| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Vulnerability Disclosure Debate On Fri, 08 Aug 2003 09:34:03 PDT, Aron Nimzovitch <crypto@...uddancer.com> said: > Hehe, that is probably the same mechanical system that Feynman broke > over 50 years ago. Looks the same as what I once used and it is still > mechanical. Takes a couple of hours without any clues to the initial > number. Nope. The dial is only an input device, all it does is (a) provide initial power-up via a few spins to drive a generator, and (b) then the lockset just counts ticks left and right, it's actually microprocessor controlled. In any case, GSA specs for Class 5 require: 30 man-minutes against covert entry 10 man-minutes against forced entry 20 man-hours against surrepetitious entry (surrepetitious is what Feynman was doing - opening it without leaving noticable traces. Covert basically means with a minimum of tools and noise, and forced means blowtorches drills and all the rest). The general idea is that security is in layers - you presumably also have an armed Marine on patrol with orders "If you hear a noise, shoot (forced entry), and check every half hour and shoot any unauthorized activity (other 2 categories)", or other schemes to make sure you don't get the requisite amount of time alone with the container. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030808/d74dd7f8/attachment.bin
Powered by blists - more mailing lists