Forgot your password?
typodupeerror
Encryption Security Media Movies Your Rights Online

Building the AACS Next-Gen Copy Protection Scheme 491

Posted by michael
from the ties-that-bind dept.
Anonymous Slashdotter writes "The IEEE Spectrum has a piece that discusses the proposed encryption scheme for the upcoming HD-DVD standard. 'The key to the spirit of compromise is an agreement that the AACS specification will allow consumers to move the data on an optical disc to the various devices they own, including video servers and portable video players, either directly or via a home network.' AACS will use a so-called strong key, the 128-bit Advanced Encryption Standard approved by the U.S. National Institute of Standards and Technology."
This discussion has been archived. No new comments can be posted.

Building the AACS Next-Gen Copy Protection Scheme

Comments Filter:
  • by pegr (46683) * on Tuesday January 04, 2005 @02:30PM (#11255717) Homepage Journal
    According to the article, a compromised key will be dropped so that device will no longer be able to decode new content. So the vendor has to explain to his customer why his product doesn't work anymore, likely through no fault of his own? Yeah, that'll fly...


    • I was wondering how they industry would know what player it was that was compromised. Sounds like a bunch of suits have been sold some snake oil.
      • Each vendor gets their own key, same way it is done today with DVDs.
      • by tomstdenis (446163) <tomstdenis.gmail@com> on Tuesday January 04, 2005 @02:38PM (#11255846) Homepage
        sounds like?

        First indication was the word [well acronym] "DRM". Just because it uses AES doesn't mean it's secure. It's very easy to use AES insecurely [hint: constant key in ECB mode...]

        Likely another 17 yr old from some europe'like nation will break this and "deacss" tools will appear on the net.

        Why don't the media producers focus on more talent and less "blockbuster stars".

        Instead of paying one star 20 million for a picture why not pay 200 actors 100,000 for several movies? Duh cuz that would make sense...[well not for the self-centered power-tripping millionaire fake people].

        Tom
        • "Instead of paying one star 20 million for a picture why not pay 200 actors 100,000 for several movies? Duh cuz that would make sense...[well not for the self-centered power-tripping millionaire fake people]."
          1. Because people generally won't go to see movies without an actor they already know in it.
          • by tomstdenis (446163) <tomstdenis.gmail@com> on Tuesday January 04, 2005 @03:19PM (#11256374) Homepage
            Because they're shallow and "don't know what real talent is" [as Weird Al would put it].

            Personally what I look for in a movie is depth. Superficially weak dialog [re: 99% of TV shit] annoys the hell out of me, even if it's someone of super-star status like Keano, whoa.

            So if you take some "no-name" talented actor and put them in a movie with some real depth to it [even if it's a comedy] then people should be able to enjoy the experience.

            I mean, you can't honestly tell me you saw any of the Matrix movies for anything more than the special effects. The story is very weak about as a deep as a Crest toothpaste commercial.

            Tom
            • Dialogue. (Score:3, Funny)

              by Grendel Drago (41496)
              So, what would you recommend for good dialogue? I really enjoyed the rhythm and style that everyone in Firefly spoke with. The dialogue wasn't just there to advance the plot.

              Or Scrubs, and the little rants that Dr. Cox goes on. (A doctor I know assures me that the portrayal of hospital life in Scrubs is far, far more accurate than that in ER. Go figure.)

              Are there any other shows I should fetch for their scintillating dialogue? Please don't tell me "CSI". I've been refusing to watch "CSI" ever since the on
        • by tacokill (531275) on Tuesday January 04, 2005 @03:18PM (#11256356)
          "Instead of paying one star 20 million for a picture why not pay 200 actors 100,000 for several movies"

          Ok, you do that. And I'll pay 199 actors $101,000 for several movies. And then my competitor (and yours) will pay 198 actors $102,000 -- wash, rinse, repeat. Guess who is going to get the better actors over the long run? The guy who pays the most. Welcome to capitalism. Now go enroll in Econ 101 so you can follow this out yourself. It's important, trust me.

        • by Sebastopol (189276) on Tuesday January 04, 2005 @03:34PM (#11256562) Homepage
          Instead of paying one star 20 million for a picture why not pay 200 actors 100,000 for several movies? Duh cuz that would make sense...[well not for the self-centered power-tripping millionaire fake people].

          Bingo! I like your style. In a perfect world, the market decides the $$$ worth of a job, and I think we all can agree than John Travolta, Collin Farell, Hillary Duff, Sandra Bullock, Jeniffer Aniston and all those other frauds deserve a big fat realty bitch-slap.

          Philip Dick lived in poverty and ate fvcking dogfood when writing so that idiots like Tom Cruise and Ah-nuld could make millions off of PKD's plots.

      • That is easy enough. When somebody starts circulating the source code to the CSS-breaker they simply examine it and figure out what key they're using.

        However, that still leaves a major problem. So, you know that the key was stolen from a Sony DVD player - do you now make every Sony DVD player useless for playing new movies? What would the cost of the resulting recalls be?
    • by silicon-pyro (217988) on Tuesday January 04, 2005 @02:36PM (#11255813)

      Agreed. From TFA:
      The basic idea in recovering from cracking is to make a compromised player key obsolete. Compromised players could continue to play old discs, but not new releases. And crackers would have to start all over again.

      Consumers are really going to be interested in continuously buying new players or upgrading their current firmware to play new realeases because someone broke through their brand of player. Save for the fact that once someone breaks it once, it will just get easier to do it the second time.

      I can see how this would solve the cracking problem entirely. Consumers have the money, thus, consumers have the power. The simple fact is, people won't buy a disc that won't play in their player -- At least I'm not about to new player to play their new disc every time this happens.

      In case they think up some scheme that means I won't have to pay anything for the upgraded player: my time is as valuable to me as money, so I had also better not have to spend any of that on getting my machine to work again either.

      • by k12linux (627320) on Tuesday January 04, 2005 @02:51PM (#11256018)
        Consumers are really going to be interested in continuously buying new players or upgrading their current firmware to play new realeases because someone broke through their brand of player.
        This all seems like a set-up to me.
        1. Consumers buy scads of DVD equipment without knowing a compromized key will disable their player.
        2. Keys start to be cracked.
        3. Industry tells upset consumers that the reason they have to buy new equipment is evil cracker (not poor design/planning.)
        4. Consumers buy new equipment and demand that something be done to prevent this from happening again.
        5. MPAA and others get new super-DMCA laws passed.
        6. Attempting to watch a DVD on Linux is now punishable by death. (At least in Texas.)

        Yeah, I can see how the consumer wins in that scenario.

        • A more likely scenario:
          1. Consumers buy scads of DVD equipment without knowing a compromized key will disable their player.
          2. Keys start to be cracked.
          3. Industry tells upset consumers that the reason they have to buy new equipment is evil cracker (not poor design/planning).
          4. Consumers don't understand what the industry says, just know that their latest Toshitsu DVD player wont play Buddy Cop Movie #83
          5. Consumers attempt to bring back their properly working DVD players only to be told they can't return them
          6. Consume
          • Consumers get pissed and either (a) stop buying movies or (b) buy another player (I'm betting b)

            (c) Consumers hear from friends that Buddy Cop Movie #83 can be downloaded from the intarweb, and join the P2P masses. Vow never to pay for another physical DVD again.

    • Ha ha ha... this is great!... for vendors!

      Imagine this: Vendor sells a million players. Suddenly, (oopsie!) the key becomes "compromised". Now the customers have to buy new players, all over again!

      Here's what I'd love to see: a no-name Chinese outfit makes 10MM players for, say, Sony; and then key gets "compromised" (wink wink). Suddenly, outfit gets an order for 10MM more! Yay!! Sure, the customers won't buy Sony again; but they'll probably buy some other brand, again made by one of these no-name outfi

    • mpeg4 (Score:4, Insightful)

      by kardar (636122) on Tuesday January 04, 2005 @05:07PM (#11257665)
      The HD-DVD and the Blu-Ray players both support the mpeg4 formats. While the disks you buy from the store might be all messed up, either play or not play, there isn't really anything stopping anyone from taking some mpeg4 content and placing that on a Blu-Ray or HD-DVD blank; those will probably play every time, more or less. It would not be surprising to see iTunes-like services springing up around the mpeg4 format.

      What's going to happen is simple: the HD-DVD thing isn't going to take off; not if you have to keep upgrading keys all the time. Joe and Jane Average are probably going to stick with the regular DVD from Netflix, Blockbuster, or whomever, knowing that it will work every time.

      If the new formats can be gotten to "work every time", perhaps by having the keys downloaded from the internet or something like that, then they might do better. Anytime you make something too complicated, though, it's bound to fail. Look at 3D movies with those uncomfortable cardboard 3D glasses. Where have they gone? Look at DVD-Audio or the SACD? Going nowhere fast. Lossless compression formats from iTunes or other services? We're not really there yet - if people are willing to settle for mp3 or aac quality sound, why would they want to spend extra money on a DVD-audio quality sound?

      The movie industry risks entering a situation not unlike the music industry finds itself in today. Many of the same symptoms are there; the same attempt to control is there; the same low-quality, high-budget, intellectually lacking content is being pumped out. A new format that is harder and more expensive to use just isn't going to cut it. It would not be surprising to see mpeg4 take the place of mp3 files, with people cramming movie after mpeg4 movie onto a DVD5 or perhaps a DVD9 that they either downloaded from a legitimate service, or if no such legitimate services happen to spring up in the near future, a p2p network.

      The popularity of iTunes and other legitimate music download services goes to show that consumers don't care so much about the absolute highest sound quality, but that they care more about convenience, selection, ease of use, accessibility, and things like that. These new formats are probably more or less doomed to not do as well as they could.

      These new disks, though, the Blu-Ray especially, these are going to be GREAT for backing up systems, documents, and also for businesses to do backups and things like that. The technology is awesome; what Hollywood is trying to do with it is the part that isn't going to work very well.
  • Heh... (Score:5, Funny)

    by grub (11606) <slashdot@grub.net> on Tuesday January 04, 2005 @02:30PM (#11255718) Homepage Journal

    I can see the ads in the theaters already. "I'm John Weiner and I design ciphers for the movie industry. Downloading movies hurts me."
    • Re:Heh... (Score:3, Informative)

      by TheGavster (774657)
      If he designs the ciphers, people cracking them is job security :) I don't think the guy with that job will ever design a good solution, even if it were possible.

      Not that its really feasible to make an unbreakable encoding for movies. Allowing the user to have the player in their house is like giving the British an enigma machine encased in concrete during WW2; they can't immediately break your codes, but its not like they're going to refrain from cracking it out and using it.
  • by rincebrain (776480) on Tuesday January 04, 2005 @02:31PM (#11255734) Homepage
    START YOUR CLUSTERS!

    *makes sure his copies of john are all up to date*
    • Nope. I wouldn't expect this to be cracked using brute force.

      More likely, someone will dissassemble a player and read the key out of an eprom. Most likely, once it's been done for one player, it will be relatively trivial to get a bunch of keys from different brands.

      Personally, I won't be buying into this technology until I can play the discs with MythTV.
  • Why is encryption necessary on a product that the user must be able to read in the first place?

    What's next, encrypted books, newspapers, and magazines?
  • by Space cowboy (13680) * on Tuesday January 04, 2005 @02:33PM (#11255762) Journal
    The main flaw I can see in this is that as soon as it has been 'cracked' (which could be as simple as re-digitising the stream being sent to the video device), it can be reformatted into an MPEG2 / H264 stream and put onto BitTorrent. The simple fact is that it only needs to be broken *once*, and *everyone* can get it.

    The movie business is going to hit the same wall as the audio business did, and the solution the audio business came up with (well, more accurately, were forced into) was to make the downloading of songs relatively cheap (under $1). As soon as it's not worth it to go through the hassle of copying the data, it is once again a viable product. At the moment, the movies are not viable products...

    Simon.
    • by melted (227442) on Tuesday January 04, 2005 @02:41PM (#11255889) Homepage
      that re-digitized HDTV stream will have better quality than direct rip from a DVD.
      • by rokzy (687636)
        > that re-digitized HDTV stream will have better quality than direct rip from a DVD.

        how?

        on this website we obey the laws of thermodynamics!
        • Because DVD is actually fairly low quality as things go, non HDTV cable broadcast are infact higher quality than DVDs by a small margin. HDTV broadcast are by definition hugly higher quality.
          Whats always confused me is that one channel that has the "DVD-on-TV" specials, why the hell would I want you to lower the quality of your broadcast to DVD quality?? I don't get it.
        • What do laws of thermodynamics have to do with this? What the sibling comment to this one does not tell you is that full HD resolution is substantially higher than DVD resolution. DVDs are 720x480, while HDTV resolution is either 1920x1080i or 1920x720p... about twice the resolution, thus four times as many pixels. If you make an MPEG4 video from it you can indeed get dramatically better quality than a DVD. Of course, many (most?) people just make DVDs out of their captured HD content, because that makes it
    • by PCM2 (4486) on Tuesday January 04, 2005 @03:16PM (#11256334) Homepage
      The movie business is going to hit the same wall as the audio business did, and the solution the audio business came up with (well, more accurately, were forced into) was to make the downloading of songs relatively cheap (under $1). As soon as it's not worth it to go through the hassle of copying the data, it is once again a viable product. At the moment, the movies are not viable products...
      Back in the 1980s, the movie industry propped up the video market by charging a fortune for movies. Most were priced in the $90-150 range, well out of the market for the common consumer. Then video stores came along and started charging anywhere from $5 down to $2 a night to rent movies. The movie industry wasn't too happy at first, but then they realized they suddenly had a decent market who could afford their products, in the form of video stores. Eighteen zillion mom-n-pop video stores were popping up in every town in America. So instead of dropping the prices of all the tapes to encourage people to buy them, rather than rent them, the movie industry hung onto the high price point and that became "priced for rental." You weren't meant to buy it, unless you were rich -- video stores were. Only certain sure sellers were "priced for sale," which meant around $15-20.

      It was only when DVDs came out that the industry's policy shifted to issuing new releases priced for sale. That's because there was a guy in the industry somewhere that convinced everybody that a durable media format (vs. shoddy VHS tapes) that contained a high-quality version of the movie was something a large number of people would be willing to own, rather than just rent. And he was right! People are buying DVDs in droves. DVD players were adopted by the mainstream public faster than any other electronic gadget in history, from what I've heard.

      What I'm saying is, this theory that people download AVIs because DVDs cost too much just doesn't ring true. DVD sales have been phenomenal. If you think there's a DVD piracy problem in this country, think again -- check out the situation in Asia if you want to see a DVD piracy problem. I think people download AVIs because they're there. They can get the AVI before the actual movie comes out, and they can get the AVI for free for a movie that they probably wouldn't have bothered to buy, or even walk down to the video store to rent.

      I mean, come on -- you can still rent DVDs. Are you honestly telling me that a price point of $3 for three nights (or whatever Blockbuster is doing right now) is more than most Americans are willing to pay to see some random shitty Hollywood movie? Of course it's not. But downloading AVIs, for many people, is just too easy.

      • Try before you buy (Score:3, Insightful)

        by Spy der Mann (805235)
        There's something we've forgot.

        You don't sit in front of your computer monitor along with your wife and kids to watch a divx movie on your media player. Generally divx users are 20-30 yo's, or even kids who downloaded the latest anime episode.

        So who gets the benefit of a downloaded movie? ONE person per family. If the movie wasn't good, the guy wouldn't watch it along with his g/f, wife, kids/friends/etc.

        So what does this mean: "Try before you buy". Simple. Here I'd be questioned: "Oh come on, what perso
  • by slakdrgn (531347) <cabe AT drgn DOT net> on Tuesday January 04, 2005 @02:33PM (#11255765) Homepage
    I'm cerious on how (mabey I don't understand how they are made from the get-go) this is going to stop large scale counterfitting, those with access to machines that make perfect dupilcate copies, bit by bit, groove by groove, notch by notch. I can see how this will effect personal piracy, even mom-pop dvd rental places and possiable internet, but I thought counterfit was still a rather huge loss.


    Mabey I'm wrong?

    • by Ironsides (739422) on Tuesday January 04, 2005 @02:37PM (#11255825) Homepage Journal
      I'm cerious on how (mabey I don't understand how they are made from the get-go) this is going to stop large scale counterfitting, those with access to machines that make perfect dupilcate copies, bit by bit, groove by groove, notch by notch.

      It won't. There is nothing you can do to stop a copy like that unless they figure out how to put data on the disk in an area that can't be burned to (say like the disks serial number or information type on a CDR/RW or DVDR/RW). Even then, the proffesional piraters will probably still figure out a way since they use the EXACT SAME EQUIPMENT that hollywood uses to make their own disks.
    • It doesn't stop large scale counterfeiting and it is not intended to do so.

      Think about it. Does Microsoft's Product Activation stop real counterfeiting? Nope, Asia is filled with nearly free copies of Windows XP.

      Does the music industry's attempts to stop CD ripping stop files from showing up on P2P? Nope. The Velvet Underground's CD had DRM, but it was widely available on all P2P applications weeks before the CD was even released.

      Does CSS stop bootleg movies from being sold? Nope, once again, cites
  • by Anonymous Coward
    So all it takes is a DirectShow filter, frame capture to re-encoding program... what, it'll protect content for all of a week. Maybe?
  • Bah (Score:4, Funny)

    by The Cisco Kid (31490) * on Tuesday January 04, 2005 @02:34PM (#11255780)
    Unless I can extract the content to a non-encrypted format that I can play using non-proprietary software on stock hardware, it can go to hell.
    • Re:Bah (Score:4, Interesting)

      by Geoff-with-a-G (762688) on Tuesday January 04, 2005 @02:55PM (#11256067)
      And unless you're willing to pay them what they're asking for the product that they're selling, YOU can go to hell (as far as they're concerned).

      If it comes down to MPAA vs. [the set of people who are unwilling to use closed, propreitary DRM systems], MPAA is gonna win.

      They can live without the 3% of their market that's made up of hardcore nerds, but the nerds probably won't live without the 25% or more of their entertainment that comes from mainstream media distributors.

      I want the same thing you want, but if you think you can just write them off, you're sadly mistaken.
      • Re:Bah (Score:3, Insightful)

        by Skjellifetti (561341)
        They can live without the 3% of their market that's made up of hardcore nerds, but the nerds probably won't live without the 25% or more of their entertainment that comes from mainstream media distributors.

        Then explain why Divx failed [edn.com].
    • Re:Bah (Score:3, Informative)

      by timeOday (582209)
      For a good while this was the case with DVDs. I didn't buy one. Unfortunately it didn't seem to bother "them" one bit.

      The only reason we can watch DVDs on Linux (and other OSS) today is due to some clever hacking that I'm sure was/would now be illegal under the DMCA. I thought it was purely a matter of recovering keys from a faulty player, but Andreas Bogk [cryptome.org] explains it was more complicated than that.

      Unlike most people here, I think it's entirely possible the HD DVD standard will remain unbroken for a

  • Feature? (Score:5, Funny)

    by jacobcaz (91509) on Tuesday January 04, 2005 @02:35PM (#11255795) Homepage
    Isn't not being able to copy "Who's Your Daddy?" multiple times a feature and not a bug?
  • by Roland Piquepaille (780675) on Tuesday January 04, 2005 @02:36PM (#11255801)
    The only thing they can hope to achieve is to make it harder to copy originals.

    What I mean is, the problem isn't preventing people from copying a Blockbuster DVD, it's more a problem of preventing one guy, dedicated enough, from making a unencrypted copy and posting it on P2P. Once that's done, the cat's out of the bag and the copy-protection scheme will just annoy legit users. All the others will download the free copy.

    So, what will happen is, when Joe Pirate wants to make a copy, instead of just sticking the disk in the drive and wait, he'll make himself some setup to capture the video from the DVD player and he'll re-encode the video. Added cost: a capture card and a cable. Period. And once the captured video is on the net, the game's over. And I'm ready to wager there's an awful lot of people out there who hate the *AAs enough to take the (small) trouble of doing exactly that, just to shaft them.
    • Is this device [thetoque.net] compatible with DRM?
    • by pjrc (134994)
      If they make the crypto so good that difficult recapture techniques are needed... then doing so and offering the highest quality capture will become a challenge.

      Much like the challenge today of posting the highest quality captures of currently running movies, whomever has the best rig and knows an insider to grab a copy of the disc shortly before release will go to extrordinary lengths. Like today, and as it's been in "warez" since the 80's Apple ][ and C64 games on BBSs, they'll get to promote their sil

    • Another problem is that by the time it's in Blockbuster, it's way too late. Between cammers and insiders, a given movie gets warezed within days of the theatrical release.
    • Except that pirated movie files, by and large, don't come from copied DVD's. They usually come from movie industry insiders and movie theater employees. Even if a DVD copy-protection system works, for the movie industry, it's like plugging the hole in a bucket whose bottom has rusted out.
  • by rincebrain (776480) on Tuesday January 04, 2005 @02:36PM (#11255802) Homepage
    I don't care how secure the encryption is, as everyone has already said, all it takes is a "legal" DVD player outputting a high quality signal into a capture card, and you have a decrypted copy.

    I doubt that the industry is foolish enough to force consumers to upgrade their televisions to support some form of signal encryption, therefore this must fail.
    • I don't care how secure the encryption is, as everyone has already said, all it takes is a "legal" DVD player outputting a high quality signal into a capture card, and you have a decrypted copy.

      And where can you buy an analog HD component capture card?

      I doubt that the industry is foolish enough to force consumers to upgrade their televisions to support some form of signal encryption

      They did; it's called HDCP. If your HDTV doesn't support HDCP, you'll only get an analog signal.
    • I doubt that the industry is foolish enough to force consumers to upgrade their televisions to support some form of signal encryption
      They don't need to even try; consumers are probably foolish enough to do it voluntarily if it's bundled with the next big shiny new gotta-have feature(tm).
  • by sqlrob (173498) on Tuesday January 04, 2005 @02:37PM (#11255815)
    This has the same flaws as all of them.

    The authorized user and the attacker are one and the same. You can't protect against that, not with cryptography.

    • True enough - ultimately the player has to possess the key, and a hacker will be able to obtain it. When that happens they'll have to revoke that key - which will almost certainly impact more than just a single player.

      How many keys to they plan on issuing? Unless they plan on having an individual key for every individual player, they'll be in trouble when a key gets out. If they want a billion keys out there, then they'll need about a gigabyte of disk space just to store the session keys for each disk..
  • If it's encrypted, how is my WhatEver player supposed to know how to decrypt it?

    And if it doesn't have to decrypt on its own, once I move it out of the encrypted realm, I can move it anywhere. P2P, torrent, whatever.

    Or will this trigger a new round of hardware buying. Only an approved, decryption capable, iPod can be used...

    FTA, this appears to be true.
    "The basic idea in recovering from cracking is to make a compromised player key obsolete. Compromised players could continue to play old discs, but not new r

  • by StevenMaurer (115071) on Tuesday January 04, 2005 @02:41PM (#11255876) Homepage
    Honestly - I work in the industry, and I'm still amazed at the lengths content providers will go to to try to prevent a single D-to-A, A-to-D conversion.

    Apparently they just don't get that people - who seem willing to buy cheap videos recorded on consumer cameras in movie theaters - are going to be completely unable to see the difference in a re-recorded playback of what they see on T.V.

    Folks - if you're too stupid to realize the network effect will swamp the casual copyright infringement, do something simple: don't release it. That's your only option.
    • Honestly - I work in the industry, and I'm still amazed at the lengths content providers will go to to try to prevent a single D-to-A, A-to-D conversion.

      And exactly what length is that?

      Last I heard, the royalty for macrovision is about 5 cents per disc.

      It was news (here on slashdot some time ago) when the 2nd Happry Potter disc was released without macrovision enabled (just a single flag on the disc) to save the royalty cost. Many, many millions of copies sold within the opening days. That was the e

    • Indeed. This will just accomplish nothing to solve their problem, and will just create more problems similar to mine:

      I can't play discs 3 and 4 (the appendices) of the Two Towers Extended Release on my standards-compliant Zenith DVD player, because of a botched copy-protection attempt by the manufacturer.

      If this problem keeps getting worse, the number of movies I buy will continue its asymtotic approach of zero.

  • by Lurker McLurker (730170) <allthecoolnamesh ... m ['mai' in gap]> on Tuesday January 04, 2005 @02:41PM (#11255879)
    Will this work on linux or will we have to rely on a HD-DVD Jon?
  • by grasshoppa (657393) <skennedy@t[ ]-co.org ['pno' in gap]> on Tuesday January 04, 2005 @02:42PM (#11255898) Homepage
    Copy right violations and the like are a social problem, and are going to be solved with a social solution.

    We can throw all the technology and litigation we want at the problem, but it won't be solved until we come up with a social solution.
  • by P-Nuts (592605) on Tuesday January 04, 2005 @02:43PM (#11255913)
    So the proposal seems to be, content on DVD is encrypted with AES, using some random key. The key is stored on the DVD, but encrypted against another key, which is part of the player. How do you distribute this key inside players, without people being able to dig it out? Is it by putting it in a hardware-only form, like the chip on a smart-card? How easy is it to hide such a key in compiled software?
    • They'd be insane to put the key into executables (again...). As to trying to remove the key from hardware, Google for "tamper resistant" and browse Ross Anderson's papers. From the MPAA's point of view, tamper resistance is a hard property to achieve. From the basement hacker's point of view, tamper resistant hardware is pretty hard to crack. Have a look through Andrew Huang's "Hacking the XBox" to get a feel for the difficulty.

  • Let's see all the ways you can get around this without worrying about cracking the encryption:

    1) Video recording off a flat-screen TV. Right refresh rate and proper camera setup make this one darn near impossible to defeat as long as the camera is going to work in any reasonable setting.

    2) Grab it off the RCA leads that are likely to be attached to the player to allow it to still talk to the large number of TVs and other A/V equipment that is out there.

    3) Develop a player that doesn't "honor" the bloc

  • "It is not a matter of if--it is a matter of when. As long as I have the technology in my living room to watch it for myself, I can modify the system to extract the video. They can make it hard, but they can't make it impossible.

    "They are living in a fantasy world," he concludes.

  • Nice article (Score:4, Insightful)

    by Xcott Craver (615642) on Tuesday January 04, 2005 @02:50PM (#11256001)
    Glad to see a magazine article quoting a real security expert (Dan Wallach) rather than some random VP of marketing for a "content management" company. Spectrum doesn't even commit the common media sin of giving equal time to some crazy guy in the name of artificial fairness.

    In any case, I am less worried about the crypto, which doesn't affect video quality. Fingerprinting of video and audio with watermarks can affect quality; in copy protection circles, you'll see iffy technologies proposed simply because they "can't hurt" to throw them in---but then some of them are detectable by golden eyes/ears. IMHO even that much quality loss is not worth whatever security a watermark offers.

    Caj

    • ""but then some of them are detectable by golden eyes"

      Like this fellow? [tripod.com]

    • in copy protection circles, you'll see iffy technologies proposed simply because they "can't hurt" to throw them in---but then some of them are detectable by golden eyes/ears.

      Shh! Please don't give Sony/MGM an idea for the next James Bond film.

  • This is presented as being for use with the HD-DVD standard. What about the competing Blu-Ray standard? Are they planning on using this, too, or do they have their own approach to the perceived problem?
  • I'm waiting for the keychain 50 gig driveto be available RSN; just copy the film and go. You can keep your plastic wafers.
  • by Otto (17870)
    Seriously. I can't come up with another plausible reason for anybody to think this would work. Example:

    The key to the spirit of compromise is an agreement that the AACS specification will allow consumers to move the data on an optical disc to the various devices they own, including video servers and portable video players, either directly or via a home network. In all the scenarios developed by the AACS alliance, that data would exist on the disc in encrypted form. It would stay encrypted when transferre

  • Current plans seem to have HD-DVDs embedded with a traditional DVD layer to work on older players. We could still rip that DVD layer.

    It's not like bandwidth is fast enough that there is huge demand for slinging around high definition 4 GB movies. Most discs are ripped and compressed to around 700 MB. It's going to be years before there's any demand to rip the new format.
  • ....DVD Jon has come up with a crack already, just from the text of the article! :)
  • an attractive nuisance? Based on all the suggestions in the posts above, everyone is sick of the adversarial relationship with the motion picture industry and a lot of people have adopted a "bring it on!" mentality.

    You don't go after the hardware and software, you go after the criminals. The *AAs are treating the population the way the government treats us via the war on drugs: irresponsible and guilty.

    The hard costs of a DVD and all its sexy packaging? A dollar. The value of the IP (how badly peopl
  • As consumers, we're taught "there's nothing you can do about it... it's just the way things are... everyone does it... maybe it's not right but that's the way it is and there's nothing you can do about it."

    When, exactly will the "industry" get that message? I wonder which eats more money? Letting petty personal copies fly about at random on the net, or buying politicians to write laws, designing ever more ridiculous measures and etc? These measures do nothing to curb hard-core counterfeiting which is th
  • You can encrypt all you want, in the end you have to ship the technology to decrypt to the customer or he can't see his movie. So it doesn't matter what fancy-pancy algorithm they use, all hackers have to do is put a wiretap between decriptor and D/A convertor, or even just hijack the analog signal to get 99.9% of the original. Wish these guys would grow up...
  • by ausoleil (322752) on Tuesday January 04, 2005 @03:19PM (#11256367) Homepage
    The quote at the bottom of the article is telling:

    "It is not a matter of if--it is a matter of when. As long as I have the technology in my living room to watch it for myself, I can modify the system to extract the video. They can make it hard, but they can't make it impossible."

    How true. In other words, a lock only keeps an honest man honest, a thief will find a way to pick the lock and steal what you have.

    Seemingly ever since there have been personal computers, there have been one form or another of copy protection. Usage such as backup copies (critical in the floppy days, nearly as much so with CDs and DVDs) have always been looked down upon by the content providers, and at the end of the day, all of the barricades that they have thrown at the user have eventually been thwarted and bypassed. Now comes HD-DVD and the same principle. I suppose some never learn from the past.

    Working against the encryption is the simple fact that on the average, computers get more and more powerful (for a given price point), and that their encryption must remain a relative constant due to compatibility. That said, it is only a matter of time before the encryption is overwhelmed and utterly defeated. This will happen again, always has, and always will. One only has to look at the DirecTV versus the signal pirates to see that. Coupled with human nature, that is, to show and share a "dirty little secret" -- disaster for the encryption advocate. After all, are theyu going to disable dozens of models of players, and disable their own market in the process, not to mention alienating the hell out of their customers? No, no and no.

    The key to copy protection is to make the content affordable enough to make the inconvenience of counter-enryption not worth doing. They (the collective they) never seem to get that, and they always seem dumbfounded that their elaborate measures are made to look foolish. Perhaps with realistic pricing, enhanced value they would find that most people find it easier to be honest, and not bother with cloning over-priced half-rate films and music. After all, that's their only realistic choice, but the one that they dread making the most.

  • by Splork (13498) on Tuesday January 04, 2005 @04:07PM (#11256949) Homepage
    this scheme, as with decss, has nothing to do with copy protection. that is merely its disguise. it has everything to do with mandatory royalties to the consortium from all dvd player manufacturers and dvd mass producers. its all related to control over who makes and sells media players and what they are capable of doing or not doing out of the box.
  • by kieronb (780769) on Tuesday January 04, 2005 @05:11PM (#11257708)

    The big question for the Linux/FOSS community isn't how hard is it to crack: it's can we be included without being forced to crack it.

    I'm sure I'm not alone in not wanting to make pirate copies of DVDs, but just wanting to be able to watch my discs on the equipment of choice, including open source players.

    This boild down to: i) will the algorithm be well known (ie rely on secrecy of keys not the algorithm) and ii) how do you get allocated a key

    CSS sucked because it used weak keys and tried to keep the algorithm secret. The first rule of cryptography is to assume the algorithm is known, and thanks to DVD Jon we got it reverse engineered. And it sucked for the FOSS crowd because you couldn't make a player without paying a huge sum of money and signing all sorts of agreements.

    If the new system removes these barriers to entry, then it at least it won't be as evil as the original CSS. It'll still be useless, but not actually evil.

  • This was never about copy protection.

    No form of encryption will not make it harder to copy the original disk. Constructing a bit for bit copy of a digital stream in no way requires you to be able to understand the data being copied.

    Rather, this is a playback protection system.

    It's to stop you from watching the media when the distributors don't want you to be able to. Such as, for example, should you try to play a movie released in the US which is only just being shown in movie theatres in Western Europe. Or Asia. Or anywhere other than Region 1.

    Encryption of the media is only there to force DVD player manufacturers to obtain a key -- which will only be provided if they also sign a contract to adhere to certain terms and conditions that, in essence, states that they're not allowed to undermine the distributors' business model.

...when fits of creativity run strong, more than one programmer or writer has been known to abandon the desktop for the more spacious floor. - Fred Brooks, Jr.

Working...