Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security

Safecracking for the Computer Scientist 322

Posted by michael from the alternate-lines-of-work dept.
secureman writes "It looks like Matt Blaze (the University of Pennsylvania CS professor best known for finding security flaws in the NSA Clipper Chip and in master keyed locks) is still causing trouble in physical security circles. There's a draft paper (dated December '04) on his web site entitled Safecracking for the Computer Scientist, which is a pretty in-depth look at what computer security can learn from safes (and vaults). The interesting thing is that it describes in detail the different ways that safes are cracked, probably revealing techniques that locksmiths would rather you didn't know about (there's a lot of security-by-obscurity there). The conclusion seems to be that while safes can fail, at least they do so in better ways than computer systems do. Warning: it's a 2.5 meg pdf file with lots of pretty pictures."
This discussion has been archived. No new comments can be posted.

Safecracking for the Computer Scientist More

Safecracking for the Computer Scientist

Comments Filter:

  • not that obscure (Score:4, Informative)

    by iggymanz ( 596061 ) on Saturday January 01, 2005 @09:07PM (#11235824)
    The information for the way that locksmithing is done (including lock picking) is available in most libraries. Ditto for safe and vault construction methodologies for the past 120 years.

  • slashdotted (Score:3, Funny)

    by jon787 ( 512497 ) on Saturday January 01, 2005 @09:08PM (#11235828) Homepage Journal
    The conclusion seems to be that while safes can fail, at least they do so in better ways than computer systems do.

    How about a safe holding up to the /. effect, hmmm?

    wgetting it at 12 K/s :(
    • Warning: it's a 2.5 meg pdf file with lots of pretty pictures."

      It was a 2.5 meg pdf file with lots of pretty pictures. (that I will not be able to look at for a few hours. Damn.)
  • While trying to retrieve the URL: http://www.crypto.com/papers/safelocks.pdf

    The following error was encountered:

    Unable to determine IP address from host name for www.crypto.com

    The dnsserver returned:

    No DNS records

    That's helpful.

  • Well so much for the PDF... (Score:4, Informative)

    by yuriismaster ( 776296 ) <tubaswimmer@gmai[ ]om ['l.c' in gap]> on Saturday January 01, 2005 @09:09PM (#11235835) Homepage
    Cmon, you expected a 2.5 mb file to last...

    Here's [64.233.167.104] Google's HTML-ification of the pdf (sans said 'pretty pictures')
    • Why on earth doesn't Slashdot set up a mirror first then link to that instead of bringing down people's websites? Bit/BlogTorrent are free last I checked. Linking to a 2.5MB file?! It's almost like they want the site to go offline.

      There was a guy [punditguy.com] with Tsunami Videos on his blog which ended up costing him $1,000 before he knew what hit him. Does Slashdot compensate those with huge bandwidth bills? or give any warning prior to linking to something like a pdf?
      • Why on earth doesn't Slashdot set up a mirror first then link to that instead of bringing down people's websites? Bit/BlogTorrent are free last I checked. Linking to a 2.5MB file?! It's almost like they want the site to go offline.

        It's about legality. It's totally legal to link, but mirroring may get you in trouble.

  • Mirror (Score:5, Informative)

    by hardlined ( 785357 ) on Saturday January 01, 2005 @09:15PM (#11235870) Homepage
    http://shell.athenet.net/~files/safelocks.pdf

  • The shocking secret the industry wants covered up (Score:5, Funny)

    by Anonymous Coward on Saturday January 01, 2005 @09:18PM (#11235882)
    All safes open using a maintenance combination of 12345.
  • Its all these damn trouble making hackers and lock-pickers figuring out how to do it! Damn commies.

  • A point well made (Score:5, Insightful)

    by gateman9 ( 733995 ) on Saturday January 01, 2005 @09:33PM (#11235936) Homepage Journal
    I think his comparison is on to something here.

    A good safe is designed in layers, so that to get in, you have to break through each layer. And the more layers, the more time it takes. Safe-makers know no safe is completely secure, and all safes are crackable.

    Time is the enemy of anyone looking to commit theft/robbery, whether that person is working physically or digitally. So the longer it takes the more secure the system it is.

    While we defeinitely know security by obfuscation is stupid in terms of computer security, safety by layers makes sense.

    If there were several layers of encryption (asymmetrical and symmetrical), compromising the system takes more time, and if one layer fails, the game isn't over just yet.

    Admittedly secure traffic would be much slower than unsecured traffic, the benefits of this kind of layered approach would be more than worth it for data that needs to be as secure is possible.

    • Similar (Score:5, Insightful)

      by irefay ( 785141 ) on Saturday January 01, 2005 @10:02PM (#11236025) Journal
      Similarly, you can have as many security layers as you wish but if you forget to weld the back end of the safe or network on than they still do nothing for security... your only as secure as your weakest point of security.

      • Re:Similar (Score:3, Insightful)

        by tchuladdiass ( 174342 )
        Well, in the case of the safe, you'd have to forget to "weld the back end on", and forget to secure the back door on the building, and leave an opening in the side perimeter fence, and leave the attack dogs tied up. This is what's meant by layered security. You don't just add three more locks to the same door, you instead add & secure more perimeters. The way you'd do this on a web server for example is to have the outside firewall direct requests to an inside box, which interprets the queries and th

  • general coding v. coding for security: assumptions (Score:5, Insightful)

    by G4from128k ( 686170 ) on Saturday January 01, 2005 @09:53PM (#11235999)
    The challenge for IT security is that computer science loves to use abstractions, encapsulation, APIs, libraries and what not that let the programmer ignore the details of the internal complexity of systems. The problem is that it leads one to assume that these systems behave in some idealized fashion (the logical, black-box model of the system). In reality, the systems don't always follow the assumed logical model or the ignored internals create side-effects that are unforeseen by the original programmer, but exploited by malicious actors.

    For example, assumptions about metadata and syntax give rise to buffer overflow or malformed string exploits. In trusting that an input string will be its stated length or follow the official syntax, the programmer adheres to the logical model of the system but creates a vulnerability. Similarly, physical power consumption artifacts can let a cracker guess the state or internal activities of a smartcard encryption chip. The original programmer is unaware that the code creates these artifacts since most coding paradigms ignore issues such as the exact execution time of subroutines, power consumption of CPU instructions, etc.

    Becoming security conscious means unlearning all the tricks that let a programmer ignore the complexity inside a system. It means understanding the real behavior of all the internals, all the side-effects, and all the system properties that might be observable or influenceable by a malicious party. That makes programming for security very different and very much harder that standard programming.

    To mangle a metaphor, security means that one must peel the onion to ensure that it does not have contain an open door in its core.

    • Becoming security conscious means unlearning all the tricks that let a programmer ignore the complexity inside a system. It means understanding the real behavior of all the internals, all the side-effects, and all the system properties that might be observable or influenceable by a malicious party. That makes programming for security very different and very much harder that standard programming.

      It also takes a lot longer. If you're questioning everything the C library is doing, you're going to spend al

    • The programmer is not supposed to assume that they always get the data they expect. Functions exist to take no more then the size of the buffer. There are functions to validate the input and output. You don't have to know every damn thing about a system and you don't have to throw out standard API's, you need less stupid programmers. They need to understand the ideas of the system, not the entire system from the ground up. API's, abstractions and whatever else you can think of are great things, as long as t

  • Hacker vs cracker (Score:5, Funny)

    by AtariAmarok ( 451306 ) on Saturday January 01, 2005 @10:01PM (#11236022)
    This one throws a monkey-wrench in the works of the old "hacker vs cracker" argument. If someone is a redneck safe-cracking computer scientist from Georgia, what category do they fall into? Hmmm?
    • My dad :-(
    • In Georgia "cracker" is a derogatory slang term for a redneck often used by folks of other ethnic origins. I just never see rednecks call each other "crackers". Anyways, I work in a office and my prior boss (african american) came into my cube and jokingly accused me of "hacking my way into systems". I corrected him and told him that the correct terminology was "cracker". I gave him a pretty stern look and told him that if he called me a "cracker", we'd be in HR's office before his coffee cooled off.
      Fun

  • A Companion Piece... (Score:5, Informative)

    by stankulp ( 69949 ) on Saturday January 01, 2005 @10:10PM (#11236048) Homepage
    --

    ...The MIT Guide to Lock Picking [lysator.liu.se]

    Don't leave home without it.

  • Best home safe is a home vault (Score:5, Interesting)

    by swb ( 14022 ) on Saturday January 01, 2005 @10:26PM (#11236090)
    Pick a corner area of your basement. Build a concrete block room, filling the block voids with concrete and rebar. Put a roof on the block room made out of steel plate, anchored to the block walls, and add another 4" of concrete and rebar on top of this.

    For the entrance, use two doors. The inside door should be a vault door (better gun safe door hung on a frame with inside release). Outside door should be steel fire/security door with steel frame and heavy locks. Outside door is just to be time consuming to get to the inside door.

    This wouldn't be all that expensive, either, considering a high-end gun safe alone is $5k pretty easily.

    • Comment removed (Score:5, Interesting)

      by account_deleted ( 4530225 ) on Saturday January 01, 2005 @10:40PM (#11236128)
      Comment removed based on user account deletion

      • Re:Best home safe is a home vault (Score:5, Interesting)

        by ckedge ( 192996 ) on Sunday January 02, 2005 @02:13AM (#11236900) Journal
        .
        When the family grocery store burned down the only thing left was the safe, which is where the lottery tickets and other such important/like-money-but-not-money type things were kept overnight. Of course having been in the middle of an inferno for 6 straight hours left it such that it couldn't be opened using the combination or door.

        My Uncle called the safe company, and they faxed him some instructions and told him to take it to the local autobody shop. At which point we learned why safes of that size are so damn heavy. Outer and inner boxes of thick steel, with the inner space filled with concrete!! (It's hard to get through and it insulates against fire..)

        A couple hours of careful torching and hammering latter and only one corner of one document came out singed - everything else was fine.

  • Massive Keyspace? (Score:3, Interesting)

    by macz ( 797860 ) on Saturday January 01, 2005 @10:29PM (#11236096)
    From the paper:
    There is much that information security can learn from physical security, and a careful study across the two disciplines should strengthen both of them. One of the most interesting aspects of physical security's methodology is its ability to very closely measure both the capabilities of the attacker and the resistance of various mechanisms to specific threats, as well as to compose these metrics in useful ways (e.g., to determine the required response time of an alarm system). Nothing approaching these kinds of metrics exists in information security.

    Isn't the use of ever increasing keyspace sizes in encryption algorithms (ie SHA256, SHA512, SHAadInfinitum) at a pace slightly higher than Moore's law effectively doing this now?

    I can't count how many times I have read "...will take longer than the age of the Universe itself to brute force this /insert encryption scheme of choice here/..." when reading about some new fangled encryption scheme. Naturally, that claim is based on computational power at the time, but doesn't this exactly dispute his claim?

    We can be better at it, sure. But computer security systems are designed with at least SOME regard for the notional hacker's motive, opportunity, and skill level.

    • Re:Massive Keyspace? (Score:4, Insightful)

      by charyou-tree ( 774046 ) <<charyou-tree> <at> <nym.hush.com>> on Saturday January 01, 2005 @11:22PM (#11236253)
      I can't count how many times I have read "...will take longer than the age of the Universe itself to brute force this /insert encryption scheme of choice here/..." when reading about some new fangled encryption scheme. Naturally, that claim is based on computational power at the time, but doesn't this exactly dispute his claim?
      No. Physics gets involved ... From Schneier's Applied Cryptography page 157:

      One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than k
      T, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

      Given that k = 1.38*10^-16 erg/deg Kelvin, and that the ambient temperature of the universe is 3.2 deg Kelvin, an ideal computer running at 3.2 deg Kelvin would consume 4.4*10^-16 ergs every time it set or cleared a bit. To run a computer colder thant the cosmic background radiation would require extra energy to run a heat pump.

      Now the annual energy output of our sun is about 1.21*10^41 ergs. This is enough to power about 2.7*10^56 single bit changes in our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this computer.

      But that's just one star, and a measly one at that. A typical supernova releases something like 10^51 ergs. If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

      These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.
      IOW, you can't brute-force a 256-bit key.
      • Except that it is theorized that certain types of quantum computing occupies dimensional realities which are more fungible than our own.

        If Leibinz is right and time and space don't exist, AND if there are other, possible realities... the whole thermodynamic thing is moot because causality is not inviolable.

        If causality is not inviolable, then simultaneous (as in photon simultanaeity) transmittal of information, or that "spooky action at a distance" Einstein talked about, as well as paralell computation i

  • Just about every gun safe, including my cheapie, that don't have electronic dials have locking mechanical dials. Some have locking bolt retractors, too.

    Sure, lockable dials are pickable (and my S&G group 2 lock's key looks fairly lame), but it's one of those additional layer/skill attributes that makes the stuff all the less desirable.

  • Time is the Key (Score:4, Interesting)

    by Lucas Membrane ( 524640 ) on Saturday January 01, 2005 @10:42PM (#11236132)
    The locks on bank vaults can't be picked or cracked or defeated except by brute force, because they are time locks. The vaults themselves are not designed to be impenetrable, but rather to simply to take an excessive amount of time to penetrate. A cheapo bank vault might be rated at only 45 minutes, better ones at several hours. Some manufacturers leave one spot weak where a safe can be penetrated more quickly than at other spots. That is "security by obscurity." If you don't know where that is, you've got a long night ahead of you. Perhaps some kinds of modern instruments can detect this spot, if it exists, from the outside.

    John Dillinger penetrated a bank vault and looted safe-deposit boxes within, but he did it by stealth, finding a closed-down bank, pretending to be an authorized workman, and taking a long time to extract the contents.

  • Better Safe Cracking through Chemistry (Score:5, Interesting)

    by Detritus ( 11846 ) on Saturday January 01, 2005 @10:42PM (#11236134) Homepage
    The most interesting method I've read about involved drilling a small hole in the top of the safe, filling it with water, and detonating a small explosive charge inside the safe. The hydrostatic pressure burst the safe open without damaging the contents.

    When I was a kid, my friends and I put an ordinary paper firecracker inside a wooden box, about the size of a cigar box, and secured the lid. To our surprise, the box spontaneously disassembled itself into its component parts, which travelled outwards at high speed. All of that from a firecracker that would only cause minor burns if you held it in your fingers when it exploded.

    • Yep, same technique used by Robert De Niro in The Score [imdb.com]. To which when questioned if the concept would work he replied "It's physics".

      So is it chemistry or physics that makes this work? I suppose the pressure generated by the explosion is the main factor to success but what about a purely chemical reaction via an exothermic reaction in the water causing it to expand.... /me runs to the convenience store with an aquarium heater and balaclava.

    • Re:Better Safe Cracking through Chemistry (Score:5, Informative)

      by iggymanz ( 596061 ) on Sunday January 02, 2005 @12:12AM (#11236365)
      uh-huh, ever try to drill a *small* hole into armor plate with man-portable power tools? Please try that sometime, I would reccomend warming up by attempting said feat on an iron beam used to make the average american skyscraper. I actually tried that in my apartment in Chicago to mount something in the window; once through the drywall my eighth-inch titanium nitride bit powered by third horsepower motor did nothing more than polish the steel. embarrasing. Anyway, to put in water and explosive you'll need what, a one-inch hole? Maybe an oxygen lance would be better.
      • Thermite. Just pile your iron filings and aluminium powder (remember, kids: 3 parts of iron to 1 part of aluminium) on top of the safe, drop a bit of burning magnesium on it, and stand back.

        • Re:Better Safe Cracking through Chemistry (Score:4, Insightful)

          by iggymanz ( 596061 ) on Sunday January 02, 2005 @01:15AM (#11236645)
          That's iron oxide (rust), by the way. Anyway, was just making the point that to drill a safe or vault that actually held something of great value (not the $150 sheet-metal-coated-concrete type you get at Walmart or Office Depot) won't be like what you see in the movies: someone reaching into a pouch under their coat and pulling out a carpenter's cordless and making a half inch or bigger hole in a half foot or more of armoured steel. Now, if they have a Ford F-3 parked on the street, running a construction generator pumping out a few dozen amps at 240VAC, with a bundle of cables & hose coming into the door, and a drill motor with more power than a driving lawnmower, then yes, a man can "quickly" drill a hole in a half foot or more of armor.

    • Re:Better Safe Cracking through Chemistry (Score:5, Informative)

      by deanpole ( 185240 ) on Sunday January 02, 2005 @12:47AM (#11236523)
      The verb is to "tamp". It makes an explosion more effective by physically constraining it. For example a stick of dynamite if left on a road will create a pothole a foot or two deep. Whereas several sandbags placed on top will create a crater multiple feet deep. The improvement results from directing the explosive force, but also by helping the explosive fully combust. In fact the need to tamp is the difference between a "high" and "low" explosive. The later being able to burn under the right conditions.
    • Read?

      That technique was used in the movie "The Score". I'm not sure that it would work on a real safe using a small charge. Also, you would have to drill two holes, one to let water in and one to let air out, or it is going to take a long time to fill.

      A guide to science in movies - comments on the movie the score [intuitor.com]

    • If you break open a firecraker (many will come apart just by applying pressure to the middle with your thumbs, holding the ends with your indexfingers, like snapping a twig) and light the exposed ends of scary explosives, all they'll do is fizzle a bit and make pretty sparks.

      Without containment, there's no pressure to build up, and explosives typically don't explode, but just burn quite rapidly.

      So, reinforcing firecrackers can make them a lot louder/destructive.
  • Locks, Safes and Security: An International Police Reference Two Volumes is apparently a wonderful book all about the history of lock-picking and its evolution, including ways in which things were overcome. Although the book is a bit pricey.

  • Fail-secure (Score:3, Insightful)

    by russotto ( 537200 ) on Sunday January 02, 2005 @12:12AM (#11236362) Journal
    Good safes tend to "fail secure" -- that is, when something goes wrong, you can't get into it even with the right combination. The only reason this is acceptable is there's still ways into the safe without damaging the contents. They're expensive (hardened drill bits ain't cheap!), require esoteric tools and knowledge, and hopefully take a lot of time and make a lot of noise, which a cracker doesn't want to do. Encryption, if it fails for some reason, is as hard to break for the legitimate user as it is for the cracker. Fortunately, it doesn't fail that often --- except for good old human factors, like the guy with the key forget it, lost it, or dropped dead.

  • It is actually interesting on how you "tap" a safe (Score:3, Interesting)

    by Da w00t ( 1789 ) on Sunday January 02, 2005 @12:55AM (#11236559) Homepage
    My father who got sent to locksmithing training by the Department of Defense was describing how you drill into the door of a safe to open it if you've somehow lost the combination. Basically you get a piece of metal that is the size of the door from the manufacturer -- it has marks on it where to drill. You drill according to the directions, and then fiddle with the inner workings of the locking mechanism to move the tumblers where they should be in order to open the safe, and to change the combination.

    The bad part is that once you've done this, to make the safe secure again you put a steel ball bearing the size of the hole in the hole, and then weld it in there. There is absolutely no way you're going to be able to drill through that steel. Any drill bit you try to drill through it is just going to dance on it, and end up breaking the drill bit.

    So I guess in that case, safes that have been forcibly opened using the above method are safer than ones that havn't.

  • No Protection for the Clueless (Score:5, Interesting)

    by scottd18 ( 593645 ) on Sunday January 02, 2005 @01:03AM (#11236595) Homepage

    There was a burglar in Texas last year that was breaking into city hall buildings all over the state. In almost every one he managed to get access to the safe or safes kept in the building without prying or damaging the safes.

    When he finally got caught be debriefed and gave up his MO. He would get in to the building be defeating a usually inadequate door lock with a screw driver. Then once inside he would look in all the desk drawers for sticky notes with numbers on them. In almost every one he would find a sticky note with the combination to the safe. This guy hit over 50 different city halls and got into the safe(s) in almost all of them.

    The best safes in the world won't keep people from being clueless about security.

  • No Big Secret (Score:5, Informative)

    by Dun Malg ( 230075 ) on Sunday January 02, 2005 @01:22AM (#11236681) Homepage
    The interesting thing is that it describes in detail the different ways that safes are cracked, probably revealing techniques that locksmiths would rather you didn't know about (there's a lot of security-by-obscurity there).

    A good locksmith specializing in safes doesn't care if you know how safes are opened-- on the contrary, they'll tell you all about it. The job of a competent physical security professional is give the client a straight and honest description of how the product works and what its weaknesses are, and safes are no exception. I've worked for a locksmith for the last ten years and it's company policy to show clients exactly what they're getting and/or what they already have. With safe openings, my boss explains exactly what he's doing and how it all works. Admittedly, there are a lot of locksmiths who think this should all be top secret stuff, but they're just fooling themselves. All the info is out there. There's no official schooling for locksmiths, and no coherent regulation of the profession. Subsequently, there's no way to really keep the information out of the hands of "criminals" while still allowing access for beginners trying to start out in the profession. You can join the Associated Locksmiths of America [slashdot.org] essentially by just saying you're a locksmith, although you'll be approved for membership quicker if you have the recommendation of an existing ALOA member. Once you have an ALOA membership number, you're a locksmith as far as the "keepers of the knowledge" are concerned. Heck, you don't have to have anything but fifty bucks and a mailing address to subscribe to The Locksmith Ledger [lledger.com], and they frequently have articles on opening various safes.

    Really, none of the techniques outlined by Mr. Blaze in the PDF are any big secret. Anyone with access to such a lock mechanism (buy a safe and you've got one) and a little brainpower can figure all that stuff out. The thing is, drilling a safe requires fairly specialized tools and is very noisy. Manipulating a safe requires a lot of practice, and even an expert can take a LONG TIME to get into a safe. There's no astounding revelations there. Walk into my boss' locksmith shop and he'd show you all that. I've tried my hand at both drill penetration and manipulation, and there are no "secrets" that make any of that stuff easy. At best, the knowledge it just makes it possible-- and that knowledge is available through simple observation.

  • Safe cracking/ Lock picking (Score:5, Interesting)

    by Rank_Tyro ( 721935 ) <ranktyro11@gm a i l.com> on Sunday January 02, 2005 @03:55AM (#11237264) Journal
    For $35USD, and a glance at my driver's licence, I was able to purchase a lock-pick set. I was intrigued, after seeing hundreds of movies showing theives and spies opening doors faster than people with keys.
    After alot of research, and pracitice, I was able to open several brands of pad-locks, as well as the doors' to my house. Guess What? It's not as easy as it looks.
    I did this mainly out of curiosity, but I recently had a chance to put this new skill to the test.
    My neighbor had locked her keys in her house, and asked for my help. After thinking about it for 15 seconds, agreed to help.
    I broke a pane in the window of her back door. There was no way I was going to let her know that I was capable of defeating the locks on her house. I have no intrest in breaking and entering, but the fact is, if people know you can do it, and something goes missing, guess who the first suspect is going to be?
    I would love to figure out how to open a safe, not because I want to rob anyone.....it's just really cool, and the fun is in learning how to do something most people can't.
    • I once taught my Numerical Analysis class how to make a simple rake and tension wrench and use them. It was just a few pictures on the chalk board in between classes.

      About a week later, one of my students came to class very excited. He had made the tools and tried them--no success.

      Then he locked his keys in his house. His tools were sitting on the seat of his unlocked car. So he tried again. I believe he said it took him about 40 minutes to get in. Not bad for a beginner.

  • Companion piece (Score:4, Interesting)

    by Richard W.M. Jones ( 591125 ) <{rich} {at} {annexia.org}> on Sunday January 02, 2005 @07:02AM (#11237661) Homepage
    Excellent companion piece, written in a very entertaining style:

    http://www.timhunkin.com/94_illegal_engineering.ht m [timhunkin.com]

    Rich.

  • Richard Feynman - original geek safecracker (Score:5, Interesting)

    by John Jorsett ( 171560 ) on Sunday January 02, 2005 @12:09PM (#11238272)
    In physicist Richard Feynman's book, "Surely You're Joking, Mr. Feynman," he talks about working on the Manhattan Project in New Mexico. He discovered he could figure out the combination to the safes they were using just by touch. So he went around to various offices and would kind of lean on the safe while chatting with the inhabitant. He'd twiddle the dial as though he were just playing around with it during the conversation, but he was really determining the combination. Eventually, he went to the security people and showed them how easy it was to crack these things, and showed how he had the combinations to many safes. Instead of improving the safes, the response of the security people was to make the occupant of every office Feynman had ever been in change the safe combination. The inhabitants were none too happy, and to avoid a repeat of the episode banned Feynman from entering their offices thenceforth. The safes were left as vulnerable as before.

Slashdot Top Deals

"Protozoa are small, and bacteria are small, but viruses are smaller than the both put together."

Close