Slashdot Mirror
Digital Display Encryption Details Leaked
Phill Hugo writes: "Cryptome has details of the High-bandwidth Digital Content Protection System which will be implemented as content control between computers and monitor screens. I wonder if continued leaking of the details of the many copy-protections systems will make them unworkable. Who's willing to follow suit in the other camps?" Your monitor will soon be a "licensed monitor device".
I'm going to stock up on normal monitors now, and sell them on ebay in 5 years.
I'll make a fortune!
(1) The Right of The People to make unlimited copies of copyrighted materials, which they own or hold a valid license to, for their own personal use shall not be infringed.
(2) The Right of The People to transfer ownership or licenses of copyrighted materials , and at their own discresion, (with all copies made therof, if any) to another party shall not be infringed.
(3) The Right of The People to make a copy, in any format, of a copyrighted work aired on a public or subscribed broadcast medium for time shift viewing purposes shall not be infringed.
(4) The Right of The People to possess the hardware and software and other tools necessary to carry out the above shall not be infringed. (5) These rights, as a whole, shall immediately, retroactively, and for all time preempt the portions of all contracts and licenses contrary with the above.
Seem fair? Changes? Additions?
To summarise for those who haven't read the thing: I initially thought, "Ok, cool, so we just reverse engineer the secret keys and KSV out of the hardware that we have access to and implement in software." We don't have to know what the hell's going on, just get access to the keys. Any cryptosystem is broken if you can get a hold of the secret key(s).
Aha! But they know this is possible, so they've built in a method to get the system to check for known leaked secret keysets and KSV's. It's broadcast in the media, so your copy of The Matrix will play fine, but Antitrust knows your keys are compromised and so won't play. This is basically the same as revoking your PGP/GPG key if it becomes compromised. Actually, from my quick read of this spec, they appear to have designed a variant of public key cryptography. I'll leave the cryptanalysis of the algorithm to someone actually good at it.
Key management is the real weakness here, though. Sure, if a keyset is compromised it can be tagged as such on newer media, but old media which _doesn't_ know the keyset is compromised should play fine... unless the values are stored in NVRAM or similar on the video card or in the monitor, which would be what I'd design in if I were trying to take all your rights away.
That's a management nightmare, though. Just look at the proliferation of DeCSS. Now imagine a similar program for decoding the video stream and an online database of compromised keys. Sure, the HDCP consortium can update their compromised keylists, but there's a time delay in getting those updates out to the hardware (using the video media as the vector). Cue a game of cat and mouse with the hackers putting out keysets and the HDCP struggling to keep their updates moving.
The big problem that they don't appear to realise is that they are sending the secret keys out into hostile territory! The only way a cryptosystem can remain secure is if you can maintain security of the secret key(s). If the user were choosing the keys for the hardware themselves to protect a datastream over a local video broadcast medium, then that would be fine, because the person choosing the private keys is the person who can maintain the security of those keys.
An analogy: creating a PGP key pair and placing your public key on the 'net for people to use. Now encode your private key onto a CD, which you give to someone. They leak your key, so you issue a recovation and generate a new keypair, but every time you generate a new keypair, you publish your private key (no matter how it has been obscured). As soon as someone other than you has access to your private key, it should be assumed to be compromised.
All in all, a better attempt than CSS, but still fundamentally broken.
Just because you're paranoid doesn't mean they're NOT after you.
I think the only answer would be customer demand. So how can the movie studios create this demand? By releasing movies that will ONLY be playable on conforming equipment.
But this is going to be a huge hurdle, much bigger than the introduction of DVDs. With a DVD, at most you have to buy a DVD-ROM drive or a DVD player that now costs under $200. But this new protected videostream is going to require you to buy a new protected DVD player AND a new protected TV. (Or for PC folks, a new video card and a new monitor.) Now you're paying at least $500, probably closer to $1000. That's pretty severe! These movies are going to have to be awfully good to make it worthwhile for anyone who isn't rolling in money.
The eventual disappearance of NTSC broadcasts is going to be tough enough to sell even when "all" most folks have to do is buy a set-top box. But tell everyone that they must replace every TV they own, and I don't think they'll go for it.
Therefore, I think the only way for this to go through in a big way is for the movie studios to get together and buy all the major monitor manufacturers. Good luck, fellas.
Is for ONE person to make a device to tap into the signal going to the picture tube, and this protection scheme will be useless.
It is getting to the point where I am going to ACTIVELY pirate copyrighted media, just to show my absolute disgust for the MPAA and RIAA. This blatent manipulation of the computer and electronics industry by these monolithic giants must stop.
Feed the need: Digitaladdiction.net
While I'm not totally against the concept of "rights" in the form of "pay the person whose content you use, I would like to know exactly where in this mess of crap are MY rights protected? I think shit like this is way out of line when implemented as hardware requirements . Who the hell made the Movie and Song industries the people who get to choose how I use things for which I've already paid for?? Hell, never mind about the content that I've paid for, who the hell made them the arbitrers of how HARDWARE that I purchased - PURCHASED!- functions? It's ridiculous to the extreme and would make for some seriously deadly comparisons to other industries. You'll notice that if Ford doesn't like how I drive my car, they can shove it up their ass. The same of course goes for the people who made my microwave, and desk lamp; all of them can think whatever they like but having paid for these goods, I decide how I use them.. And can anyone tell me where the concept of free and open markets making decisions on what (products) live or die, went...?? Bastards one and all..
So what would happen in that case is that the hot new releases would be unpirateable for awhile (and thus people who wanted to see them would have to pay for them), but after a period of time the keys would be compromised and anyone could copy, excerpt, or modify the original work.
If you squint a little -- okay, if you squint a lot -- it almost looks like something the U.S. founding fathers would approve of. The creators of new works would have a limited period of exclusive distribution (providing an incentive to create works), after which the works would fall into the public domain.
TheFrood
If you say "I'll probably get modded down for this..." then I will mod you down.
This doesn't require an act of Congress to mandate or any strong arm tactics against the manufacturers. It is an integral part of the evolution of video. And for you audiophiles, both DVD-Audio and superCD (or whatever Sony calls it) are already encrypted on the media.
And before you think I see this as either a good or neutral development, I don't. This is another step in the entertainment industry's plan to strip we consumers of all of our rights and force all media into a "pay-per-view" scheme.
How many of you use SDMI or ATRAC vs. MP3? Show of hands? Case closed.
sulli
RTFJ.
We see theese kind of things popping up everywhere. "Pirate-protection" on cds, computergames, compressed music, vcrs, dvds, harddisks and now, as if it wasn't enough, The game of profit-maximizing makes buissiness out of encrypting signals in the 1m wire between my computer and my monitor. I have to ask myself one question - WHY? Why are someone allowed to control my pc? Why are someone allowed to limit the use of services I have legaly purchased? If I purchase something, I like to think of it as my own. I own my car, my tv, my bike and my books. I can do with it what I find delightful or funny - whenever I feel like it. Unfortunately some fuckhead came up with the idea of "licence-agreements" - and worst of all, most governments in the world allows this kind of development-brake to be switched on. If I would like to know how this pc operates (it runs winME), I'm not allowed to. I'm tried to be prevented from having my DVDs copied, someone tries to prevent me from copying my purchased music, someone is trying to have my purchased books time-limited, someone is trying to stop me from taping TV-shows, and now - as the top of the "kransekake", as we say in Norway, someone wants to keep me from listening in on the signal MY OWN pc tries to send to MY OWN terminal. I liked to think of my own as my own. Just as Linus pronounces linux as linux. But I'm not allowed to. This has got to stop. If this common policy continues, we are not allowed to change the lightbulbs in our own homes, we won't be allowed to open the hood on our cars, we won't be allowed to install our own car-stereo, and we won't be allowed to not watch commercials. Someone has got to say NO at some point, or civilisation is going down - driven to the ground by its own hunger for profit. I'm not a communist - far from it, but I do want to point out a communist fact, manely that the people are in charge. Or, for you american citizens, you were in charge. Then you found out that you had to let the money take control, and now it's the buissinessmen in the USA that litterally controls your lives. And when I thought you'd seen what you have become, you elect - of all the idiots in your country, Mr. George W. Bush as your president. I've gotta laugh. But everywhere else in the world, I would like you to think about what kind of control you want over your own life. Think abiut it the next time you are to elect your representate to the natonal-government. Of course we don't want to steel things - but then again, that's why we BUY it. What we are really doing nowadays is renting stuff - but noone calls it that. I wonder why...
I'm talking to YOU. You know who you are. You're the guy with the ability (money) to run for political office, and could probably win, but you don't want to get into politics. You're leaving the governing of your nation to the more corrupt or power-hungry or lawyer-type or self-centred bastards who don't give a damn about society as a whole.
Run for office, for Christ's sake, because the way it's going, it will only get worse! Get off your ass and make a small sacrafice for the rest of us. You can do it! We're only asking for two terms.
Damn, at first I thought you were familiar with the US government. Then I got near the end, where you actually think a regular person could make public office, like the found fathers intended, and not just schmuck millionaires.
Boy are you stupid!
"And like that
But with more and more of the rules we find ourselves living under being dictated by corporate groups, could it be that the line between business and the state is blurring?
I look at phrases like "licenced monitor device" as being the beginning of a worrying trend. The reason is that we're moving from a situation from where something we already had (as opposed to, say, a DVD player, or personal computer, where licences have been a major component since they were placed on the market) being replaced by equipment where tough restrictions on its use are being enforced. Those restrictions are protected by force of law - if you opt to use the equipment without following these rules, you may find yourself being sued. Yet these rules are not being subjected to democratic review.
In the case of TV and radio, the former of which we're seeing this new regime encroach upon, the latter of which we may see soon with the marketing of digital radio and current trends suggesting every digital media device being given these restrictions, this strikes me as particularly obnoxious because over the last 50 years, we've come to rely upon this as a source of much of our information needed to make reasonable judgements about the world we live in. Media has moved from print to radio to TV, and, imperfect though it is, it seems important enough to me to be a source of concern if you can no longer access it without agreeing to rules that you may find blatently unfair and/or counter to your beliefs.
I've seen it argued that licencing rather than legislation is better because you create freedom of choice and let the markets cater for people. But where you have a monopoly, be it on the provision of broadcast television signals for a consortium of interested parties, or a critical piece of system software needed for compatability with peers, is it reasonable to argue that users do have the capability to choose between different products with different licences, and would it not be reasonable to at least have some basic rights instituted for users, at a legal level, so that producers cannot dictate how people use information they have paid for, or equipment they have paid for, in the privacy of their own homes? Does the alternative, which is what we appear to be seeing the start of now, replace elected oversight of law making with unelected legally enforcable rule making?
--
You are not alone. This is not normal. None of this is normal.
C-style notation is used throughout the state diagrams and protocol diagrams, although the logic functions AND, OR, and XOR are written out where a textual description would be more clear.
The concatenation operator ' || ' combines two values into one.
I stopped reading about there to go off and fix all my C code. Since when has || been a concatenation operator? To think that for all these years I thought it was a logical OR. No wonder none of my programs work.