Waste packages for a U.S. nuclear waste repository are required to provide reasonable assurance of maintaining substantially complete containment of radionuclides for 300 to 1000yr after closure and of permitting only controlled release of radionuclides for 10000 yr. The waiting time to failure for complex failure processes affecting engineered or manufactured systems is often found to be an exponentially distributed random variable. Assuming that this simple distribution can be used to describe the failures of hypothetical singlebarrier waste packages, bounding calculations show that the mean time to failure would have to be >107 yr in order to provide reasonable assurance of meeting this requirement. If such a waste package could be manufactured, it would be practically impossible to demonstrate its performance within the repository preclosure time of 40 yr. With two independent barriers, each would need to have a mean time to failure of only 105 yr to provide the same reliability, illustrating that the use of redundant independent barriers is the key to both achieving and demonstrating regulatory compliance. However, even this demonstration would require testing tens of thousands of two-barrier systems for several decades. As more barriers are added, the mean lifetime required of each individual barrier decreases, and the demonstration of performance becomes more feasible, although still requiring extensive testing and observation during the preclosure period for performance confirmation. In any case, the results illustrate that neither the engineered barrier system nor the geologic barrier system alone is likely to provide the required degree of assurance of repository safety.