[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Vulnerability Disclosure Debate
On Fri, 08 Aug 2003 09:34:03 PDT, Aron Nimzovitch <crypto@...uddancer.com> said:
> Hehe, that is probably the same mechanical system that Feynman broke
> over 50 years ago. Looks the same as what I once used and it is still
> mechanical. Takes a couple of hours without any clues to the initial
> number.
Nope. The dial is only an input device, all it does is (a) provide initial power-up
via a few spins to drive a generator, and (b) then the lockset just counts ticks
left and right, it's actually microprocessor controlled.
In any case, GSA specs for Class 5 require:
30 man-minutes against covert entry
10 man-minutes against forced entry
20 man-hours against surrepetitious entry
(surrepetitious is what Feynman was doing - opening it without leaving
noticable traces. Covert basically means with a minimum of tools and noise, and
forced means blowtorches drills and all the rest).
The general idea is that security is in layers - you presumably also have an
armed Marine on patrol with orders "If you hear a noise, shoot (forced entry),
and check every half hour and shoot any unauthorized activity (other 2
categories)", or other schemes to make sure you don't get the requisite amount
of time alone with the container.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030808/d74dd7f8/attachment.bin
Powered by blists - more mailing lists