Re: [Full-Disclosure] Vulnerability Disclosure Debate

[Valdis.Kletnieks@vt.edu]

On Fri, 08 Aug 2003 09:34:03 PDT, Aron Nimzovitch <crypto@clouddancer.com>  said:

> Hehe, that is probably the same mechanical system that Feynman broke
> over 50 years ago.  Looks the same as what I once used and it is still
> mechanical.  Takes a couple of hours without any clues to the initial
> number.

Nope.  The dial is only an input device, all it does is (a) provide initial power-up
via a few spins to drive a generator, and (b) then the lockset just counts ticks
left and right, it's actually microprocessor controlled.

In any case, GSA specs for Class 5 require:

30 man-minutes against covert entry
10 man-minutes against forced entry
20 man-hours against surrepetitious entry

(surrepetitious is what Feynman was doing - opening it without leaving
noticable traces. Covert basically means with a minimum of tools and noise, and
forced means blowtorches drills and all the rest).

The general idea is that security is in layers - you presumably also have an
armed Marine on patrol with orders "If you hear a noise, shoot (forced entry),
and check every half hour and shoot any unauthorized activity (other 2
categories)", or other schemes to make sure you don't get the requisite amount
of time alone with the container.

PGP signature