Money For Nothin' From The SDMI Hacking Contest

OS24Ever points to this CNN story, writing: "SDMI is announcing that they are paying two hackers $5000 each for breaking the encryption on their watermarking technology." And as the article points out, conspicuously ignoring the fact that independent researchers have broken four of the watermarking schemes without getting taking part in the official contest.

This is DIVX Part 2 - Audio Edition

[sdo1]

I think a lot of people here are missing the point. They're not going to encrypt every CD with a unique number, but they WILL make you register your SDMI compliant play-back device (hardware or software).

Now maybe the original work you bought at the store has a watermark in the music. If your SDMI compliant device does not see said watermark, it won't play.

And if it DOES see the watermark, an ADDITIONAL watermark containing your unique registration information is added to the OUTPUT device, be it a digital out or analog out.

Now you capture that output (record it to tape, rip it to .mp3, or whatever) and then pass it around the internet... and BAM! They've gotcha!

From that file, they'll be able to read the watermark (assuming you haven't done a credible job destroying it while still maintaining the sound quality of the music) and they know EXACTLY who's equipment the file was produced on... and since you've registered that equipment (or software), they know exactly who YOU are.

Now go back to my 2nd paragraph. To make this even more ugly, maybe your SDMI compliant playback device will only play "clean" originals or copies from your own SDMI compliant devices. Try to play back some song that you copied from a buddy and his registration code is buried in the watermark. Bzzzzt. Invalid code. Will not play.

This is evil, evil technology. The way to stop it is the same way we stopped DIVX. Educate your friends and family. And don't buy SDMI compliant devices (hardware AND software).

-S