Slashdot Mirror

← Back to Stories (view on slashdot.org)

CPRM Lecture

Posted by michael on from the getting-schooled dept.

QuantumG writes: "I've written a summary of the lecture at Stanford by Jeffery B. Lotspiech / IBM. John Gilmore (EFF) was there and other than hounding Lotspiech with ethical questions, gave me a free T-shirt." We can't argue with that. Stanford has the video online, in a format so proprietary and restricted that the current version of the player has no concept of "saving" a video download to your computer. There's some sort of lesson there, I think. But the video is good, well worth watching.

2 of 102 comments (clear)

  1. The real problem.... by bencc99 · · Score: 4

    ..with CPRM is that they've been pushing for it to be integrated into the ATA specification, which contrary to what they claim *IS* very relevant to hard drives. They claim it's specifically for removable devices, but almost all removable hardware uses the ATAPI commandset -of which CPRM won't be a part, so it will be largely ineffective from that point of view.
    AFAIK, the only mainstream removable device that uses ATA is onstream's series of ADR tape drives.

  2. Interesting Lecture. by JWhitlock · · Score: 4
    I'm watching the lecture now, and I'm impressed by the quality of the video. Some text is illegible, but I'm sure the PowerPoint presentation would be availible elsewhere. There are multiple cameras, cuts to the audience, etc. Stanford has a pretty professional system.

    The speaker is fairly vague about the whole thing, or perhaps I'm not familiar with the tech. The idea seems to be that each device gets 16 (out of 2^64?) keys, that will allow the device to decode a file in their propriatary and patented C2 algorithm. Devices may, by chance, share one or more keys, but not all 16. In addition, keys appear to be serially numbered, so that decryption uses Key 7892's data, as well as the fact that it is key #7892.

    If key X is compromised, and the powers-that-be discover it on Day 0, then on Day 1 all new media would return garbage when key X was used. The distributer of the key wouldn't be affected - he has 15 keys left. Other users shouldn't be affected - most still have 16, some have 15 left. Users of the illegal key would be unable to see new media, but Day -1 media and earlier would still be accessible.

    In any case, new media has a serial number, and some standard fields (some in write-only space) that encode the permissions on the media - if copies are permitted, if instead copies are "check out", deleting the original. Complying devices, the only ones with keys, obey these fields because they agreed to when they liscensed the technology. The speaker claims that there is no restriction on copying data, but you either have to know the decryption algortihm (very hard) or have a keyed device to decode the file.

    Under the scheme, you could have a peice of media with serial #4, with encrypted data and instructions that the data can only be played if it resides on media with serial #4. Since you need industrial equipment to write a serial number, you can make a perfect copy of the Matrix DVD (onto media with a different factory-endoded serial number), and a compliant player would refuse to play it. If my Matrix DVD was re-writable, I could image the DVD to my hard disk, for back-up purposes, tape South Park on the DVD, then when I wanted to watch the Matrix again, copy it back to the original DVD, and only then it would play. If the original was physically destroyed, I'm out of luck. Backups, in the traditional sense, would not be allowed. He aluded that all complying media would have some writable areas, to allow the accounting needed to make backups, etc.

    So it's a combo of technology, licsensing, and patents. Great.

    The submitter's webpage argues that software players would break the system. It might be hard to retreive a key from hardware, but not as hard from software. He argues that Window's Media Player would have 16 keys for all copies, all these could be found, and soon WMP would no longer work. Microsoft would have to issue a new WMP, and the cycle would continue.

    I disagree. Either the protection would be a the disk drive level, WMP would have different keys for every copy, or hard-drive based software would be outside of the realm of CPRM. If the protection is at the disk drive level, WMP would rely on the hard drive to provide keys and decoding, and by distributing keys you would only be limiting your own ability to play new media. If each copy of WMP has its own keys, then again, you aren't damaging Microsoft, but you may be linking yourself to the crime. If you compromise two keys, then Microsoft may me able to link you to breaking the keys.

    However, I doubt that this tech will be used on hard drives. They would have to standardize the encryption, which they don't want to do. More likely is that CD-ROM and DVD-ROM drives will be unable to play CPRM CDs at all. We'll complain, the content providers will say tough shit, buy a new CD player. Since all previous technology would become obselete, I doubt this will catch on like wildfire.