
Permissive Action Links – how nuclear weapons are secured - asciilifeform
https://www.cs.columbia.edu/~smb/nsam-160/pal.html
======
wsh
This blog item appears to have been plagiarized from Steve Bellovin's page:

<https://www.cs.columbia.edu/~smb/nsam-160/pal.html>

~~~
asciilifeform
Some of the text might have been cribbed, but I have never seen photos of
actual "PAL" equipment anywhere before.

------
harshreality
What does the PAL do when it detects unauthorized tampering?

For fission weapons, isn't the most critical part the core? One design
criterion for a PAL is to prevent scattering of fissile material, so the core
remains intact, right? How hard can it be for a rogue state or group to create
a new bomb given that the fissile core is the most valuable part of a fission
bomb?

For a fusion bomb, I guess the PAL would damage the aerogel ("fogbank") among
other things. That would take some advanced knowledge to redesign, but whoever
has the weapon would still have the fissile material from the first stage even
if they can't get the fusion part of humpty dumpty back together again.

The original fission bombs were designed in the 1940s with slide rules. It
seems to me that PALs do a better job of protecting against unauthorized
fusion detonations than of protecting against unauthorized re-engineering of
the bombs into fission or radiological versions using the fission core.

~~~
evo
While it's commonly bandied about that it's easy to build a nuclear weapon,
and I don't dispute that, I think those sorts of claims are contingent on
having a pretty wide range in the amount of fissile material you have at your
disposal. "Straightforward" bomb designs can be achieved by being willing to
start with a lot more than needed U-235/Pu-239.

I would assume that the US has very few of the ancient "enough fissile
material to go critical trivially" sorts of bombs. The miniaturization of
atomic weapons to fit into, among other things, ICBM warhead nose cones,
likely came about by using smaller quantities of fissile material with much
higher precision explosives, timings, and pit shapes to push that smaller
nuclear pit into supercriticality. Instead of a soccer-ball of dozens of
explosive lenses like the Fat Man, you've got maybe two or three lenses tops.
Less moving parts, smaller overall bomb, but much much more timing sensitive.

So if tampering or failing the PAL blows out an EEPROM with the detonation
timings on it, you've got a chunk of fissile material that's likely not enough
by itself to construct a working nuclear bomb without 30-40 years of
superpower-levels-of-funded R&D into materials sciences, precision machining
of nasty stuff like beryllium, slapper detonators, so on and so forth.

Most of the gigantic TOP500 supercomputer clusters we've built over the years
at national laboratories are likely used towards simulating whether the pits,
even in their current configurations, are decaying in a reliable way that the
weapons still function if needed. Reprocessing a single given pit into a new
weapon is quite possibly an even harder problem.

Now, if you can steal a whole cache of nuclear weapons, then it gets a lot
more feasible, since you can probably make one "easy" bomb out of a few hard
ones, and either way you have nasty dirty-bomb potential, but I think if you
had the capacity to build a working nuclear weapon out of a modern warhead,
you probably already have them to begin with.

------
darien
I like the part where it says "the secret unlock code was set to 00000000."
Some things never change.

------
rdl
PALs and the START tamper sensors are some of the most amazing implementations
of tamper resistance in the history of mankind. They are what got me
interested in the stuff in the mid 1990s, followed by the weirdness of DRM
schemes for anti piracy.

