's is the default value you may not need to enter any code at all to launch the nukes.


  • "Welcome to the U.S. nuclear arsenal hotline.
    Please listen carefully as some menu items have changed.
    Para continuar en Espanol marque numero dos.
    ...
    Main menu opti--"

    Oh damn it. I fucking hate theses things.
    Billions blown and I can't get a real human operator on the line?!


    "--mutually assured destruction press 4
    For scheduling nuclear launches press 3
    For prior launch status updates press 2
    To change a nuclear launch code press 1
    To launch all mis--"

    Aargh! Screw it. I know a trick...
    :: repeatedly presses 0 until the end of the world ::

  • For a long time as I recall Windows 95, (or was it 2000/XP?) used a string of zeros as the key....that could have been really nasty!

  • the timings required to set off the compression plastique segments simultaneously, thusly rendering a nuclear bomb ineffective without it?

    • by chrylis ( 262281 )

      Depends on which level you label the "code". The way the PAL worked was that the firing parameters were stored encrypted, and the code entered was used as a decryption key. Bad code, random firing sequence (and a fizzle).

    • No, that will make it blow up wherever it is. We're talking about launching the rocket.

  • well... at least is not as confusing as having the password be "password"

    General:: the deactivation password is "password"
    Operator: whats the password...
    General: "I Said... the deactivation password is PASSWORD"
    Operator: ok but whats the password.......
    Genaral: The....."; oops too late

    • by Imrik ( 148191 )

      I think "what" would be better, but then I always liked "Who's on First?"

      • An admin I knew always reset the passwords of people who had forgotten their passwords to "I4GOT". We had lots of support calls which went something like this.

        "So what's my new password?"

        "I4GOT"

        "No, I forgot, but I asked you to reset it for me. What did you reset it to?"

        "I4GOT"

        "Well, if you forgot it, how do you expect me to remember it?"

        etc.

  • I haven't read TFA but:

    I'd like to think that if you ever got to the point where you were in front of something that would accept a password to launch a nuclear strike, and you WEREN'T one of the people authorised to know the passwords, it's game over anyway.

    The only thing that device can do is send an electrical signal to something - if you've got that far, especially in the era mentioned - chances are you just insert that signal directly without having to worry about the Password? prompt anyway.

    The quest

  • A systematic problem (Score:5, Interesting)

    by CaptBubba ( 696284 ) on Sunday December 01, 2013 @09:19AM (#45567551)

    The book Command and Control by Eric Schlosser goes into the issues of the cold war control of our nukes in a wonderful way, detailing just how messed up our control of nukes was and how we are damn lucky that we didn't have an accidental nuclear detonation at some point (there were plenty of accidental conventional detonations that by sheer luck didn't have a nuclear core in them).

    Nuclear weapons are "always/never" devices in that they should always work when you want them to and never work when you don't. The military only cared about the "always" side of the equation. So much so that they even nixed the idea of an inertial switch in fusing mechanism of the reentry vehicles of ICBMs that would only connect the detonation systems after detecting the g-forces of reentry.

    Further any suggestion of improving the control of the nukes was met with grumpy rage at civilians daring to tell the military how to run its business as well as fights between the Air Force, Army, and Navy over funding and power.

  • ... if the keypads that would accept the code is guarded by a squad of trigger happy elite shooters.

    Knowing the password worths squat if you get shoot before touching the keypad - and you will get shoot if you try to get near one without proper authorization.

  • Not only... (Score:5, Informative)

    by DerekLyons ( 302214 ) <fairwater.gmail@com> on Sunday December 01, 2013 @09:47AM (#45567635) Homepage

    Not only a dupe, but old, old news. This has been publicly and widely known for nearly a decade [slashdot.org].

    • Then on top of that it misses the point, that if you're trying to prevent people from starting WW3 on their own initiative, you don't let them choose the password. You should have the bomb builders set it. Bomb building was always kept carefully separate from the military.

      • During the Cold War PAL's wern't intended to prevent people from starting WWIII... They were meant to prevent to use of weapons that had fallen into unfriendly hands. (Which is why the codes were set to all balls in the missile silos, and why SSBN's didn't have them.)

        • by sribe ( 304414 )

          During the Cold War PAL's wern't intended to prevent people from starting WWIII... They were meant to prevent to use of weapons that had fallen into unfriendly hands. (Which is why the codes were set to all balls in the missile silos, and why SSBN's didn't have them.)

          That's flat-out wrong. They absolutely were intended to prevent a rogue launch, and were mandated by the president of the US at the time, JFK, because he specifically wanted to prevent anyone in the military from being able to launch without his order. That the passwords were all set to "all balls", and that that code was the one that was always dialed in, was direct defiance of the order from the commander-in-chief, by military officers who resented that exercise of the president's authority.

          • Re: (Score:3, Informative)

            by DerekLyons ( 302214 )

            That's flat-out wrong.

            Nope, it's the flat-out truth. You're just repeating what's become urban legend since the story first broke a decade ago.

            They absolutely were intended to prevent a rogue launch, and were mandated by the president of the US at the time, JFK, because he specifically wanted to prevent anyone in the military from being able to launch without his order.

            Have you ever actually read National Security Action Memorandum 160 [jfklibrary.org]? (As referenced in the article.) It only applies to weapons r

  • Snowden has the new codes!

  • by Guppy06 ( 410832 ) on Sunday December 01, 2013 @09:52AM (#45567661)

    The password is actually 8 Unicode capital omicrons.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      So you are saying /. wouldn't be able to launch then then.

  • Note we are not talking about straight launch codes (the envelopes etc.) This was an additional safeguard, a component in the message link (as in un-squelch) layer between SAC and silo.

    I learned of this years ago, and since I've tracked the sentiment and reaction to it. How we thoughtfully react to this idea might be crucial to our survival and evolution as a species. Why? It hinges on personal responsibility. Time and again it is portrayed as a farce, a madcap circus-like adventure in the absurd. Or sternl

  • Seriously, this is a blogger posting news that broke in 2004. He even admits it. And /. reports is as sensational .. what?
  • by rsilvergun ( 571051 ) on Sunday December 01, 2013 @10:44AM (#45567925)
    I have the same password on my matched luggage!
  • I trust they've now upgraded to the far more secure 12345678?
  • by Lawrence_Bird ( 67278 ) on Sunday December 01, 2013 @11:36AM (#45568231) Homepage

    Must be slow time for 'news'

    2004 Reference: http://www.theguardian.com/world/2004/jun/17/usa.oliverburkeman1 [theguardian.com]

    And for those interested in the general subject of PALS two blog posts

    http://lewis.armscontrolwonk.com/archive/3066/biscuits-cookies-and-nuclear-bombs [armscontrolwonk.com]
    http://lewis.armscontrolwonk.com/archive/2088/blair-on-the-ever-ready-misileer [armscontrolwonk.com]

  • But the password to my email has to be sixteen characters, with at least one upper case, one lower case, a number, a symbol, an umlaut, a character from the pinyin alphabet, and one of those Arabic squiggles. Assholes.

    "That's a battery!" "Correct, horse!"

  • Damn! (Score:4, Funny)

    by PPH ( 736903 ) on Sunday December 01, 2013 @12:30PM (#45568571)

    I've been sitting here, entering "Joshua" all this time.

  • password was OPE [wikipedia.org] or 007 [wikipedia.org]. Reality seems more boring...

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...