I must be bored today. From: [EMAIL PROTECTED] Date: Fri, 08 Aug 2003 14:08:45 -0400
> Hehe, that is probably the same mechanical system that Feynman broke > over 50 years ago. Looks the same as what I once used and it is still > mechanical. Takes a couple of hours without any clues to the initial > number. Nope. The dial is only an input device, all it does is (a) provide initial power-up via a few spins to drive a generator, and (b) then the lockset just counts ticks left and right, it's actually microprocessor controlled. Ohh, it has a COMPUTER, it MUST be better! No wait, that means that the backdoors for service personnel are accessible to bit boffers. In any case, GSA specs for Class 5 require: 30 man-minutes against covert entry 10 man-minutes against forced entry 20 man-hours against surrepetitious entry Tell me that it was turned over to an outside source with motivation to crack and that those standards were met. Having written tests to pass QA and dealt with QA inspectors, I am only amused with the thought that these numbers represent reality. (surrepetitious is what Feynman was doing - opening it without leaving noticable traces. Covert basically means with a minimum of tools and noise, and forced means blowtorches drills and all the rest). Surrepetitiously picking off a couple numbers was just one of the tools in Feynmans bag. He never needed any crude tools, and was only defeated by one safe (the one that he believed to be best and never actively attacked -- turned out to have the default combo) The general idea is that security is in layers - you presumably also have an armed Marine on patrol with orders "If you hear a noise, shoot (forced entry), and check every half hour and shoot any unauthorized activity (other 2 categories)", or other schemes to make sure you don't get the requisite amount of time alone with the container. Gee, read the story of the "Guess Who" note to see how effective such security was a Los Alamos during the end phase of the war. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
