HDCP Encryption Cracked, Details Unreleased Due To DMCA 362
Lord_Pall writes: "There's a very good article on SecurityFocus about a Dutch cryptographer. He apparently has cracked the HDCP video encryption standard, but won't release the research for fear of reprisals under the DMCA."
Update: 08/15 06:10 PM by J : Meanwhile, see
Keith Irwin's paper
which has been released despite the DMCA.
Update: 08/15 07:00 PM by J :
And someone else points out
this old thing.
Everyone who hasn't written a paper on cracking HDCP raise your hand.
Re:He is Dutch, DMCA doesn't apply (Score:3, Informative)
I know this guy, though I haven't talked with him for about six months. He does come to the USA periodically. His girlfriend is American and while they're both living in the Netherlands now, they do come over here once in a while. After the Sklyarov thing I'm not terribly surprised about his reluctance to come forth.
Last I knew, he was working with Bruce Schneier and Counterpane. It's possible that his connection to a US corporation also enters into the decision.
Essay by Ferguson (Score:5, Informative)
This is a very good essay. It does an excellent job of explaining the problem with the DMCA succinctly, and in a manner than anyone can understand. I'm going to keep this link and use it whenever I want to explain the problem with the DMCA to someone non-technical.
A method for this was posted a few weeks back (Score:1, Informative)
See the links below for his whitepaper as well as a previous discussion regarding this on a popular HDTV forum...
http://www.angelfire.com/realm/keithirwin/HDCPAtt
http://www.avsforum.com/ubb/Forum11/HTML/015261.h
Re:He didn't break it :) (Score:3, Informative)
That's the great about assymetric key encryption.
Re:Next DMCA test - prosecution for doing research (Score:3, Informative)
It's the act of breaking the lock, not information, tools or ability that allow one to bypass the lock, that should be, and already was illegal.
Old news (Score:3, Informative)
A description of a fatal weakness [cryptome.org] in HDCP's was published by Scott A. Crosby a few days after the specs was published, and was independently discovered by many others. Crosby's attack appears to have the capabilities claimed by Ferguson and has negligible computational cost (inversion of a 40x40 matrix). It requires the built-in keys of any 40 HDCP devices, but this is presumably easy to achieve in the presence of software-based HDCP implementations).
Thus the new feature of Ferguson's attack is probably a way to extract the keys without actually hacking any device, but rather by talking to intact devices via the normal protocol. While this is interesting, HDCP should already be considered broken in light of known attacks.
It's not just vanity (Score:4, Informative)
Imho his goal is not getting his paper published, but getting people to think about the consequences of these laws. Unfortunately, this the only way we foreigners can protect our rights abroad.
Linked to this, in Europe a 'law' is being prepared (due Sept 3rd I believe) which forces a country to assist another country to eavesdrop (snif Internet traffic) on a user if he (she) did an illegal act in that OTHER country. To link this with a previous link (thanks for the thought), if China were to be part of such agreement, every couple with 2 or more kids could forget its privacy...
Joost
Re:He is Dutch, DMCA doesn't apply (Score:4, Informative)
The Complete Document (Score:5, Informative)
http://www.macfergus.com/niels/dmca/index.html
Very good stuff. Too bad they didn't link it in the story.
DMCA-like legislation coming ot a country near you (Score:5, Informative)
--CTH
Crypto-Gram (Score:4, Informative)
Re:He is Dutch, DMCA doesn't apply (Score:4, Informative)
You are probably right, as the DMCA is clearly intended to be used as a club to squelch information and discussion under the (woefully thin) guise of protecting copyright holders.
However
(If I were to publicly announce that I had commited a crime, I would expect the authorities to take interest in me.)
... even the DMCA hasn't made it illegal to figure out how to decrypt encrypted copyright material, but rather has made the trafficking in devices using that knowledge illegal. By announcing he's done it, but not sharing the methodology, he cannot in any way be said to have "trafficked" in a circumvention device. To do so he would have to publish, and this he has not done. Not that that will stop Intel or someone else affiliated with the Copyright Cartels from swearing out a false afidavit and falsely imprisoning this individual (and, interestingly, while the Sklyrov case goes forward I do not see anyone from Adobe being arrested for Perjury, which swearing out a false affidavit is
Of course, it is only a matter of time until someone does publish, probably anonymously, and DHCP dies the death it so richly deserves.
The software world, which relies on restricted copy priveleges (copyright) far more heavilly than even the Media Moguls of Hollywood and New York, learned over a decade ago just how futil copy protection schemes were. Instead, they chose to go another route, making serial-numbered copies traceable rather than uncopiable (something which has been shown mathematically to be myth in any event). Interestingly enough, having people's names attached to serialized copies of software had a chilling effect on copyright violation that no amount of copy-protection schemes and hardware dongles was able to achieve. It didn't eliminate it, but it sure cut down on the number of people willing to share their copies of software with anyone other than, at most, their closest friends.
The Copyright Cartels and Media Conglomerates refused to learn this obvious lesson, prefering instead to believe they have purchased protection through the DMCA sufficient to allow even the most flawed "copy protection" to stand through artificial threat with a government gun in contradiction to both information theory and basic physics in the physical world.
Of course, when "casual copying" has been mostly eliminated and fair use is dead, the industrial copyright violators will still be producing illegale wares in quantity, until they in turn are shut down using methods and laws which have been around for decades. Which underscores the real motivation and target behind MPAA and RIAA purchased legislation such as the DMCA: the individual consumer, not the commercial copyright violator.
Crap. (Score:1, Informative)
http://www.macfergus.com/niels/dmca/index.html
He talks about why DMCA sucks. The Copyright issues, Jurisdiction, Freedom of Speech etc.
A must read !
Re:Will the DMCA hurt encryption badly? (Score:4, Informative)
Newsweek has also has a very anti-DMCA article on their now hosted MSNBC website.
http://www.msnbc.com/news/612847.asp [msnbc.com]
Read the article and give it a "10" at the bottom so that it might show up under the MSNBC Viewer's Top 10 list and people will find out about this.
Re:Will the DMCA hurt encryption badly? (Score:2, Informative)
jeb.