Slashdot Mirror

← Back to Stories (view on slashdot.org)

HDCP Break Proven

Posted by timothy on from the importance-of-honesty-in-a-relationship dept.

zavyman writes: "I just noticed at Cryptome that the flaws in HDCP posted to Slashdot earlier this year, which one person refused to disclose due to possible threats from the DMCA, have been made public by different authors. Scott Crosby of Carnegie Mellon University, Ian Goldberg of Zero Knowledge Systems, and Robert Johnson, Dawn Song, and David Wagner of UC Berkeley have published a formal cryptanalysis of the High-bandwidth Digital Content Protection System that proves its fatal flaws. Interesting reading for those with some background with cryptanalysis."

6 of 220 comments (clear)

  1. Unbelievable... by zunger · · Score: 5, Interesting
    HDCP uses a linear system for generating the shared secret.

    From a part-time mathematician's perspective (ok, actually a physicist) this was the line that just made my jaw drop. What were they thinking?! If this text is correct, this algorithm may as well have been designed by a high-school student.

    As several people have pointed out already, this is really one of the big threats of the DMCA -- that companies will go around using incredibly poor standards like this, and be immune to any pressure to improve their quality because their customers are legally forbidden to ask what they are receiving. It says a great deal about the present legal climate that anyone could get away with a mess like this cryptosystem in a commercial product.

    *sigh*

  2. Re:Bail money by renehollan · · Score: 5, Interesting
    If there's one good thing about the present insanity, it shows how easily such things can come about.

    No longer can we redicule the Russian people for "letting" Communism happen, or citizens of 1930s Gernany for accepting Nazi rule.

    We are as blind and "foolish" as they were.

    Rather humbling, I think.

    --
    You could've hired me.
  3. Re:DES can be brute-forced much faster than that by jovlinger · · Score: 4, Interesting

    There was a story a couple days ago about IBM's crypto box being broken. That was broken by tricking the box to use a weak 3DES key which was equivalent to a 1DES key and brute forcing that.

    The bruteforcing took 2 days on a sub $2000 FPGA running their published wiring schema.

    Significantly cheaper than the EFF's machine, but then time does march on.

  4. Re:Bail money by JWhitlock · · Score: 3, Interesting
    One more note: it's sad how this nation (the U.S.) finds locking up scientists for publishing their research acceptable.

    Who has been locked up for this? Oh wait, no one has. Yeah, someone else was locked up because their company was selling a product based on breaking a US law, but no one has been arrested for this.

    You can say "CORPORATE POLICE STATE!" all you want, but the fact is, this particular law is awful, one guy has been sent to jail, and there's been at least one court case so far which has affirmed that corporate interests do not outweigh free speech. Like every other horrible anti-speech law that has been passed in the last few years, it will die a slow death. People will be prosecuted under it, sure, but that's the only way to start the chain of events that leads to the Supreme Court striking the ugly thing down.

    This isn't goverment thugs defending their interests. This is government employees doing their jobs, and scientists taking a moral stance, and the American legal system taking it's slow, painful path to justice, same as it ever was.

    Yeah, democracy is the worst form of government, except for all those other forms which have been tried from time to time. Support the EFF, dammit!

  5. Re:Bail money by trilucid · · Score: 3, Interesting


    It isn't so much the actual current lockups (1 to be precise) that matter the most. It's the fact that countless researchers are probably wondering if they should ever publish their research again given the specter of arrest and lengthy imprisonment. I find it hard to believe you consider Dmitry to be nothing more than a "salesman pitching his product". In truth, his presentation in the States was more to do with findings of fact concerning his research into the system than anything else. The documents are all online, please check your sources.

    No, I'm not screaming "Corporate polic state!". I'm actually screaming "Screwed up crap in the legal code!" which is quite different. The fact that you find it acceptable for innocent people to get their lives ruined in the "short term" (explain that to their families) over this is somewhat galling.

    As for government employees doing their jobs, do we really have to go into the nasty details of other government employees "just doing their jobs"? Harsh example here, but I'm fairly sure a number terrorists groups (meaning their individuals actually doing the dirty work) are confident that they are (1) just doing their jobs, and (2) morally correct for doing so. It doesn't make it RIGHT.

    As for supporting the EFF, according my bank statement I do that on a routine basis. Have you contributed recently?

    Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
    Yes, this is my protest to the sig char limit :).

  6. Re:Cash registers, not fireproof safes by streetlawyer · · Score: 3, Interesting

    Fair use, my ass. Any legitimate fair use of these signals could be satisfied by a simple VCR. The idea that there is some "first sale" doctrine for television signals is ludicrous, as is the idea that the fair use doctrine requires every copyright holder to do as much as possible to help you carry out whatever work you wish to produce using their content. Creators of material have more rights and consumers fewer than you think.

    --


    -- the most controversial site on the Web