HDCP Encryption Cracked, Details Unreleased Due To DMCA

Lord_Pall writes: "There's a very good article on SecurityFocus about a Dutch cryptographer. He apparently has cracked the HDCP video encryption standard, but won't release the research for fear of reprisals under the DMCA." Update: 08/15 06:10 PM by J : Meanwhile, see Keith Irwin's paper which has been released despite the DMCA. Update: 08/15 07:00 PM by J : And someone else points out this old thing. Everyone who hasn't written a paper on cracking HDCP raise your hand.

The dominos start to fall (again?)

[gmkeegan]

We start to see some of the indirect effects of the DMCA. The choices for secur ity experts and developers will be to A) not publish their works, leaving them f or a more malicious hacker to discover, or B) publish, just NEVER enter the US a gain. Either way research and development as well as security and technical con ferences will start to leave US locations, favoring those countries that won't a rrest their participants.

Other countries will leap ahead in encryption abilities, while the US rests on i ts DMCA laurels. Brings back memories of the smaller, more efficient, more reli able cars from Japan and Europe in the 60's and 70's that caught Detroit by surp rise. Took them 10 or 15 years to catch up.

Unfortunately, as long as there is money to be had from lobbyists, there will al ways be legislative sand for our politicians to stick their heads in.

"Those who forget history are doomed to repeat it."

Re:Essay by Ferguson - how to 'publish'

[mikewhittaker]

I remember reading a science-fiction short story about an engineer who invented basically a 'free energy' device. (No doubt someone will supply the details.)

However, fearing retribution/elimination from Big Oil/Energy Corporations and Governments With Vested Interests, he did not attempt to publish or patent his discovery, although it would be for the common good of humanity.

Instead, he incorporated obfuscated and watered-down versions of the technology into consumer products where they would result in some respectable but unobtrusive energy savings.

He then worked to ensure that, over the years, these products became commodity items throughout the world, knowing that, with time, they would be reverse-engineered by various people, and eventually improved on until the original mechanism emerged into common knowledge and the public domain, throughout the developed and developing countries.

Do researchers need to resort to such tactics of stealth and obfuscation in order to indirectly "publish" their results - hide bits and pieces of the solution in various unconnected publications, until someone is able to piece the fragments together ?!

Re:Good!

[Anonymous Coward]

I know you are trying to be funny. But you have a point there.

Someone ELSE could emerge, under a pseudonym, and demostrate that he too has cracked the scheme. Then he could encode the something with the master key for everyone else to verify that this claim is true. Next he will use the master key to encode something symmetrically. Ferguson could decrypt this message and show it to all using the same master key and show that he too has the same damn key.

We thus have public proof that the scheme has been cracked. Ferguson could argue that he has made no device for decryptioni, has not published his results, so how is he liable in any way under the DMCA? All he did was to verify that that anonymous cracker was is not bullshitting. He can continue his great campaign. Meanwhile the anonymous guy can go into hiding and nobvody would be the wiser for it.

The DMCA just make the whole situation a good deal more complicated than it needs to be. IT IS BAD LAW.

Re:He is Dutch, DMCA doesn't apply

[el_nino]

.. even the DMCA hasn't made it illegal to figure out how to decrypt encrypted copyright material, but rather has made the trafficking in devices using that knowledge illegal.

I refer you to US Code Title 17 section 1201, AKA the Digital Millennium Copyright Act:

(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that -

(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

Note the word manufacture. If he cracked the encryption, as opposed to just figuring out that it was possible, it's a crime under the DMCA even if he didn't distribute anything.

He is Dutch, DMCA doesn't apply

[Anonymous Coward]

What is it with people today, they all act like a fearful bunch of wussies. With folks like that we don't need any DMCA enforcement.

Fake Sircam Infection

[Skidmarq]

So just fake an infection by Sircam, and have it release the info. :)

Re:Next DMCA test - prosecution for doing research

[Anonymous Coward]

1. Then why weren't the Elcomsoft SALES personnel at that conference arrested as well? The charge may have been distribution, but actually he WAS arrested for writing it.

2. Actually, you can't. Threatening legal action you don't intend to follow through on is illegal. That's part of the Felten/EFF countersuit against the RIAA.

3&4. However, these exceptions do not prevent the media conglomerates from threatening anyone with extremely expensive legal action. Even if the defendant is able to prove that the product was reverse-engineered, or that the research was conducted in "good faith" (and the burden of proof would be on the defendant), the legal costs of fighting the action would be prohibitive. This means that the DMCA has the effect of preventing even research and reverse engineering that is legal under it.

The media conglomerates bought and easily abuseable law, and have proceeded to abuse it.

The fact of the matter is that the DMCA is indefensible.

Addition to paper

[KeithIrwin]

I added an addendum to the fourth attack and fixed some minor typos today. The addendum essentially demonstrates the fourth attack as practical in the real world and much quicker than previously though through the use of a birthday-paradox style attack.

Since I'm writing a reply, I'll also take a moment to mention Scott Crosby's short critique of HDCP. Roughly it's the same thing as the second part of my fourth attack. Essentially, it is correct, although he skips over the difficult issues such as the modulo 2^56 math without mentioning them. Myself and other did later show that one can do so with impunity, but it was a desire to hammer out these difficulties which was why my paper comes to the public after his rather than before. He has told me that he's now working on a more in depth paper with some other researchers. I suspect that it contains things not found in my own, although he hasn't explicitly told me as much.

I will also say that I view Ferguson's claims of being able to recover the whole of the master key (which I don't refer to by that name in my paper, but certainly agree that it exists in the form of some 1600 56-bit values) with some skepticism. In my attack, I describe how to get all but the left-most approximately 8 bits of each. To extract the whole thing as best I can tell requires solving sets of linear equations with no division by 2 at any point. Although there are certain sets of KSVs for which that could be done, I don't know how one would expect to reliably find such. My suspicion is that he has broken the fundamental cipher (which I do not do) but overlooked the same modulo 2^56 math gotcha that Crosby initially did. I am, of course, just speculating about that, however.

Keith

Re:send the results to me

[weave]

After all I live in the U.S and personally wouldn't mind 3 meals and a cott plus an extension to my summer vacation.

You forgot about the all the sex you can take [spr.org] part...

Seriously, those that are sitting around claiming that U.S. prisons are pieces of cake have obviously never been in one. My father, a minister, visits prisons all the times and it's not a nice place to be. Maybe if you're rich and in a fed prison for defrauding someone of 100 million bucks you're OK, but if you commit the more serious crime of holding up a 7-eleven for 20 bucks using the ole finger in the coat pocket trick, you get to do some hard time in a state pen...

p.s. slashdot can really suck at times. I try to be a nice @home customer and use their proxy servers to keep their inter-connect traffic down but whenever I try to post it says I can't cause my IP address has posted too many moded down posts recently. Well D'OH, that IP has a few million people behind it. Learn about how a proxy works guys. It just forces me to uncheck my proxy connection but then I can't post because I get an invalid key msg (probably cause my IP address changes). So I open up a new browser section, hit reply, copy/paste my reply over, and the bitch tells me I have to wait 20 seconds after hitting reply before I submit. Arrrgh...

What about The Press?

[jabber01]

Anonimous submissions to the papers, inside, unnamed sources and subsequent 'expert' analysis have taken down Presidents..

Why don't people anonimously submit this sort of thing (cracks, weaknesses, bug reports) to news sources?

Would the papers be liable for printing someone elses 'approach', without necessarily verifying it's correctness first? After all, Deep Throat wasn't named to be right, he only gave 'hints' about Watergate...

I could see The Register, the Motley Fool, the Washington Post, or maybe just some online news source (ahem, slashdot, ahem) printing 'suggestions' from anonimous sources... And as 'reputable' guardians of Liberty (*sigh*) they would be able to claim the need to protect the identities of the submitters in order to maintain their 'professionalism', or some such...

How about it slashdot? Set up a PO Box where people could send neat stuff without a return address..

Hmm...

[fanatic]

"I have found a proof of this theorem which is too long to fit in this margin." Think it actuallly exists?