Slashdot Mirror
HDCP Break Proven
zavyman writes: "I just noticed at Cryptome that the flaws in HDCP posted to Slashdot earlier this year, which one person refused to disclose due to possible threats from the DMCA, have been made public by different authors. Scott Crosby of Carnegie Mellon University, Ian Goldberg of Zero Knowledge Systems, and Robert Johnson, Dawn Song, and David Wagner of UC Berkeley have published a formal cryptanalysis of the High-bandwidth Digital Content Protection System that proves its fatal flaws. Interesting reading for those with some background with cryptanalysis."
Funny, yes, but rings sadly true. My guess is that it won't be long before the boys in black pay these fellows a visit for a friendly chat. I can't say how much the fact that this scenario is likely disgusts me.
I read the cryptanalys, and although I don't pretend to competely understand the concepts contained therein, it was nonetheless very interesting, and IMHO valuable, information (bad grammar there?).
Here's a question that comes to mind related to all the legal ramifications of this disclosure. I hate to say it, but I somehow got the impression during the start of the whole Dmitry thing that it was easier for the Feds to go after him because he is Russian. In the case of these guys, however, they don't have that added bit of leverage in the public eye. These individuals are all highly respected members of the cryptography community, and have strong ties to universities here in the States.
I get the feeling that legal action taken toward any of them would generate a FAR greater public outcry than we've seen with Dmitry. I'm not saying this is right or fair AT ALL, but at least it might buy some leverage in favor of true justice. Then again, under true justice people wouldn't be prosecuted for such "crimes" to begin with
I can't decide how to feel. On the one hand, I have an insane degree of respect for them for publishing their research, and on the other I still have many fears for their freedom.
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
Yes, this is my protest to the sig char limit
One more note: it's sad how this nation (the U.S.) finds locking up scientists for publishing their research acceptable.
If seems awfully close to the practices of the old U.S.S.R. People can call me an extremist all they want for having this view, but many of the Iron Curtain policies don't seem so alien anymore. We lock up scientists, have mass media monopolies that manipulate the masses, and recently massively expanded "police powers" in government. Seems pretty nasty to me. For all those who think the recent intrusions upon civil liberties are "only temporary during our nation's hour of crisis", history shows us differently.
BTW, if you're gonna reply, please be polite. If you're gonna email, use my public key. Thanks.
> Why do people continue to think they can build a secure system designed to simultaneous distribute data publicly and prevent its distribution?
...), and instead just release all their archives of data for free onto the market.
Why? Because there is a lot of money on the table to anyone who can claim to have succeded.
You and I both know this is actually impossible. What really needs to happen is that the manufacturing companies need to realise they are in the business of creating intelligence (going back to the definition of intelligence as a signal stream that has information encoded in it), rather than trying to force fit their manufacturing mind set onto the internet.
By this, I mean that all the music companies should admit that distribution of mp3's et al is now, for better or worse, close enough to free to be negligable. They can now stop trying to guess which band is going to be this summer's big hit (and thus mass produce cds, dvds,
What they get once they have opened the floodgates, is the ability to charge people for finding precise information, and also for subscriptions to new information.
The DMCA aims not only to protect companies who use crappy encryption from hackers, it aims to hide from the general public the potential dangers of using encryption that could have been deliberately made to be crackable. So the government could release some (easily crackable) encryption standard that gets added to a lot of hardware and software but the people won't know that their privacy could be easily violated because it would be illegal to try to crack the system. This then makes people vulnerable.
Perhaps I just thought of something that everyone knows already, but I wanted to voice it nonetheless.
Perhaps they didn't realize it was a linear system. Many cryptosystems are broken when someone figures out "but your incredibly complex system is really mostly just doing X", for some well-known mathematical construct "X". Real cryptographers have made similar mistakes in the dim past, although in 2001, it is perhaps a little late for repeating this particular one.
Why do people continue to think they can build a secure system designed to simultaneous distribute data publicly and prevent its distribution?
Maybe I'm missing something, but doesn't the DSS television broadcasting system do this already? I mean yes it's crackable now but I believe that by sacrificing some of the bandwidth for content and using it for security instead, it could be made a lot harder to crack than it is now.
Cloning is going to be next to impossible to fix, yes, but I wonder if you couldn't get around the "wait 6 months for your receiver's "stop" command to stop being sent" by throwing a lot of processing power at it and basically encrypting the stream to every (yes the entire subscribed population) system's public key. Perhaps cloning could be avoided by making the cards smarter and using techniques of self-destruction if the cards detect that they're being tampered.
I know I'm no cryptographer and it's late for me here, but the idea of having a secure system simultaneously distribute data publicly yet prevent distribution to unwanted systems doesn't seem impossible, just impractical at this point.
And once again, SUCH intellectual elitism sickens me..."Joe Sixpack". I'm glad you're so much better than everyone else "Slashdot Geek Nerd Dork". I don't like giving labels like that to people, simply because I feel that somehow I'm better than they are.
Wow, guess what? I consider myself a "Joe Sixpack" who happens to know how to code Perl. Funny, eh? Before you snap out with clever knee-jerk reactions, you might want to consider alternate meanings.
The term "Joe Sixpack" is generally used to denote the average consumer or products/services/information. Now, I *do* know that I am, to a degree, a bit better informed compared to the average citizen about a range of issues. Does this make me a "better person"? Fundamentally, no. It does, in many respects, make me a smarter consumer. Knowledge is available to anyone who wants to learn. A lot of people make a conscious choice to stay in the dark, and that I can't help.
Dmitri IMO was DEFINITELY not a "scientist" he made a commercial program specifically designed to circumvent copyprotection laws. In other words, he was making money off of selling pirated goods, indirectly.
Geez, you're off the deep end with that one. How do you define "scientist"? I think it's pretty clear that the term "computer scientist" could VERY WELL be applied to Dmitry, given the fact that his focus was largely on core research and not just coding. You're a bit misinformed concerning the issue of "piracy promotion" as well; please tell me how people with sight disabilities are supposed to access an Adobe E-book? Is that silence I hear?
The whole point of the "copy protection circumvenstion" was to allow for FAIR USE OF DIGITAL MATERIAL. Thank you.
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
Yes, this is my protest to the sig char limit
The German philosopher and author, Adorno, had some sage words on this topic. He argued that Facism was the outgrowth of a people with so fragile an ego that they lost the ability to belive in their capability of judging for themselves what was right and wrong. Adorno argues that when this happens we allow demagauges (sp?) to make those judgements for us, and the result is the concentration of an enourmous amount of power in the hands of a very very very few.
His argument can be expanded to deal with almost all forms of oppresive government. Bolshivism, Nazism, Maoism, to say nothing of the numerous military dictatorships the world over (yes, these count too. If the entire country decides that a ruler is just an asshole and that opposition is the only option, he will fall), all of these rely on their implicit ability to define right and wrong.
Are we letting big buisness and other corrupt hyper-capitalist interests define that for us? It's a question left up to history to decide, but I'm not above saying that it scares me sometimes.
Killfile(TGK)
No trees were killed in the creation of this post. However, many electrons were inconvenienced.
I'm sure everyone in NSA shares your educated opinion.
Most likely, NSA fully subscribes to this idea and promotes peer review of top-secret work. They have plenty of scientists with security clearances for that. If NSA doesn't send a paper for review to me or to you it doesn't mean that someone else, better qualified, doesn't look at it.
For this purpose, it doesn't need to be mathematically valid, any more than a cash register needs to be fireproof and have a 28-digit combination lock. All that a cash register needs is to have a door that closes and stays closed. This means that you can't have things move from the cash register into your pocket by accident.
If there was a vulnerability in the standard which meant that you could access the signals without trying to, that would be bad news. As it is, the signals are only accessible by those who want to consciously make equipment designed for the purpose of veiwing them, which has no legitimate alternative use. In other words, the "crack" of this standard only refers to an attack which is against the laws relating to theft (in this case the DMCA).
This is not a "bad" or "stupid" encryption system; it's just an example of a company using the laws which protect them to cut a cost corner. After all, if one could trust people to pay for what they watched, they wouldn't need to encrypt the signal at all.
For a bunch of self-styled "engineers", slashdot has a really hard time understanding the basic concept of "fit for purpose".
-- the most controversial site on the Web
His argument can be expanded to deal with almost all forms of oppresive government. Bolshivism, Nazism, Maoism, to say nothing of the numerous military dictatorships the world over (yes, these count too. If the entire country decides that a ruler is just an asshole and that opposition is the only option, he will fall), all of these rely on their implicit ability to define right and wrong.
Don't forget organized religion...
Stalin and Hitler screwed their accademic communities for politics and it nearly ruined them. It can be argued that both geared their artists to propaganda and their science to warfare but failed. Hitler made good weapons for a while, but was unable to develop high altitude long range bombers and nuclear weapons. Stalin had tanks and planes designed from prison. As good as those designs were, they were not as good as US. While some of the failure of Soviet agriculture was intentional, who can say what effect Stalin's wierd insistence on evolution of individuals had?
Will the US be next? The DMCA is only part of the picture. When you can't say what you think, you can't trust anyone and therfore don't know what to believe ever. If you can't trust your teachers because they are afraid of being fired, what do you really know? Such distrust of your neighbor is central to autocatic control. Beware of people who scoff at things "un-official" and recomend central control.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.