Slashdot Mirror
HDCP Encryption Cracked, Details Unreleased Due To DMCA
Lord_Pall writes: "There's a very good article on SecurityFocus about a Dutch cryptographer. He apparently has cracked the HDCP video encryption standard, but won't release the research for fear of reprisals under the DMCA."
Update: 08/15 06:10 PM by J : Meanwhile, see
Keith Irwin's paper
which has been released despite the DMCA.
Update: 08/15 07:00 PM by J :
And someone else points out
this old thing.
Everyone who hasn't written a paper on cracking HDCP raise your hand.
I know this guy, though I haven't talked with him for about six months. He does come to the USA periodically. His girlfriend is American and while they're both living in the Netherlands now, they do come over here once in a while. After the Sklyarov thing I'm not terribly surprised about his reluctance to come forth.
Last I knew, he was working with Bruce Schneier and Counterpane. It's possible that his connection to a US corporation also enters into the decision.
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
This is a very good essay. It does an excellent job of explaining the problem with the DMCA succinctly, and in a manner than anyone can understand. I'm going to keep this link and use it whenever I want to explain the problem with the DMCA to someone non-technical.
Free Hans!
A guy named Keith Irwin published a high level process for attacking HDCP a few weeks back and it sounds much the same (i.e. number of required devices, etc.)
a cks.html t ml
See the links below for his whitepaper as well as a previous discussion regarding this on a popular HDTV forum...
http://www.angelfire.com/realm/keithirwin/HDCPAtt
http://www.avsforum.com/ubb/Forum11/HTML/015261.h
That's the great about assymetric key encryption.
Yes, but most of the time the courts don't rule against the person who wrote the manual on how to pick the lock, created the skeleton key, or sold the lockpicks to the crook.
It's the act of breaking the lock, not information, tools or ability that allow one to bypass the lock, that should be, and already was illegal.
Politics aside:
A description of a fatal weakness in HDCP's was published by Scott A. Crosby a few days after the specs was published, and was independently discovered by many others. Crosby's attack appears to have the capabilities claimed by Ferguson and has negligible computational cost (inversion of a 40x40 matrix). It requires the built-in keys of any 40 HDCP devices, but this is presumably easy to achieve in the presence of software-based HDCP implementations).
Thus the new feature of Ferguson's attack is probably a way to extract the keys without actually hacking any device, but rather by talking to intact devices via the normal protocol. While this is interesting, HDCP should already be considered broken in light of known attacks.
Imho his goal is not getting his paper published, but getting people to think about the consequences of these laws. Unfortunately, this the only way we foreigners can protect our rights abroad.
Linked to this, in Europe a 'law' is being prepared (due Sept 3rd I believe) which forces a country to assist another country to eavesdrop (snif Internet traffic) on a user if he (she) did an illegal act in that OTHER country. To link this with a previous link (thanks for the thought), if China were to be part of such agreement, every couple with 2 or more kids could forget its privacy...
Joost
--Black holes are where God divided by zero--
Monkey sense
The Complete Document can be found here:
http://www.macfergus.com/niels/dmca/index.html
Very good stuff. Too bad they didn't link it in the story.
Many countries are cinsidering DMCA type legislation to bring them into compliance with the WIPO Intelectual Property Treaties. For more on the the legal constructs being cinsidered by the World Intellectual Property Organization, see their whitepaper "Technical Protection Measures: The Intersection of Technology, Law, and Commercial Licenses" (M$ Word or PDF). Take a good look at this stuff. It's important that people fully understand the actions being taken by WIPO and begin to realize that arguing about your rights or my rights isn't the critical issue. The critical issue is that if WIPO has their way, there will be no protection for citizens of any country, from potentially usurous and monopolistic IP practices.
--CTH
--Got Lists? | Top 95 Star Wars Line
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
However, even by claiming to have broken the encryption, he's placing himself at risk of being investigated, and possibly detained and questioned should he ever visit the US.
...
... hence the term "swear").
You are probably right, as the DMCA is clearly intended to be used as a club to squelch information and discussion under the (woefully thin) guise of protecting copyright holders.
However
(If I were to publicly announce that I had commited a crime, I would expect the authorities to take interest in me.)
... even the DMCA hasn't made it illegal to figure out how to decrypt encrypted copyright material, but rather has made the trafficking in devices using that knowledge illegal. By announcing he's done it, but not sharing the methodology, he cannot in any way be said to have "trafficked" in a circumvention device. To do so he would have to publish, and this he has not done. Not that that will stop Intel or someone else affiliated with the Copyright Cartels from swearing out a false afidavit and falsely imprisoning this individual (and, interestingly, while the Sklyrov case goes forward I do not see anyone from Adobe being arrested for Perjury, which swearing out a false affidavit is
Of course, it is only a matter of time until someone does publish, probably anonymously, and DHCP dies the death it so richly deserves.
The software world, which relies on restricted copy priveleges (copyright) far more heavilly than even the Media Moguls of Hollywood and New York, learned over a decade ago just how futil copy protection schemes were. Instead, they chose to go another route, making serial-numbered copies traceable rather than uncopiable (something which has been shown mathematically to be myth in any event). Interestingly enough, having people's names attached to serialized copies of software had a chilling effect on copyright violation that no amount of copy-protection schemes and hardware dongles was able to achieve. It didn't eliminate it, but it sure cut down on the number of people willing to share their copies of software with anyone other than, at most, their closest friends.
The Copyright Cartels and Media Conglomerates refused to learn this obvious lesson, prefering instead to believe they have purchased protection through the DMCA sufficient to allow even the most flawed "copy protection" to stand through artificial threat with a government gun in contradiction to both information theory and basic physics in the physical world.
Of course, when "casual copying" has been mostly eliminated and fair use is dead, the industrial copyright violators will still be producing illegale wares in quantity, until they in turn are shut down using methods and laws which have been around for decades. Which underscores the real motivation and target behind MPAA and RIAA purchased legislation such as the DMCA: the individual consumer, not the commercial copyright violator.
The Future of Human Evolution: Autonomy
Why are you linking to a crappy article on Securityfocus.com ? Please go read the original document:
http://www.macfergus.com/niels/dmca/index.html
He talks about why DMCA sucks. The Copyright issues, Jurisdiction, Freedom of Speech etc.
A must read !
--sn0w
Newsweek has also has a very anti-DMCA article on their now hosted MSNBC website.
http://www.msnbc.com/news/612847.asp
Read the article and give it a "10" at the bottom so that it might show up under the MSNBC Viewer's Top 10 list and people will find out about this.
jeb.