Thermonuclear warIf you recognized the title of this post, congratulations. You are a true übernerd, a geek among geeks. It's the launch code from the movie WarGames, which Boing Boing reminds me was the greatest geek movie ever and was originally released twenty-five years ago. Did you miss the silver anniversary celebrations in May? So did I, but Wired magazine offers a nostalgic retrospective for all of us who miss the days of 300-baud dial-up modems and 8.5-inch diskettes.
WarGames was a cautionary tale about artificial intelligence and human stupidity. The sermon was a timely one, albeit delivered in a candy coating of teen angst, love, and adventure with lead roles played by Matthew Broderick and Ally Sheedy. In 1983 the president of the United States actually believed it was possible that Bible prophecy might require him to play a leading role in the battle of Armageddon. Certainly launching a nuclear war would be an excellent way to set off the Apocalypse—in accordance with God's divine plan (and love and mercy and all that). We tended to avoid thinking about it too much back then because it was difficult to function if you were shuddering all day.
I didn't own my own computer yet when WarGames came out, but I already knew about modems and punch cards (almost—but not quite—obsolete then) and computer terminals. The local university had a connection to the ARPAnet, the Internet precursor sponsored by the Defense Department, and my nerdiest friends were on it daily. Although I had my doubts about WOPR (War Operation Plan Response), the computer that could control the entire United States nuclear arsenal, the scenario seemed realistic enough. Yes, it was science fiction, but not beyond the limits of credulity. Suspension of disbelief was all too easy.
That is, until the grand finale. That's the scene in the command bunker where WOPR begins to crack the secret ten-character launch code so that it can follow a teenager's inadvertent command to play out a thermonuclear war. Fortunately for the dramatic impact of the movie, WOPR flashed its progress in code-breaking on the large screens in the command center. Ten-character alphanumeric strings flashed past the eyes as WOPR searched for the launch key. The audience in the movie theater was rapt.
I, however, got a sinking feeling in my stomach. Damn!
WOPR was being allowed to riffle through the ten-character strings without any limitations. There was no one-attempt-per-second rule. No three-tries-and-you're-out. WOPR was jamming through the ten-character strings without hindrance. With 26 characters in the alphabet (uppercase only it seemed) and 10 numerals, WOPR has 3610 possibilities to check. That's between three and four quadrillion. WOPR was presumably a state-of-the-art military supercomputer capable of sophisticated war game simulation. I imagine it would have had massively parallel computing architecture. If it could crunch billions of possible codes per second, WOPR would crack the launch security barrier within perhaps a year or so by simple brute force. If it could crunch trillions per second, then perhaps hours or minutes. Not very secure.
Even back in 1983 the IBM Personal Computer boasted a microprocessor clocked at 4.77 MHz. Sure, that was just a microchip, but it indicated the low end of the computing power of the day. Yes, I was mildly disgruntled at the ease with which WOPR would be able to crack the code. Not very reassuring or realistic.
But then things got worse. Dramatically worse. Suddenly the first character of the launch code was frozen on the display screen: C. WOPR had figured out the first character. People in the command room were horrified. Then: P. Oh, no! WOPR was getting closer!
Now I was really disgusted. If you were allowed to figure out the code one character at a time, then I could do it myself, in a couple of minutes, without any massively parallel computing power. It's boring, but it's easy. You do it like this, beginning with the first character:
“Is it an A?”
“Is it a B?”
“Is it a C?”
Bingo!
Then on to the second character:
“Is it an A?”
“Is it a B?”
“Is it a C?”
Yes, this one would take longer. If you make it all the way through the alphabet, then rattle off the ten numerals, one after the other.
In a few minutes you'd have the whole thing. Thermonuclear war. Boom!
No, it didn't actually ruin the movie for me, but I was rather disgruntled. To make matters worse, none of my friends cared. Sure, the nerdy ones merely agreed that it was a dumb mistake—but what did you expect from Hollywood, anyway? The less nerdy ones simply pointed out that it made the ending more exciting. Yeah, I got that.
It was probably only the math geeks like me that were really irritated. But we don't count.
15 comments:
What bothers me about stuff like that is that programming it to check letter by letter is about the stupidest possibly way to program a passcode protection.
I mean, just hash the damn thing and then store the hash. When a password is typed in, hash that and compare it against the stored hash. Simple and practically impossible to reverse engineer. The only way at that point is a brute force hack.
Or just disable the password protection. If someone was idiotic enough to program it that way, then they could be dumb enough to have just slapped a password on top.
Don't even get me started on Stargate. Or Independence Day.
Well really, at that point you might as well just write the password on a piece of paper and stick it on the front of the machine.
Thankfully our existing security is better than that--I hope?
It was probably only the math geeks like me that were really irritated. But we don't count
I dunno... it seems to me that, by definition, math geeks *do* count.
Oh, Ray, you clever boy, you!
I was counting on someone getting the joke. You're #1!
Zeno, I also date from the time of 8.5" removable media, and they were not diskettes. They were floppy disks, or just floppies, and none of us female techies were put out by the name.
The first time someone asked me to give them a file on a diskette, I said, "huh?" But by then, the floppies were no longer floppy.
That scene bugged the hell out of me, too, and the effect has been done in other movies and TV shows as well -- the most recent time I saw it was in an episode of "Alias". I don't think you have to be a math geek to hate it; it defies simple logic.
I suspect the idea came from safecracking scenes -- you know, rotate it until it clicks, and there's the first number; now rotate it back the other way, etc. No excuse, but maybe an explanation.
It's a shame, because they got so many other things in that movie right.
This goof is fresh in my mind, since some friends and I watched WarGames this past Saturday night.
Privately, I always rationalized the digit-by-digit code-cracking as the WOPR doing extraordinarily sophisticated cryptanalysis based on the responses it received from the silo computers. It's actually measuring the time delays of the return packets from the silos and using that information to deduce the internal state of the missile-control systems. This requires sending the same code more than once, and comparing the responses from overlapping codes.
Complaining about bad movie math: geeky. Fanwanking to invent a rationalization: supremely geeky.
I still haven't been able to fix the problems in Pi, though.
Just having seen the movie recently, I was struck by how non-stupid it was, even by (or especially by) modern standards, considering that computers were hacked into with laborious effort instead of the "speed type and we're in under a minute" type of hacking we see all too often these days.
While the launch code hacking isn't terribly realistic, I could live with it, considering that they had AI in the movie. And if it really bothers you, you can explain away the gazillion attempts without being locked out by assuming that computer security was still in a naive stage at the time (maybe with the designers being more concerned about communications security and inexperienced with software security).
And for the launch code breaking, we can just imagine that Joshua (WOPR) invented a timing-based or power-based differential cryptanalysis on the spot, which could explain why a single letter could be matched at a time, with the whole code being cracked in a feasible amount of time.
Not terribly plausible, especially when side-channel attacks were not widely known at the time (maybe the NSA knew), but anything to regain an acceptable amount of suspension of belief. :)
And down the home stretch, it's Blake and Yoo side by side, straining toward the finish line for a victory in the Nerdboy Derby.
The crowd is going wild.
Pff. I got the counting thing. It was just a trivial corollary :D
And once again I'm forced to realise just how non-precocious a kid I was. I remember loving that film, and yet none of it sticks.
I had to have the physics error in Lord of the Flies pointed out to me too.
The letter at a time password attack was a real method on at least one late 1960s computer system. The password checker compared the input string to the password one letter at a time. The attacker would set up the strings so that the N+1-th letter would cause an out of bounds memory error, but only if the N-th letter was correct. This was common knowledge in the security community by the early 1970s, but who knows what was out in the field then and how long it stayed around.
The fix was to copy the entire password into a buffer before comparing. A more sophisticated fix required the password checker to check all the letters anyway so that the attacker couldn't measure the CPU time taken and guess how many letters were good. Our more modern approach to password verification using hashing had to wait for better hash codings. The math was still being developed in the 1960s and early 1970s.
The real problem is how one shows a password attack in a dramatic fashion in a movie. Progress bars work fairly well, but they imply knowing how long the attack will take before one starts. That would be even more annoying. Showing letter combinations changing works fairly well as far as I am concerned, even if it is rather bogus.
Of course, there is nothing quite like sitting in a showing of the Forbin Project and listening to the crowd shouting CONTROL-S, flush output.
Ctrl-S is "pause output", "flush output" would be Ctrl-O.
How about a nice game of chess?
at least the launch code wasn't "Pencil"...
Post a Comment