To some extent I'm not sure the "launch codes" themselves -- if there is something you need to type into a console at the missile base itself to actually launch the missile and there isn't just a shiny red button -- need to be that secret. There should be a boatload of physical security protecting nuclear missiles. If there isn't, we're doing it wrong. It's not like we should be letting random people reach the point they could fire the missile.
But launching nuclear missiles is a command decision so the weak point in the system is the means by which an order to launch is authenticated. And whatever secret tokens are used in that process, those I want as few people as possible to know (ideally zero).
But launching nuclear missiles is a command decision so the weak point in the system is the means by which an order to launch is authenticated. And whatever secret tokens are used in that process, those I want as few people as possible to know (ideally zero).