HDCP Break Proven

zavyman writes: "I just noticed at Cryptome that the flaws in HDCP posted to Slashdot earlier this year, which one person refused to disclose due to possible threats from the DMCA, have been made public by different authors. Scott Crosby of Carnegie Mellon University, Ian Goldberg of Zero Knowledge Systems, and Robert Johnson, Dawn Song, and David Wagner of UC Berkeley have published a formal cryptanalysis of the High-bandwidth Digital Content Protection System that proves its fatal flaws. Interesting reading for those with some background with cryptanalysis."

DMCA working against RIAA et al!

[sketerpot]

Some people have refused to make security problems bublic, thus weakeneing the security of HDCP (someone could have fixed it), and this works against the *AA media bunches. Ah, the irony of it....

A moment of insight...

[rice_burners_suck]

...made possible thanks to a few good beers. :-)

I suppose this just goes to show that no matter what kind of system is implemented, there will always be a way to break in. One of the biggest mistakes made by corporate management and government folks is mistaking some so-called technology for a proactive all-around security policy. Although HDCP is but a single detail in a sea of systems geared towards security, the same rule applies to any system: There is no such thing as perfection. This is why I get annoyed when I read an advertisement for some encryption software, firewall product or whatnot that claims to be 100% secure against intruders. It's just glossy marketspeak, and it doesn't cut it for me.

My personal rule of thumb, when it comes to security, is this: Security software is in many ways similar to the laws put in place by the government. Unless someone enforces those laws (or regularly maintains the computer system), the system can be circumvented. Obviously, there are vast differences in the actual work someone has to do, but the concept is the same. If only the PHBs understood that.