HDCP Break Proven

zavyman writes: "I just noticed at Cryptome that the flaws in HDCP posted to Slashdot earlier this year, which one person refused to disclose due to possible threats from the DMCA, have been made public by different authors. Scott Crosby of Carnegie Mellon University, Ian Goldberg of Zero Knowledge Systems, and Robert Johnson, Dawn Song, and David Wagner of UC Berkeley have published a formal cryptanalysis of the High-bandwidth Digital Content Protection System that proves its fatal flaws. Interesting reading for those with some background with cryptanalysis."

Re:HDCP

[psamuels]

Oh, good thing it's the video encryption stuff. When I read the headline I thought it would be insecure to get an IP address with DHCP, and that had me worried.

Ummmm, unless this is a joke (sometimes I'm dense about that), I should point out that DHCP has no security provisions at all. Both client and server have nothing to identify each other with other than name and MAC address, both easily forged.

From the DHCP server's perspective, you can't keep the clients from claiming any IP they want, so there's not much sense in trying. (Use smart switches or IPSec layers or the once-considered-secure 802.11b for partial protection there.)

From the client's perspective, you either trust what the server tells you (and yes this can have security implications - if someone can give you a fake DNS server you are open for man-in-the-middle attacks) or you hard-wire everything in.