Wednesday, July 23, 2008

CPE1704TKS

Thermonuclear war

If you recognized the title of this post, congratulations. You are a true übernerd, a geek among geeks. It's the launch code from the movie WarGames, which Boing Boing reminds me was the greatest geek movie ever and was originally released twenty-five years ago. Did you miss the silver anniversary celebrations in May? So did I, but Wired magazine offers a nostalgic retrospective for all of us who miss the days of 300-baud dial-up modems and 8-inch diskettes.

WarGames was a cautionary tale about artificial intelligence and human stupidity. The sermon was a timely one, albeit delivered in a candy coating of teen angst, love, and adventure with lead roles played by Matthew Broderick and Ally Sheedy. In 1983 the president of the United States actually believed it was possible that Bible prophecy might require him to play a leading role in the battle of Armageddon. Certainly launching a nuclear war would be an excellent way to set off the Apocalypse—in accordance with God's divine plan (and love and mercy and all that). We tended to avoid thinking about it too much back then because it was difficult to function if you were shuddering all day.

I didn't own my own computer yet when WarGames came out, but I already knew about modems and punch cards (almost—but not quite—obsolete then) and computer terminals. The local university had a connection to the ARPAnet, the Internet precursor sponsored by the Defense Department, and my nerdiest friends were on it daily. Although I had my doubts about WOPR (War Operation Plan Response), the computer that could control the entire United States nuclear arsenal, the scenario seemed realistic enough. Yes, it was science fiction, but not beyond the limits of credulity. Suspension of disbelief was all too easy.

That is, until the grand finale. That's the scene in the command bunker where WOPR begins to crack the secret ten-character launch code so that it can follow a teenager's inadvertent command to play out a thermonuclear war. Fortunately for the dramatic impact of the movie, WOPR flashed its progress in code-breaking on the large screens in the command center. Ten-character alphanumeric strings flashed past the eyes as WOPR searched for the launch key. The audience in the movie theater was rapt.

I, however, got a sinking feeling in my stomach. Damn!

WOPR was being allowed to riffle through the ten-character strings without any limitations. There was no one-attempt-per-second rule. No three-tries-and-you're-out. WOPR was jamming through the ten-character strings without hindrance. With 26 characters in the alphabet (uppercase only it seemed) and 10 numerals, WOPR has 3610 possibilities to check. That's between three and four quadrillion. WOPR was presumably a state-of-the-art military supercomputer capable of sophisticated war game simulation. I imagine it would have had massively parallel computing architecture. If it could crunch billions of possible codes per second, WOPR would crack the launch security barrier within perhaps a year or so by simple brute force. If it could crunch trillions per second, then perhaps hours or minutes. Not very secure.

Even back in 1983 the IBM Personal Computer boasted a microprocessor clocked at 4.77 MHz. Sure, that was just a microchip, but it indicated the low end of the computing power of the day. Yes, I was mildly disgruntled at the ease with which WOPR would be able to crack the code. Not very reassuring or realistic.

But then things got worse. Dramatically worse. Suddenly the first character of the launch code was frozen on the display screen: C. WOPR had figured out the first character. People in the command room were horrified. Then: P. Oh, no! WOPR was getting closer!

Now I was really disgusted. If you were allowed to figure out the code one character at a time, then I could do it myself, in a couple of minutes, without any massively parallel computing power. It's boring, but it's easy. You do it like this, beginning with the first character:

“Is it an A?”
“Is it a B?”
“Is it a C?”

Bingo!

Then on to the second character:

“Is it an A?”
“Is it a B?”
“Is it a C?”

Yes, this one would take longer. If you make it all the way through the alphabet, then rattle off the ten numerals, one after the other.

In a few minutes you'd have the whole thing. Thermonuclear war. Boom!

No, it didn't actually ruin the movie for me, but I was rather disgruntled. To make matters worse, none of my friends cared. Sure, the nerdy ones merely agreed that it was a dumb mistake—but what did you expect from Hollywood, anyway? The less nerdy ones simply pointed out that it made the ending more exciting. Yeah, I got that.

It was probably only the math geeks like me that were really irritated. But we don't count.

27 comments:

Josh said...

What bothers me about stuff like that is that programming it to check letter by letter is about the stupidest possibly way to program a passcode protection.

I mean, just hash the damn thing and then store the hash. When a password is typed in, hash that and compare it against the stored hash. Simple and practically impossible to reverse engineer. The only way at that point is a brute force hack.

Or just disable the password protection. If someone was idiotic enough to program it that way, then they could be dumb enough to have just slapped a password on top.

Don't even get me started on Stargate. Or Independence Day.

intrinsicallyknotted said...

Well really, at that point you might as well just write the password on a piece of paper and stick it on the front of the machine.

Thankfully our existing security is better than that--I hope?

Ray said...

It was probably only the math geeks like me that were really irritated. But we don't count

I dunno... it seems to me that, by definition, math geeks *do* count.

Zeno said...

Oh, Ray, you clever boy, you!

I was counting on someone getting the joke. You're #1!

Karen said...

Zeno, I also date from the time of 8.5" removable media, and they were not diskettes. They were floppy disks, or just floppies, and none of us female techies were put out by the name.

The first time someone asked me to give them a file on a diskette, I said, "huh?" But by then, the floppies were no longer floppy.

William said...

That scene bugged the hell out of me, too, and the effect has been done in other movies and TV shows as well -- the most recent time I saw it was in an episode of "Alias". I don't think you have to be a math geek to hate it; it defies simple logic.

I suspect the idea came from safecracking scenes -- you know, rotate it until it clicks, and there's the first number; now rotate it back the other way, etc. No excuse, but maybe an explanation.

It's a shame, because they got so many other things in that movie right.

Blake Stacey said...

This goof is fresh in my mind, since some friends and I watched WarGames this past Saturday night.

Privately, I always rationalized the digit-by-digit code-cracking as the WOPR doing extraordinarily sophisticated cryptanalysis based on the responses it received from the silo computers. It's actually measuring the time delays of the return packets from the silos and using that information to deduce the internal state of the missile-control systems. This requires sending the same code more than once, and comparing the responses from overlapping codes.

Complaining about bad movie math: geeky. Fanwanking to invent a rationalization: supremely geeky.

I still haven't been able to fix the problems in Pi, though.

Yoo said...

Just having seen the movie recently, I was struck by how non-stupid it was, even by (or especially by) modern standards, considering that computers were hacked into with laborious effort instead of the "speed type and we're in under a minute" type of hacking we see all too often these days.

While the launch code hacking isn't terribly realistic, I could live with it, considering that they had AI in the movie. And if it really bothers you, you can explain away the gazillion attempts without being locked out by assuming that computer security was still in a naive stage at the time (maybe with the designers being more concerned about communications security and inexperienced with software security).

And for the launch code breaking, we can just imagine that Joshua (WOPR) invented a timing-based or power-based differential cryptanalysis on the spot, which could explain why a single letter could be matched at a time, with the whole code being cracked in a feasible amount of time.

Not terribly plausible, especially when side-channel attacks were not widely known at the time (maybe the NSA knew), but anything to regain an acceptable amount of suspension of belief. :)

Zeno said...

And down the home stretch, it's Blake and Yoo side by side, straining toward the finish line for a victory in the Nerdboy Derby.

The crowd is going wild.

unapologetic said...

Pff. I got the counting thing. It was just a trivial corollary :D

Sili said...

And once again I'm forced to realise just how non-precocious a kid I was. I remember loving that film, and yet none of it sticks.

I had to have the physics error in Lord of the Flies pointed out to me too.

Kaleberg said...

The letter at a time password attack was a real method on at least one late 1960s computer system. The password checker compared the input string to the password one letter at a time. The attacker would set up the strings so that the N+1-th letter would cause an out of bounds memory error, but only if the N-th letter was correct. This was common knowledge in the security community by the early 1970s, but who knows what was out in the field then and how long it stayed around.

The fix was to copy the entire password into a buffer before comparing. A more sophisticated fix required the password checker to check all the letters anyway so that the attacker couldn't measure the CPU time taken and guess how many letters were good. Our more modern approach to password verification using hashing had to wait for better hash codings. The math was still being developed in the 1960s and early 1970s.

The real problem is how one shows a password attack in a dramatic fashion in a movie. Progress bars work fairly well, but they imply knowing how long the attack will take before one starts. That would be even more annoying. Showing letter combinations changing works fairly well as far as I am concerned, even if it is rather bogus.

Of course, there is nothing quite like sitting in a showing of the Forbin Project and listening to the crowd shouting CONTROL-S, flush output.

kai said...

Ctrl-S is "pause output", "flush output" would be Ctrl-O.

BAS said...

How about a nice game of chess?

dfunkt said...

at least the launch code wasn't "Pencil"...

Chris Brind said...

"Is there any way to make it play itself?"

"Yes, enter players zero."

so he types 'ZERO' - why not just press 0 ? :S

but i love this movie really :)

ceebs said...

Chris, to make it even worse, the actual, real world launch code was all zeros, 00000000,

http://www.cdi.org/blair/permissive-action-links.cfm

The Ridger, FCD said...

Who was it said "Science fiction isn't written for scientists any more than ghost stories are written for ghosts"?

Chris Brind said...

Good quote. Google says it was Brian W Aldiss :)

http://www.jstor.org/pss/4241354

Which is interesting, because as a scientist/technologist I like science-fiction. Does that mean it has to be even *more* off the wall than normal science fiction to satisfy me? Probably. :)

massimo said...

The code to launch the missiles is "CPE1704TKS" when displayed on the big screen and on most of the launch consoles, but it is shown as "JPE1704TKS" on one console shown in closeup in the sequence where the WOPR is attempting to determine the launch codes itself.

dculberson said...

Okay, sorry for commenting on a super old post, but floppy disks weren't 8.5", they were 8"! 8", then 5.25", then 3.5".

About the one letter at a time thing; maybe WOPR was gauging the people's reaction, Clever Hans style, to figure out the code? heh.

SkyborgSin said...

I doubt i could ever comment a post as old as this anymore, but the wopr hadn't to crack a 36^10 code, but a merely (26^6)*(10*4) since if you notice the middle characters are digit only, and the lateral ones are letter only.
So, instead of a
141167095653376 code list "merely" a
3089157760000 one.

Yeah, and the "one character at time" thing sucked for me too.

Söze said...

At the time being back in the early eighties one of the more popular operating systems in the academic world was TOPS20 (Digital time-sharing). The operating system actually had an authentication algorithm validating passwords by doing letter by letter comparison. Using the DDT debugger allowed you to setup address traps to trap when supplying right or wrong letter. The routine had different return addresses for if the letter was correct or wrong. Break-ins were actually done using this mechanism. So for the time being the movie was not that unrealistic. I think this short coming was present in V6 but was fixed in V7. How did not remember the CHAOS computer club and its escapades on the TYMNET X25 network?

Anonymous said...

Doncamatic

Anonymous said...

"David, is this because of what you did with my grade?"

Anonymous said...

"Hell, I'd piss on a spark plug if i thought it would help!" LOL!

I introduced my 8,11,14 year old kids to this movie and they loved it. They've watched it multiple times.

I remember seeing this when it came out (yeah, I'm old). Funny thing is a lot of what he did in that movie could actually be done like the phone hacking. Yeah, the code thing at the end was cheesy, but i was to young to care.

Ben said...

About techniques for breaking the password one character at a time, if the computer were making comparisons one character at a time, it would be virtually certain that they would be made in some regular order (e.g. left to right, right to left, etc.).

Under those conditions, if you have a technique where you are watching how long the comparison takes, it seems unavoidable that a fast solution would need to determine the characters in the order of comparison. It does no good and provides no new information to be changing characters that are never considered due to earlier errors.

Yet, in the movie it is clear that the order of discovery appears random. It follows no readily discernible order.

Yes, I understand why the movie did it for dramatic purposes. (Even so, it bugged me almost as much as the *sparks* from the computer working really, really hard. UGH.)

Nevertheless, the various heroic attempts to salvage plausibility for it seem doomed.

The best that can be said for this aspect of the movie is that it becomes a GREAT, memorable illustration of partitioned search (finding the answer a character at a time) and how this doesn't correspond to reality when functionality depends on getting an entire combination correctly.