HDCP Break Proven 220
zavyman writes: "I just noticed at Cryptome that the flaws in HDCP posted to Slashdot earlier this year, which one person refused to disclose due to possible threats from the DMCA, have been made public by different authors. Scott Crosby of Carnegie Mellon University, Ian Goldberg of Zero Knowledge Systems, and Robert Johnson, Dawn Song, and David Wagner of UC Berkeley have published a formal cryptanalysis of the High-bandwidth Digital Content Protection System that proves its fatal flaws. Interesting reading for those with some background with cryptanalysis."
Bail money (Score:5, Funny)
--nbvb
Re:Bail money (Score:2, Insightful)
Funny, yes, but rings sadly true. My guess is that it won't be long before the boys in black pay these fellows a visit for a friendly chat. I can't say how much the fact that this scenario is likely disgusts me.
I read the cryptanalys, and although I don't pretend to competely understand the concepts contained therein, it was nonetheless very interesting, and IMHO valuable, information (bad grammar there?).
Here's a question that comes to mind related to all the legal ramifications of this disclosure. I hate to say it, but I somehow got the impression during the start of the whole Dmitry thing that it was easier for the Feds to go after him because he is Russian. In the case of these guys, however, they don't have that added bit of leverage in the public eye. These individuals are all highly respected members of the cryptography community, and have strong ties to universities here in the States.
I get the feeling that legal action taken toward any of them would generate a FAR greater public outcry than we've seen with Dmitry. I'm not saying this is right or fair AT ALL, but at least it might buy some leverage in favor of true justice. Then again, under true justice people wouldn't be prosecuted for such "crimes" to begin with
I can't decide how to feel. On the one hand, I have an insane degree of respect for them for publishing their research, and on the other I still have many fears for their freedom.
Web hosting by geeks, for geeks. Now starting at $4/month (USD)! [trilucid.com]
Yes, this is my protest to the sig char limit
Re:Bail money (Score:5, Insightful)
One more note: it's sad how this nation (the U.S.) finds locking up scientists for publishing their research acceptable.
If seems awfully close to the practices of the old U.S.S.R. People can call me an extremist all they want for having this view, but many of the Iron Curtain policies don't seem so alien anymore. We lock up scientists, have mass media monopolies that manipulate the masses, and recently massively expanded "police powers" in government. Seems pretty nasty to me. For all those who think the recent intrusions upon civil liberties are "only temporary during our nation's hour of crisis", history shows us differently.
BTW, if you're gonna reply, please be polite. If you're gonna email, use my public key. Thanks.
Re:Bail money (Score:5, Interesting)
No longer can we redicule the Russian people for "letting" Communism happen, or citizens of 1930s Gernany for accepting Nazi rule.
We are as blind and "foolish" as they were.
Rather humbling, I think.
Re:Bail money (Score:1)
Wow, that does make one think. You're absolutely right... our nation has a bad habit of frowning down upon other governments (throughout history) and their people as being stupid, evil, or confused. It would seem the coin truly does have two sides.
Moderators, mod parent up! In the words of the
Web hosting by geeks, for geeks. Now starting at $4/month (USD)! [trilucid.com]
Yes, this is my protest to the sig char limit
Re:Bail money (Score:5, Insightful)
His argument can be expanded to deal with almost all forms of oppresive government. Bolshivism, Nazism, Maoism, to say nothing of the numerous military dictatorships the world over (yes, these count too. If the entire country decides that a ruler is just an asshole and that opposition is the only option, he will fall), all of these rely on their implicit ability to define right and wrong.
Are we letting big buisness and other corrupt hyper-capitalist interests define that for us? It's a question left up to history to decide, but I'm not above saying that it scares me sometimes.
Re:Bail money (Score:3, Insightful)
Don't forget organized religion...
Re:Bail money (Score:2, Funny)
We still have the right to vote out those that are violating our liberties.
If enough people are made to care and support liberty, then we can elect pro-liberty leaders and make the USA more free.
Re:Bail money (Score:2)
Neither can I legally support a political party with money (Though I don't know if I'm obliged to complain if the USLP charges my credit card and I don't mind. I suppose I could just offer to buy contribution receipts from others, encouraging them to contribute more in the process).
Re:Bail money (Score:1)
I guess places like slashdot don't count as manipulating peoples opinions and thoughts (open source first post!!!).
And while I am against most increases in anything government related, I am for many of the new "police powers" (such as wire-tapping--they are outdated laws).
Scott
Re:Bail money (Score:2)
Re:Bail money (Score:3)
Let me see if I understand you correctly... you are in favor of allowig the government to eavesdrop on your private communications *without* a warrant or true just cause? In case you weren't aware, given the recent expansion of police powers in the U.S., "just cause" now has a very loose definition.
Slashdot is like any other information source... you can take or leave whatever you like. The mass media conglomerates in America are QUITE different; community feedback and participation are only performed under the guise of cheap "we care about our viewers/listeners" stunts. Everything is pre-digested so Joe Sixpack can suck it into his brain with minimal effort. To illustrate: Slashdot is full of posts deriling the editors for being wrong, overly biased, etc. When was the last time you saw a CNN anchor reading viewer letters about how much he/she sucks on the air? Slashdot isn't designed to limit expression in the same way (well, unless you consider the moderation system evil, as some do).
Don't worry, your desired examples of citizens being locked up for releasing research will be forthcoming shortly, if my guess is correct. Sadly, we've already jailed Dmitry, who IMO definitely counts as "a scientist presenting his research". From what I can gather, lots of foreign groups and even entire nations aren't very happy with us for that. Of course, since we're the U.S., we can just barge onto the world scene and do whatever we like, right? Sure thing, no problem. That won't last forever, rest assured.
Web hosting by geeks, for geeks. Now starting at $4/month (USD)! [trilucid.com]
Yes, this is my protest to the sig char limit
Re:Bail money (Score:1)
Let me see if I understand you correctly... you are in favor of allowig the government to eavesdrop on your private communications *without* a warrant or true just cause? In case you weren't aware, given the recent expansion of police powers in the U.S., "just cause" now has a very loose definition.
No, I'm in favor of being able to get wiretap permission for a person, and then be able to tap cellphone, fax, phone, etc without having to go through more redtape.
To answer your second point, I've NEVER seen a CNN anchor reading letters about how much they suck. On the other hand, I see O'Reilly doing that EVERY DAY. MAybe that's why O'Reilly is the most popular news person in America now, overtaking the boring Larry King. And once again, SUCH intellectual elitism sickens me..."Joe Sixpack". I'm glad you're so much better than everyone else "Slashdot Geek Nerd Dork". I don't like giving labels like that to people, simply because I feel that somehow I'm better than they are.
Well, we'll see about scientist being locked up--I'm not buying the hysteria. Dmitri IMO was DEFINITELY not a "scientist" he made a commercial program specifically designed to circumvent copyprotection laws. In other words, he was making money off of selling pirated goods, indirectly.
Scott
Re:Bail money (Score:3, Insightful)
And once again, SUCH intellectual elitism sickens me..."Joe Sixpack". I'm glad you're so much better than everyone else "Slashdot Geek Nerd Dork". I don't like giving labels like that to people, simply because I feel that somehow I'm better than they are.
Wow, guess what? I consider myself a "Joe Sixpack" who happens to know how to code Perl. Funny, eh? Before you snap out with clever knee-jerk reactions, you might want to consider alternate meanings.
The term "Joe Sixpack" is generally used to denote the average consumer or products/services/information. Now, I *do* know that I am, to a degree, a bit better informed compared to the average citizen about a range of issues. Does this make me a "better person"? Fundamentally, no. It does, in many respects, make me a smarter consumer. Knowledge is available to anyone who wants to learn. A lot of people make a conscious choice to stay in the dark, and that I can't help.
Dmitri IMO was DEFINITELY not a "scientist" he made a commercial program specifically designed to circumvent copyprotection laws. In other words, he was making money off of selling pirated goods, indirectly.
Geez, you're off the deep end with that one. How do you define "scientist"? I think it's pretty clear that the term "computer scientist" could VERY WELL be applied to Dmitry, given the fact that his focus was largely on core research and not just coding. You're a bit misinformed concerning the issue of "piracy promotion" as well; please tell me how people with sight disabilities are supposed to access an Adobe E-book? Is that silence I hear?
The whole point of the "copy protection circumvenstion" was to allow for FAIR USE OF DIGITAL MATERIAL. Thank you.
Web hosting by geeks, for geeks. Now starting at $4/month (USD)! [trilucid.com]
Yes, this is my protest to the sig char limit
Re:Bail money (Score:1)
Wow, guess what? I consider myself a "Joe Sixpack" who happens to know how to code Perl. Funny, eh? Before you snap out with clever knee-jerk reactions, you might want to consider alternate meanings.
I apologize if your intent came across wrong, however I find that so many people in slashdot truly buy into the "we're a technological elite who knows better than everyone else" idea, and it certaintly seemed that that was what you were talking about. When you talk about "Joe Sixpack" in the third person, it automatically seems derisive, and that you are separating yourselves from "them". If this is not your intent, again, I apologize.
I would say Computer Scientist and computer programmer aren't the same thing. I'm getting my C.S. degree now, with a good bit of programming experience before taking any classes--just so you know where I'm coming from. As for Dmitri himself as a scientist or whatnot, I don't know--did he publish papers? I honestly don't know--I hadn't heard the issue of him as a research scientist come up.
I don't know how people with sight disabilities are supposed to access an Adobe E-book? Maybe they should have bought a largeprint version instead, or complained to adobe or the bookmaker about this. this is a VALID complaint. Unfortuantely, I think both you and I know that 99% of the uses of a programs such as the one Dmitri wrote would not be for such valid reasons. SHOULD e-books be available for ppl with such disabilities as you cite? Yes. Should a GENERAL purprose warez type cracking tool be marketed for just this reason? I personally don't think so.
Actually, how is reading reasons a valid concern? Can't you use E-books on a computer?? THey don't have to be on one of the specialized e-book readers, right?
Scott
Re:Bail money (Score:2)
Dmitry Sklyarov is a PhD candidate doing his doctoral thesis on e-book security. I think he qualifies as a computer scientist.
And I don't think whether he made a commercial product out of his research is pertinent in any way, shape or form. Considering the situation behind the RSA patent and subsequent 17 year encryption monopoly that ensued from "pure" research why can't Dmitry and some fellow programmer make some money?
I don't know how people with sight disabilities are supposed to access an Adobe E-book? Maybe they should have bought a largeprint version instead, or complained to adobe or the bookmaker about this. this is a VALID complaint. Unfortuantely, I think both you and I know that 99% of the uses of a programs such as the one Dmitri wrote would not be for such valid reasons. SHOULD e-books be available for ppl with such disabilities as you cite? Yes. Should a GENERAL purprose warez type cracking tool be marketed for just this reason? I personally don't think so.
Such a utility is legal in Russia. That's all that matters. The Russian company sold it on a server in the US. That was illegal under the DMCA. This is a business matter that should have been settled in civil court. Not by some malicious, trumped up criminal charges.
And you may categorize it as a warez tool but I see it as an extremely useful tool to evaluate a vendor's product. The company I work for wants to sell content on the Internet using secured documents. A vendor wants to charge us nearly a quarter to half a million dollars for a solution that is based on using "secure" pdfs. My CIO was unaware of how bad the security is with pdfs and with the Advanced E-book processor we can verify the vendor's claims and determine how much this security they are charging us a premium for is actually worth.
Re:Bail money (Score:2)
And let's not forget the veiled threats the RIAA made if the SDMI's flaws were presented in public. Add to that the aborted prosecution of Phil Zimmerman a few years ago. Oh yeah, and Dmitri, as I recall, wrote his software in Russia, not the U.S. He just had the bad luck to be visiting this country when he was arrested. That would be like being arrested in a foreign country while you're on vacation for having written a book in the United States that was illegal in the country you were vacationing in.
And I don't think I've ever seen any strong opinion of any kind expressed on CNN. Bruce Morton sometimes has pieces that approach something that might resemble an editorial, but he always stops short of taking a position. I always get the feeling that he wants to, but he never does. I wonder if management forbids him from doing so. Wouldn't surprise me. I long for the days when we at least had John Chancellor doing his commentary on NBC. It wasn't much, but it was better than the bland crap people are getting these days. Thank God we have sites like Slashdot. Even if I don't agree with all the posters here, at least I know that most of them are using their brains. If there is any time we need more of that, it's now. We don't have to agree all the time, or even most of the time. It's the debates that matter, and a willingness to listen to alternative viewpoints and to be open to the possibility that those with opposing views have valid points and something constructive to say.
Re:Bail money (Score:2)
Whatever analogy you use, the problem is that creating a product that can be used for an unlawful activity is not the same as using it for that activity. And if this software was illegal to use here, why was it sold here? Had its sale been legally barred? And the fact remains that writing such software, AFAIK, is not illegal in Russia. But getting back to the analogy, if this prosecution is completely on the up-and-up, then why is it legal to sell any of the following:
Guns: They're used to do all manner of illegal things, such as shoot people, rob banks, hunt animals out of season, and threaten people in a general way.Alcohol: People who drink tend to get drunk. This leads to all kinds of illegal activities, such as driving while intoxicated, speeding, driving recklessly, getting into bar fights, andassaulting one's spouse.
CD burners: Yep, CD burners. I know they can be used to make backups and all manner of other totally legal things, but we all know that they can crank out perfect copies of commercial music and software faster than Bill Gates can bribe the Dept. of Justice.
My point is this. Everything out there can be used to perform both legal and illegal activities. And yes, the software in question is perfectly capable of doing so. If I want to decode an e-book in my own home and use it as such in my own home, that's my fair use right, and this software allows me to exercise that right.
And just to touch on DVDs for a moment, since I know t's not far from this discussion. As a purchaser of DVDs, I have never agreed that I will not play them on, say, Linux. The only thing that I am prohibited from doing is showing them in a commercial setting or selling copies. If I can hack a toaster to play them, that's my business, and if someone tells me how to hack my toaster to do so, that's also my business, as long as I don't do anything illegal with the toaster's output.
Re:Bail money (Score:2)
Re:Bail money (Score:2)
You would be more accurate saying, "The whole point of the 'copy protection circumvention' was to allow for the kind of activities that we became accustomed to under the old-style 'fair use' rules."
Not that I agree in principle with with what happened to that Russian programmer, but as I understand it, it was all done by the book. It just so happens that the book has sunk to new lows.
"Fair use" of digital media is a shadow now, trumped -- legally -- by the DMCA. "They" passed a law that lets the publisher remove your right to manipulate things like e-books in certain ways. As a consumer AND a publisher I think it sucks, but it's the law of the land until a court overturns it, and that isn't going to happen without a high-profile case.
Wiretap (Score:2, Informative)
OK, scenario for ya: I work in a small office (25 people) and one of them is a subject of an investigation. When you pick up the phone anywhere in our office, the phone system grabs the next free line. That means that the FBI will be listening to ALL CALLS into and out of our office because this person may be using that phone. The legislation does not limit this! There was a Senator (can't remember the name, can't find it on Google) who had wanted to add that the tap was not allowed to be monitored if the suspect was not on the phone at the time, but this got shot down.
Another question is how often does a suspect use a phone before it's wire-tapped? Should we expect all public to be tapped? If I throw a party and a friend-of-a-friend makes a call or two to order a pizza, should I wonder if my phone is now tapped?
Echelon (Score:2)
Re:Bail money (Score:2)
And Dimitri doesn't have blue eyes because he owns yellow sneakers.
His work on the eBook decoder is most definetly computer science (cryptology). He's therefore a computer scientist. Regardless of what the software is used for, he is certainly a scientist. Now you might want to call him a 'rogue' scientist, but that's another issue.
Don't try to say that because you work outside of the law (Galileo) you aren't a scientist. And more importantly, what he did isn't illegal in Russia...
Re:Bail money (Score:2, Interesting)
No US scientists have been locked up for publishing their research. Many are at risk for such criminal action, and face the prospect that they could go to jail under the current law, if they publish their research.
To make the possibility excruciatingly clear, the US gov't has locked up a Skylarov, a Russian programmer/researcher under these laws. Some have attempted to argue that his case is "different" because he sold his information (outside of the US, incidentally), or because he's not a US citizen. This does not change the fact that under US law he would be equally vulnerable were he a respected US academic doing legitimate encryption research for no financial gain.
Given all of this, it seems somewhat mindless to demand that a few US scientists get themselves tossed in jail-- or sued out of existence-- before we start taking the problem seriously. Most researchers have no desire to run the risk, and have instead chosen to withdraw their findings and keep their heads down. I'm not sure why this is a position you would defend.
Re:Bail money (Score:2)
Re:Bail money (Score:2)
Either place has problems, come to Australia, just don't come by boat or we'll push you back out to sea! And if the US gets restrictive communications laws we'll try to draft some that are even more restrictive!
Currently encyrption is not restricted here (which has enabled Australians and New Zealanders to work on such things as SSLeay while those in the US could only watch due to the threat of imprisonment), but laws have been proposed in the past, and will probably resurface in two or three months when the government gets back to work.
You missed one nasty trend (Score:2, Insightful)
Stalin and Hitler screwed their accademic communities for politics and it nearly ruined them. It can be argued that both geared their artists to propaganda and their science to warfare but failed. Hitler made good weapons for a while, but was unable to develop high altitude long range bombers and nuclear weapons. Stalin had tanks and planes designed from prison. As good as those designs were, they were not as good as US. While some of the failure of Soviet agriculture was intentional, who can say what effect Stalin's wierd insistence on evolution of individuals had?
Will the US be next? The DMCA is only part of the picture. When you can't say what you think, you can't trust anyone and therfore don't know what to believe ever. If you can't trust your teachers because they are afraid of being fired, what do you really know? Such distrust of your neighbor is central to autocatic control. Beware of people who scoff at things "un-official" and recomend central control.
Re:Bail money (Score:3, Interesting)
Who has been locked up for this? Oh wait, no one has. Yeah, someone else was locked up because their company was selling a product based on breaking a US law, but no one has been arrested for this.
You can say "CORPORATE POLICE STATE!" all you want, but the fact is, this particular law is awful, one guy has been sent to jail, and there's been at least one court case so far which has affirmed that corporate interests do not outweigh free speech. Like every other horrible anti-speech law that has been passed in the last few years, it will die a slow death. People will be prosecuted under it, sure, but that's the only way to start the chain of events that leads to the Supreme Court striking the ugly thing down.
This isn't goverment thugs defending their interests. This is government employees doing their jobs, and scientists taking a moral stance, and the American legal system taking it's slow, painful path to justice, same as it ever was.
Yeah, democracy is the worst form of government, except for all those other forms which have been tried from time to time. Support the EFF, dammit!
Re:Bail money (Score:3, Interesting)
It isn't so much the actual current lockups (1 to be precise) that matter the most. It's the fact that countless researchers are probably wondering if they should ever publish their research again given the specter of arrest and lengthy imprisonment. I find it hard to believe you consider Dmitry to be nothing more than a "salesman pitching his product". In truth, his presentation in the States was more to do with findings of fact concerning his research into the system than anything else. The documents are all online, please check your sources.
No, I'm not screaming "Corporate polic state!". I'm actually screaming "Screwed up crap in the legal code!" which is quite different. The fact that you find it acceptable for innocent people to get their lives ruined in the "short term" (explain that to their families) over this is somewhat galling.
As for government employees doing their jobs, do we really have to go into the nasty details of other government employees "just doing their jobs"? Harsh example here, but I'm fairly sure a number terrorists groups (meaning their individuals actually doing the dirty work) are confident that they are (1) just doing their jobs, and (2) morally correct for doing so. It doesn't make it RIGHT.
As for supporting the EFF, according my bank statement I do that on a routine basis. Have you contributed recently?
Web hosting by geeks, for geeks. Now starting at $4/month (USD)! [trilucid.com]
Yes, this is my protest to the sig char limit
Re:Bail money (Score:2)
There are two ways to fight bad laws. The first way is to have elected representatives repeal the laws. Not damn likely, when the people that like the laws are the same ones who are paying for campaign ads.
The second is civil disobedience. I'm proud of any scientist who is willing to go against this law. It would be even more effective if the IEEE or other professional groups spoke out against the law. It would be even more effective if those groups told it's members to break those laws openly and publicly, and millions did it, and millions of tech workers were put in prison for it. However, I doubt tech workers (or even Slashdot readers) have that kind of code of ethics. I know I'd have trouble doing that, especially since I'd have no guarantees others were doing the same.
I laughed when a friend told me she was taking an "ethics for engineers" class. How ridiculous - what ethical questions do engineers have? Then I read the textbook, and realized that there's a big hole in CS and engineering education. For instance, I had no idea that, as long as certain criteria are met, a whistle blower that exposes fraud in a government contract is entitled to a portion of any settlement or judgement against his or her employer. I also learned how long a fraud conviction takes, and the personal cost involved, and had to think about what I would do in a similar situation.
I'm proud of these scientists. It sucks, but I hope they go to jail or get fined, and the wheels of justice move swiftly. Yes, I support the EFF. I gave them a chunk of G.W.'s tax rebate, and as soon as I get my damn hat, I'll probably give again.
No need for bail money (Score:2)
The difference between this and Felten case is, that Felten "cracked" watermark system, which isn't encryption per se. Stupid, eh?
V.
Re:No need for bail money (Score:1)
DMCA working against RIAA et al! (Score:1, Flamebait)
Great work! (Score:1)
Good crypto can only be developed in the open where it is subject to formal peer review and detailed scrutiny.
One of these days, this problem will solve itself when shareholders regject propriatary approaches becuase they don't work, are borken and don't make any money.
Shareholders need to be educated that the only way to make money of cryptographicaly protected products or information is the open way.
RGR
Re:Great work! (Score:1)
I would have accepted this paper a bit better if they had worked on a proof to support their conjecture.
Otherwise, they had a good proof on this system's vulnerabilities, provided no certs are involved.
Re:Great work! (Score:2)
It still has admitted failures.
However, it avoids the failures that require the ability of the attacker to spoof valid credentials
Most importantly, it was presented as the underlying method that may be the implementation of another, as yet unavailable, closed standard.
Of course... they should prove that *sarcasm*.
Re:He he ... "fabulous work" he said .. (Score:4, Insightful)
I'm sure everyone in NSA shares your educated opinion.
Most likely, NSA fully subscribes to this idea and promotes peer review of top-secret work. They have plenty of scientists with security clearances for that. If NSA doesn't send a paper for review to me or to you it doesn't mean that someone else, better qualified, doesn't look at it.
Re:He he ... "fabulous work" he said .. (Score:2)
Re:He he ... "fabulous work" he said .. (Score:2)
Don't you think that it might just be possible that the NSA was fully aware of the flaws in thier products, and was hoping that their standards would be widely adopted before anyone found out that they were peddling snake oil?
All cryptosystems boil down to trust. NSA can never be blindly trusted to give the general public a cryptosystem that they cannot themselves defeat. History bears this pattern out -- for example, NSA (and/or it's predecessor) flogged off Enigma machines to foreign governments and big businesses after WWII, touting them as "secure". Of course we now know that Enigma had been completely defeated by that time -- NSA and their British counterparts could break it, but (presumably) no one else could. NSA has no incentive whatsoever to promote or endorse a cryptosystem that they cannot defeat; any cryptosystem that the DO endorse must automatically be held suspect.
Also we must remember that just because there is no KNOWN (unclassified) attack on a particular cypher, that does not mean that NSA doesn't have an attack that hasn't been publicly re-discovered yet: there's substantial evidence that suggests NSA had developed differential cryptanalyis at least a decade before the technique was published openly.
Re:He he ... "fabulous work" he said .. (Score:2)
Or rather, what 10 undereducated volunteers could never put together in 10 years, a professional mathematician will do over the course of many months, and then have reviewed by several more mathematicians review over a period of years :)
Sorry for the flamebait, but amateur coders simply cannot reproduce the kind of work that professional cryptography requires.
That's not to say that they cannot go ahead and implement any developed algorithm out there... likely better than most cryptographers could do it... but that's not the same as coming up with the system in the first place.
Re:He he ... "fabulous work" he said .. (Score:2)
I don't remember offhand whether Rivest, Shamir or Adleman had their PhDs in 1977, but I don't think that the RSA algorithm was "amateur" cryptography. It was certainly professional-level research work, done at MIT under government grants. Pioneering work is not necessarily amateur.
The only real example I've seen of good amateur cryptography was from the Irish student a few years back. I think the jury's still out on that one though, and she was still a student of mathematics.
The point I was trying to make was that amateur coders simply cannot come up with good crypto, no matter how good their hacking skills. Amateur mathematicians, on the other hand, might get lucky.
And no, being a "professional" doesn't mean anything, but having your work survive the sort of peer review that cryptographic algorithms are subjected to usually does.
In Summary... (Score:2, Redundant)
In summary...
Conclusion
HDCP's linear key exchange is a fundamental weaknesses. We can:
Why do people continue to think they can build a secure system designed to simultaneous distribute data publicly and prevent its distribution?
Re:In Summary... (Score:5, Funny)
They belived a salesman. They don't know how get independent verification. They don't do the needed research. They... OOooo! a shiny object.
Re:In Summary... (Score:1)
Where?! <Looks around>
Re:In Summary... (Score:2, Insightful)
Why? Because there is a lot of money on the table to anyone who can claim to have succeded.
You and I both know this is actually impossible. What really needs to happen is that the manufacturing companies need to realise they are in the business of creating intelligence (going back to the definition of intelligence as a signal stream that has information encoded in it), rather than trying to force fit their manufacturing mind set onto the internet.
By this, I mean that all the music companies should admit that distribution of mp3's et al is now, for better or worse, close enough to free to be negligable. They can now stop trying to guess which band is going to be this summer's big hit (and thus mass produce cds, dvds,
What they get once they have opened the floodgates, is the ability to charge people for finding precise information, and also for subscriptions to new information.
Actually they made a step in the right direction (Score:1)
Re:In Summary... (Score:3, Insightful)
Why do people continue to think they can build a secure system designed to simultaneous distribute data publicly and prevent its distribution?
Maybe I'm missing something, but doesn't the DSS television broadcasting system do this already? I mean yes it's crackable now but I believe that by sacrificing some of the bandwidth for content and using it for security instead, it could be made a lot harder to crack than it is now.
Cloning is going to be next to impossible to fix, yes, but I wonder if you couldn't get around the "wait 6 months for your receiver's "stop" command to stop being sent" by throwing a lot of processing power at it and basically encrypting the stream to every (yes the entire subscribed population) system's public key. Perhaps cloning could be avoided by making the cards smarter and using techniques of self-destruction if the cards detect that they're being tampered.
I know I'm no cryptographer and it's late for me here, but the idea of having a secure system simultaneously distribute data publicly yet prevent distribution to unwanted systems doesn't seem impossible, just impractical at this point.
Re:In Summary... (Score:2)
In the case of HDCP, the protocol must remain public, so there is no chance for security through obscurity. They must solely rely on the strength of the protocol to cracking, whereas DirectTV has the strong advantage that no one outside the company secrets knows how the cryptography works.
This is why HDCP has fallen just as easily as DeCSS. Both relied on the security of the private keys, but ignored possible flaws in the protocol itself.
Re:In Summary... (Score:2)
In the case of HDCP, the protocol must remain public, so there is no chance for security through obscurity. They must solely rely on the strength of the protocol to cracking, whereas DirectTV has the strong advantage that no one outside the company secrets knows how the cryptography works.
So, other than the bruising of egos and the computation expense, what is wrong with using RSA/DSA key cryptography instead of some cockamamie homebrew stuff? Those protocols are open (RSA's patent has expired IIRC) and seem to be holding up to cryptanalysis...
Re:In Summary... (Score:2)
So, I subscribe to DSS, wait for my box to decrypt the signal, then send the output of the box to my friend.
This is the fundamental problem -- crypto doesn't stop people who have the keys.
Of course it won't... at least not until people have the smartcard interface in the back of their head and tampering releases a neurotoxin.
Re:You're wrong! (Score:1)
Re:You're wrong! (Score:2)
You are allowed to hack the system and proove that it is broken (by showing exactly where is the flaw etc..) - but you cannot use the resulted crack for profit...
Enter ElcomSoft - they found a flaw in Adobe's eBook and made money from this hack by using it to make a "backup" program so you can "backup" your eBooks and in this case - the DMCA is right...
Lets be honest here - DMCA is a draconian law, but lets also be real here - Go read Adobe's statements, DMCA statements and other statements - if you're hacking in order to proof the world there is something wrong with the protection - then no one will sue you (did u see MS suing the guy who showed the flaw in their password? I didn't, what about the numereous flaws in HotMail? I didn't see them chasing those guys either)...
When will they learn? (Score:1)
Regards
HDCP (Score:1)
Re:HDCP (Score:1, Offtopic)
Ummmm, unless this is a joke (sometimes I'm dense about that), I should point out that DHCP has no security provisions at all. Both client and server have nothing to identify each other with other than name and MAC address, both easily forged.
From the DHCP server's perspective, you can't keep the clients from claiming any IP they want, so there's not much sense in trying. (Use smart switches or IPSec layers or the once-considered-secure 802.11b for partial protection there.)
From the client's perspective, you either trust what the server tells you (and yes this can have security implications - if someone can give you a fake DNS server you are open for man-in-the-middle attacks) or you hard-wire everything in.
Side effect (Score:4, Insightful)
The DMCA aims not only to protect companies who use crappy encryption from hackers, it aims to hide from the general public the potential dangers of using encryption that could have been deliberately made to be crackable. So the government could release some (easily crackable) encryption standard that gets added to a lot of hardware and software but the people won't know that their privacy could be easily violated because it would be illegal to try to crack the system. This then makes people vulnerable.
Perhaps I just thought of something that everyone knows already, but I wanted to voice it nonetheless.
If the goverment... (Score:1)
A chink in the DMCA (Score:2)
I think you may have hit upon a key step in fighting the DMCA: we need to point out that, stripped of all the falderal it is intended to let manufacturers pass shoddy goods off on us poor consumers.
If only some brave defender of the consumer/voter/masses would come forward to defend us from these cads (say, leading up to an election)...I'll bet the press would love it.
Remember, lobyists may give money, but they can be sold down the river in a heart beat if someone comes along offering votes.
-- MarkusQ
It was broken over 6 months ago. (Score:5, Informative)
I know of at least 4 researchers who have independently discovered the flaws. (See my other slashdot post).
After Skylarov and Ferguson, I was reluctant to point out that my work had been sitting around on cryptome since May. I suspect Keith Irwin felt similarily.
Neils wasn't the first to go public or even second, though he did raise a wonderful stink.
Just in case... (Score:4, Informative)
Mirror early, mirror often.
Unbelievable... (Score:5, Interesting)
From a part-time mathematician's perspective (ok, actually a physicist) this was the line that just made my jaw drop. What were they thinking?! If this text is correct, this algorithm may as well have been designed by a high-school student.
As several people have pointed out already, this is really one of the big threats of the DMCA -- that companies will go around using incredibly poor standards like this, and be immune to any pressure to improve their quality because their customers are legally forbidden to ask what they are receiving. It says a great deal about the present legal climate that anyone could get away with a mess like this cryptosystem in a commercial product.
*sigh*
not so unbelievable (Score:4, Insightful)
Re:not so unbelievable (Score:1)
Re:Unbelievable... (Score:2)
I don't want to see the day when they answer those consumers' question and truthfully tell us that their DMCA protected Digital Shackles(TM) are indeed quite effective.
From the indications I know of. (Score:5, Informative)
Intel wanted a scheme that could be implemented in under 10,000 gates. IMHO, the designers were aware of the flaw, though not necessarily of the full impact of the flaw. Some of the attacks are subtle.
This is unbelievably lame (Score:2, Informative)
Public/Private keys
Re:This is unbelievably lame (Score:2, Interesting)
But I have to say as well, the designer(s) probably took a few shortcuts to generate a working specification...like -
They used a ring that's WAY too small...56-bit keys can be brute-forced within months.
Then again, the proof doesn't attack this...only the modulus size (40-elt vectors), and that it can be cracked with a heuristic that takes at most 1600 operations.
They could add more keys to the modulus, but I suspect that it would have made an implementation unworkable...remember that DVD players don't have THAT much computing horsepower.
Sure it's bad...cause it's been shown to have a polynomial solution...the designer probably knew this already (and if he didn't, you're right...HE IS stupid! ); but he had to produce something...and that is what market-driven SW engineering is all about...it certainly is not comp. sci.
Re:DES can be brute-forced much faster than that (Score:4, Interesting)
The bruteforcing took 2 days on a sub $2000 FPGA running their published wiring schema.
Significantly cheaper than the EFF's machine, but then time does march on.
I contest your claim. (Score:2)
I'm not disagreeing about its lameness, just claiming that I didn't do a cryptoanalysis.
Also, the slides do elide out a few things, the operations occur in the ring of the integers modulo 2^56, This is a ring, not a field because even numbers to not have multiplicative inverses. You also have to worry about mistakenly assuming that you can construct stronger attacks than are actually provable based on the specification.
Second semester algebra might be pushing it, but I'd agree that just about any junior in math could crack it in about 10 minutes after pointing out the relevant section of the specification.
BTW, the designer is Intel.
As the person who was first..... (Score:4, Informative)
`` The attacks on HDCP are neither complicated nor difficult. They are basic linear algebra. Thus, there have been at least 4 independent discoveries of these flaws. The four I know of are my co-authors, Neils Ferguson, Keith Irwin (http://www.angelfire.com/realm/keithirwin/HDCPAt
What wrathful gods one risks angering by a 20 minute straightforward application of 40 year old math. This was an accident, not a habit. Like other researchers, I do not want to be smited and thus do not expect to analyze any more such schemes as long as the DMCA exists in its current form.
(This statement is my own and does not represent the opinions of my co-authors.)''
So, for those of you who watch cryptome, I broke it there about 3 days after it was leaked, 6 months ago. Keith Irwin also put his observations up 3 months ago. All of this predates skylarov and ferguson.
So, this is only the official version of the break, the slides I presented 2 weeks ago.
mirrored (Score:2)
Re:mirrored (Score:3, Informative)
here's the proper URL [firehead.org]
HDTV (Score:5, Informative)
Re:HDTV (Score:2, Informative)
There are quite a few early adopters who will be alienated by the lack of an appropriate digital interface (DVI or IEEE 1394) on their multi-thousand dollar HDTV. Without this interface their set-top HDTV tuner won't be able to verify that it's allowed to pass on a full resolution digital signal for HDCP encoded content. The result is that most current HDTV owners won't be able to watch full resolution pay-per-view, premium channels and whatever else the networks or MPAA will require be encoded with HDCP.
Why didn't they buy a set with IEEE 1394 or DVI you ask? Because there basically aren't any available. JVC has one set with DVI, select Mitsubishi's have IEEE 1394 and no set-top boxes have either! Even if you have a set with an appropriate interface, you'll have to replace your box and most of them are still close to $1K. Please, don't even get me started on the problems with the current set-top boxes.
The cracking of HDCP may futher delay the availability of additional content since the MPAA doesn't want full resolution HD movies being broadcast without it. I just wish the broadcasters, manufacturers and content providers could all just figure this mess out so consumers can start seeing beautiful digital TV. If you haven't seen a full blown HD signal on a properly configured monitor, you're really missing something!
BTW, don't even ask about the satellite boxes which include code that allows the direct broadcast satellite companies (DirecTV & Echostar) to downrez any program they wish to whatever resolution they choose!
Power in numbers? (Score:1)
I'd love to see them start going down the list
You're right. (Score:2)
*STUPID*
Cash registers, not fireproof safes (Score:4, Insightful)
For this purpose, it doesn't need to be mathematically valid, any more than a cash register needs to be fireproof and have a 28-digit combination lock. All that a cash register needs is to have a door that closes and stays closed. This means that you can't have things move from the cash register into your pocket by accident.
If there was a vulnerability in the standard which meant that you could access the signals without trying to, that would be bad news. As it is, the signals are only accessible by those who want to consciously make equipment designed for the purpose of veiwing them, which has no legitimate alternative use. In other words, the "crack" of this standard only refers to an attack which is against the laws relating to theft (in this case the DMCA).
This is not a "bad" or "stupid" encryption system; it's just an example of a company using the laws which protect them to cut a cost corner. After all, if one could trust people to pay for what they watched, they wouldn't need to encrypt the signal at all.
For a bunch of self-styled "engineers", slashdot has a really hard time understanding the basic concept of "fit for purpose".
Not quite... (Score:2)
The purpose is to prevent the consumer from intercepting the signal between the "set-top-box" and the TV, and doing something useful with it like making a digitally perfect copy of the material.
Ensuring payment by the consumer is a mechanism already in place - i mean, you've got the set-top-box, haven't you?
Re:Cash registers, not fireproof safes (Score:2, Interesting)
This is not a "bad" or "stupid" encryption system; it's just an example of a company using the laws which protect them to cut a cost corner.
I wasn't aware of it being the government's job to help business cut corners and increase profits.
After all, if one could trust people to pay for what they watched, they wouldn't need to encrypt the signal at all.
If you're going to send a signal into my home, be it over television airwaves or satellite broadcast, I should be able to do what I like to the signal. I didn't ask for your signal to enter my home. I don't have a contract with you promising to leave your signal alone. By attempting to decrypt your signal, I am not depriving you of use of the signal.
What ethical right do you have to demand that I don't examine that signal? Sure, there are laws against it, but laws and ethics are different matters.
By accessing your signal without paying, I am receiving benefit without reimbursing you. Boohoo. Not my problem. My local television stations seem to survive. Adapt to the problem, don't take rights from people to protect existing business practice.
Perhaps you'll claim that your right to not have your signal decrypted is similar to my right to not have my cell phone calls decrypted. Great argument, except I assume my cell phone calls are being decrypted for exactly the reasons above. I hope that cell phone technology developers are working on better encryption, but ultimately if my cell phone signal is available, I encourage you to go wild.
indeed, you aren't aware (Score:2)
Don't worry, numerous universities offer courses in "Law & Economics" which can cure you of this deficiency.
Re:Cash registers, not fireproof safes (Score:2)
The big deal is that you can be sent to PRISON
for dissemenating this information.
Re:Cash registers, not fireproof safes (Score:3, Interesting)
Ian Goldberg (Score:2)
The patch is simple (Score:3, Funny)
Ban the sharing of public keys!
Oh, wait...
Possible and impossible goals (Score:2, Interesting)
It's just that "content protection" is not one of those goals. If I have enough information to show a movie, I also have enough to re-show or rebroadcast it. No matter what the technology involved (assuming I have enough computing power).
Policy makers need to understand this distinction, let technology do its thing where possible, and don't expect it to do much of anything where it's not.
IMHO.
Re:Possible and impossible goals (Score:2)
For now. No system is 100% secure (with the exception of the single-use pad that comes close). Yes, if I chose a 256 length key no one today could figure it out. That we know of. But what about tomorrow? The reason brute-force attacks don't work today is because we don't have enough computing power. But tomorrow we just might have a (sigh) Beowulf cluster of machines that could brute force a 256 length key in a matter of hours.
So you change your key length. Which protects your future data, but not the data that they already cracked.
So I wholeheartedly agree with your second statement about content protection. But we have to be cautious about trusting even what we feel to be secure communications, unless you keep up with the Jones' of security and technology.
(IMHO :)
Re:Possible and impossible goals (Score:2)
You'll need to get close to perfect reversible computation working first, or thermodynamic constraints mean you'll need the power output of superclusters of galaxies to power your machine.
http://www.ai.mit.edu/~cvieri/reversible.html
Among other problems.
Working quantum computers would bring a 256 bit key down to the strength of a conventional 128 bit key, i.e. still safe for a very long time.
Re:Possible and impossible goals (Score:2)
With a 256-bit key, you simply don't do brute-force cracking. It's not possible now, and I would wager any amount that none of us will ever see the day when it is (if ever).
With 256-bit keys, you start looking at the algorithm for flaws, and the protocols which use the keys. If that looks hard, then you figure out where the key is stored, and attack it from there.
Unless you're dealing with 56-bit DES, or worse, 40-bit exportable SSL, you don't even think about using brute force. There's always a better attack.
It is possible... (Score:2)
I've thought over possible designs very carefully, but, given the DMCA, and my lack of a desire to aid, abet, or otherwise supply any support to any of these digital control technology schemes in any way.. But, with high confidence, I'd say that you could make something essentially hackproof.
I'll be mum, at least, but I can at least reference two proposed standards for you to read. See www.trustedpc.org (with CPRM hard drives, signed drivers, signed bioses, 'trusted windows'), or microsofts slides on the topic. Also, see DTCP, there they *did* use real public key crypto.
Read them, but don't try to break them; I don't want you to aid abet, or otherwise support the digital control freaks any way.
Scott
Re:I believe.. (Score:1)
Nobody has touched RSA, or RSA key exchange. The problem is the crytographic protocols and implementation. The protocols often use strong (re: compute intesive) cryptography to exchange weak (re: fast) cryptographic keys. It's the weak shit that is getting cracked. Also Protocols and implementations let information to leak about the weak keys. This alows cracks to exploit the leaked info, to find the private keys faster (re: polynomial time) than the standard approaches.
Someday these corporate dumbasses, who want to limit fundementally unlimited resources, will get a clue and start creating secure implementations. That is when you should be afraid.
Maybe they'll start developing their protocols and implementations in an open process. This would have a much better chance of flushing out the bugs . The only thing they need to really control is the master keys. A smart plan would be to develope the code in a open manner, then and only then start encrypting all their music, video, articles, with the super-secret "Master" keys.
We are lucky that they are following the security thru obscurity developement process. How many times will they fail before they start to wake up?
Sony is working on encryption to the monitor. Others are working on encryption to the speakers (usb speakers with DSPs in them). Combine that with a cluefull open developement process, and we are SCREWED in a squeal-for-me-boy kinda way.
Then we start hoping someone with the real keys reveal them (the whistle blower way). Or the big corperate dumbasses leave the keys on a not-quite-so-secure system and hackers release them.
The cryptographic algorithms aren't being attack it is all the dressing PROTOCOLS, IMPLEMENTATIONS, and PEOPLE.
Re:I believe.. (Score:2)
Do you have anything to support this assertion, or only anecdotal evidence of specific crypto systems being cracked? If the latter, do you know for sure whether they were cracked because of (a) inherent weakness in assumptions upon which all cryptography is based, (b) weaknesses in the specific algorithms used, (c) weaknesses in the software architecture surrounding the encryption, or (d) bugs in the implementation? I think you'll find that most "cracks" are either (c) or (d).
So what about my 1024-bit RSA private key?
BTW, "even 128 bit keys" is an empty statement. Number of bits is to key strength as megahertz is to computer speed. You can't compare different crypto algorithms, or different models of CPU, with such numbers alone.
Re:I believe.. (Score:2)
I've always thought that popular ecncryption schemes were sort of a boon to the people who need to decrypt them - instead of a million differing schemes, there is just a few with just a few differing amounts of 'bitness.' It makes their job so much easier to know that 80% of the people out there are using the same algorithm.
Re:I believe.. (Score:2)
Security by obscurity may or may not be effective - depends on who is trying to read your mail and how much time/money/effort they want to spend. In general I'm glad not to have to rely on it. Picking a weak but obscure crypto algorithm is a bad idea. (No pun intended, IDEA is neither weak nor obscure.)
RSA has stood the test of time - it has probably been through more hours of cryptanalysis by qualified professionals than almost any other algorithm, and nobody has found a serious flaw in it yet. Could it be cracked tomorrow? ("Cracked" in the practical rather than the academic sense.) Yes, but I'd bet serious money against it.
Now ... if 80% of the world used the same program to produce their RSA-encrypted e-mail, that's when it's time to worry. Because I have a lot less confidence in an individual program being bug-free than I do in RSA itself being secure. That's where the famous software monoculture (i.e. "everyone runs Microsoft Outlook in 1999, ergo Melissa", or "everyone runs Sendmail in 1988, ergo Morris worm") problem lies.
Re:I believe.. (Score:2)
Agreed.
The point I was trying to make, was because people use the same algotithm, it's easy to just throw computing resources at a decryption problem. If everybody used ad-hoc encryption, a little rot13 here, a mix of RSA on top of that, followed by some bothched LZW compression - then you would have to throw human resources on the problem, and that gets expensive.
Beacuse RSA is perceived to be almost perfect, nobodty uses one time pads - and that would really piss off the powers that be. RSA.
Re:I believe.. (Score:2, Interesting)
Your post is slightly off topic, but what the hell. Here we go.
Sorry to say it, but you'd have to have an awful lot of resources to break even a 128-bit encrypted message. As in, more resources than most corporations are prepared to devote to such a task, and more resources than the gov would dedicate without a fairly damned good reason (well, at least a "good reason" in *their* view).
Second, you'd have to have INSANE computing resources to break a 1024-bit or 4096-bit PKI encrypted message. As in, more resources than are practical to assemble in reality these days. Your argument just doesn't hold water. Yes, people who *claim* to use cryptography (when in fact their systems are fundamentally broken/flawed) are setting themselves up for a nasty fall, but folks who use encryption properly are far more immune.
Until, of course, the government decides to arrest folks for using crypto to begin with
Web hosting by geeks, for geeks. Now starting at $4/month (USD)! [trilucid.com]
Yes, this is my protest to the sig char limit
Large numbers (Score:2)
Oops (Score:2)
Re:Again... (Score:1)
That's like microsoft with their stupid XP authentification...3months before it was in stores everyone had cracked versions of it
You are missing the point of XPs copy protection. Its NOT so much meant to stop 3l33t pir8 groups from cracking/distributing it as it is to stop casual piracy. IE, Jim buys a copy for $x then gives his copy of Bob & Jane.
This is the area that Microsoft is loosing real revenue. MS dosn't really care if mr 3l33t hacker dude downloads a copy from the net and installs it on his other machine because mr 3l33t hacker dude would never have bought a copy anyway, but Bob & Jane might have.
Re:Hey! (Score:2)
Hey yourself (Score:2)
And finding me online is trivial:
http://www.google.com/search?q=Scott+Crosby
Note the first two links.