Building the AACS Next-Gen Copy Protection Scheme 491
Anonymous Slashdotter writes "The IEEE Spectrum has a piece that discusses the proposed encryption scheme for the upcoming HD-DVD standard. 'The key to the spirit of compromise is an agreement that the AACS specification will allow consumers to move the data on an optical disc to the various devices they own, including video servers and portable video players, either directly or via a home network.' AACS will use a so-called strong key, the 128-bit Advanced Encryption Standard approved by the U.S. National Institute of Standards and Technology."
Re:Heh... (Score:3, Informative)
Not that its really feasible to make an unbreakable encoding for movies. Allowing the user to have the player in their house is like giving the British an enigma machine encased in concrete during WW2; they can't immediately break your codes, but its not like they're going to refrain from cracking it out and using it.
Re:Especially considering (Score:3, Informative)
how?
on this website we obey the laws of thermodynamics!
Re:Copy protection my butt (Score:3, Informative)
Re:Copy protection my butt (Score:3, Informative)
Re:So compromised keys make for faulty hardware? (Score:5, Informative)
Bingo! I like your style. In a perfect world, the market decides the $$$ worth of a job, and I think we all can agree than John Travolta, Collin Farell, Hillary Duff, Sandra Bullock, Jeniffer Aniston and all those other frauds deserve a big fat realty bitch-slap.
Philip Dick lived in poverty and ate fvcking dogfood when writing so that idiots like Tom Cruise and Ah-nuld could make millions off of PKD's plots.
Re:So compromised keys make for faulty hardware? (Score:2, Informative)
Re:Bah (Score:3, Informative)
The only reason we can watch DVDs on Linux (and other OSS) today is due to some clever hacking that I'm sure was/would now be illegal under the DMCA. I thought it was purely a matter of recovering keys from a faulty player, but Andreas Bogk [cryptome.org] explains it was more complicated than that.
Unlike most people here, I think it's entirely possible the HD DVD standard will remain unbroken for a long time, though I hope I'm wrong. The fact that IEEE is having open discussions on how to do it right is unsettling. I'd rather the industry just assigned the job of designing HD DVD security to a couple lackeys and told them to have it done by next monday, that way it would certainly be flawed.
Re:So compromised keys make for faulty hardware? (Score:3, Informative)
The data is encrypted using key "A", but can be decrypted with key "B" (similar to RSA). However, in this case "B" is computed via a function that has inputs "A" and "C", where "C" can be an one of a very large keyspace. And, "A" can't be determined by "B". This allows you to have a unique "B" decryption key for every player.
In other words, you have:
* encrypt(A)
* decrypt(B)
* B = hash_of (A, C), for any valid value of C
* C = one out of a large keyspace (allows unique B for each unit)
* A cant be determined by B
Since key A isn't on the individual units, it is as secure as the manufacture's internal security policy (so it isn't likely to be compromised). And the decryption key B is unique for each player.
Now, I don't know of any methods that can produce the above results, or if this is what AACS uses, but I don't see it being impossible either (just like asymetric encryption wasn't do-able until RSA came along).
wide adoption after it's cracked (Score:1, Informative)
Before you call me a stinking pirate, realize that I only have a DVD reader on my system (I don't own a TV), and no burner. Incidentally, I just rented Resident Evil: Apocalypse, which had a newer copy protection scheme from Sony. It didn't play right on my computer because of the protection scheme, the audio was fucked. It ruined the movie experience for me completely and I got pissed off. I found there are utils out there to circumvent this protection (like the beta of AnyDVD). That allowed me, a legitimate user with a legit copy, to actually view the content.
I'm kind of pissed over this experience. I feel sorry for the content producers, it looks like a lot of effort and money went in to making an entertaining film for me and I think they did a good job for an action film (even though I think they ruined the dark creepy theme and perverted and bastardized it into blockbuster hollywood action thriller that's besides the point). People that put together good art ought to get paid for it, but I can hardly find fault with pirates when as a consumer I have to resort to circumventing the copy control in order to enjoy what I paid for at all.
I get pissed at the people who illicitly profit, but I doubt this is more than the tinyest speed bump, will they even notice? It just hurts consumers and makes me more wary when I'm planning on spending money. The other people who piss me off are the ones who refuse to buy anything, those scumsucking freeloaders that abuse everything to the fullest and never drop even a penny in support of all the things they illicitly enjoy. I think the majority of people who get screwed by copy protection are outside of these two extremes and those that are within that extreme will just get the latest cracks and warez and move along.
Re:So compromised keys make for faulty hardware? (Score:2, Informative)
Simple:
Disk is encrypted using private key A. Disk can be decoded using public key B.
Public key B is then encrypted using 100 million other keys and each version is saved in a different place on the disk. These encrypted versions of B are small and take up very little space.
When a player goes to play a disk, it looks for the key file for it's model, decodes it with the key it has in ROM and then uses the subsequent key to decode the movie.
This is absurd, as I and I anyone else will not buy new DVD players every time some hacker steals the key from the model we bought.
Re:So compromised keys make for faulty hardware? (Score:2, Informative)
One needs only break one of those keys and distribute it. Then all movies will be able to be read freely until that key is removed from the standard keyspace. This key may not be able to be gained from the disk itself, but manufacturing insiders would have access, and it may be able to be reverse engineered from the player ROM itself.
Considering how quickly a new rip propagates down the network, just think how quickly 128 bits of data could do it. For instance it could easily be stegged into an image or sound file, and distibuted right under the noses of onlookers. There would be some lag time between the key being available and the studios finding out about it.
Now wait until a guy gets his hands on ten of the "crackable" players. He gets ten unique keys, and now the problem is tenfold. Release a new key as soon as you see that the old one is no longer in use, and you're back in business.
The studios don't know which key has been cracked, they only know that one has. Unless they mark the content separately with the key in question, or a hash thereof, and try and get it back after the movie has been recommpressed. They couldn't disable a whole lot/brand/model of players for fear of a peasant uprising.
Compound this by the fact that it would be a recurring process, happening through multiple channels, and the pirates would have no trouble keeping ahead of the studios. The crackers stay a day ahead of the studios, and there is no control. The problem is that they would be weeks ahead at least.
I don't mean to promote these things. I have downloaded a movie or two before for a laugh, but it's not worth it in time and quality, and on top of it all it's illegal and immoral (to me anyway). Buy the DVD if the movie has the sticker value to you, leave it on the store shelf if it doesn't. I don't forsee myself having any problems in this key-per-unit scenario; My key will always work. I only don't understand why people waste their money on something so fruitless as DRM.