Slashdot Mirror

← Back to Stories (view on slashdot.org)

HDCP Break Proven

Posted by timothy on from the importance-of-honesty-in-a-relationship dept.

zavyman writes: "I just noticed at Cryptome that the flaws in HDCP posted to Slashdot earlier this year, which one person refused to disclose due to possible threats from the DMCA, have been made public by different authors. Scott Crosby of Carnegie Mellon University, Ian Goldberg of Zero Knowledge Systems, and Robert Johnson, Dawn Song, and David Wagner of UC Berkeley have published a formal cryptanalysis of the High-bandwidth Digital Content Protection System that proves its fatal flaws. Interesting reading for those with some background with cryptanalysis."

25 of 220 comments (clear)

  1. Bail money by nbvb · · Score: 5, Funny

    I guess this means we need to start pooling bail money then, huh?

    --nbvb

    1. Re:Bail money by trilucid · · Score: 5, Insightful


      One more note: it's sad how this nation (the U.S.) finds locking up scientists for publishing their research acceptable.

      If seems awfully close to the practices of the old U.S.S.R. People can call me an extremist all they want for having this view, but many of the Iron Curtain policies don't seem so alien anymore. We lock up scientists, have mass media monopolies that manipulate the masses, and recently massively expanded "police powers" in government. Seems pretty nasty to me. For all those who think the recent intrusions upon civil liberties are "only temporary during our nation's hour of crisis", history shows us differently.

      BTW, if you're gonna reply, please be polite. If you're gonna email, use my public key. Thanks.

    2. Re:Bail money by renehollan · · Score: 5, Interesting
      If there's one good thing about the present insanity, it shows how easily such things can come about.

      No longer can we redicule the Russian people for "letting" Communism happen, or citizens of 1930s Gernany for accepting Nazi rule.

      We are as blind and "foolish" as they were.

      Rather humbling, I think.

      --
      You could've hired me.
    3. Re:Bail money by trilucid · · Score: 3


      Let me see if I understand you correctly... you are in favor of allowig the government to eavesdrop on your private communications *without* a warrant or true just cause? In case you weren't aware, given the recent expansion of police powers in the U.S., "just cause" now has a very loose definition.

      Slashdot is like any other information source... you can take or leave whatever you like. The mass media conglomerates in America are QUITE different; community feedback and participation are only performed under the guise of cheap "we care about our viewers/listeners" stunts. Everything is pre-digested so Joe Sixpack can suck it into his brain with minimal effort. To illustrate: Slashdot is full of posts deriling the editors for being wrong, overly biased, etc. When was the last time you saw a CNN anchor reading viewer letters about how much he/she sucks on the air? Slashdot isn't designed to limit expression in the same way (well, unless you consider the moderation system evil, as some do).

      Don't worry, your desired examples of citizens being locked up for releasing research will be forthcoming shortly, if my guess is correct. Sadly, we've already jailed Dmitry, who IMO definitely counts as "a scientist presenting his research". From what I can gather, lots of foreign groups and even entire nations aren't very happy with us for that. Of course, since we're the U.S., we can just barge onto the world scene and do whatever we like, right? Sure thing, no problem. That won't last forever, rest assured.

      Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
      Yes, this is my protest to the sig char limit :).

    4. Re:Bail money by trilucid · · Score: 3, Insightful


      And once again, SUCH intellectual elitism sickens me..."Joe Sixpack". I'm glad you're so much better than everyone else "Slashdot Geek Nerd Dork". I don't like giving labels like that to people, simply because I feel that somehow I'm better than they are.

      Wow, guess what? I consider myself a "Joe Sixpack" who happens to know how to code Perl. Funny, eh? Before you snap out with clever knee-jerk reactions, you might want to consider alternate meanings.

      The term "Joe Sixpack" is generally used to denote the average consumer or products/services/information. Now, I *do* know that I am, to a degree, a bit better informed compared to the average citizen about a range of issues. Does this make me a "better person"? Fundamentally, no. It does, in many respects, make me a smarter consumer. Knowledge is available to anyone who wants to learn. A lot of people make a conscious choice to stay in the dark, and that I can't help.

      Dmitri IMO was DEFINITELY not a "scientist" he made a commercial program specifically designed to circumvent copyprotection laws. In other words, he was making money off of selling pirated goods, indirectly.

      Geez, you're off the deep end with that one. How do you define "scientist"? I think it's pretty clear that the term "computer scientist" could VERY WELL be applied to Dmitry, given the fact that his focus was largely on core research and not just coding. You're a bit misinformed concerning the issue of "piracy promotion" as well; please tell me how people with sight disabilities are supposed to access an Adobe E-book? Is that silence I hear?

      The whole point of the "copy protection circumvenstion" was to allow for FAIR USE OF DIGITAL MATERIAL. Thank you.

      Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
      Yes, this is my protest to the sig char limit :).

    5. Re:Bail money by TGK · · Score: 5, Insightful

      The German philosopher and author, Adorno, had some sage words on this topic. He argued that Facism was the outgrowth of a people with so fragile an ego that they lost the ability to belive in their capability of judging for themselves what was right and wrong. Adorno argues that when this happens we allow demagauges (sp?) to make those judgements for us, and the result is the concentration of an enourmous amount of power in the hands of a very very very few.

      His argument can be expanded to deal with almost all forms of oppresive government. Bolshivism, Nazism, Maoism, to say nothing of the numerous military dictatorships the world over (yes, these count too. If the entire country decides that a ruler is just an asshole and that opposition is the only option, he will fall), all of these rely on their implicit ability to define right and wrong.

      Are we letting big buisness and other corrupt hyper-capitalist interests define that for us? It's a question left up to history to decide, but I'm not above saying that it scares me sometimes.

      --
      Killfile(TGK)
      No trees were killed in the creation of this post. However, many electrons were inconvenienced.
    6. Re:Bail money by Hobbex · · Score: 3, Insightful

      His argument can be expanded to deal with almost all forms of oppresive government. Bolshivism, Nazism, Maoism, to say nothing of the numerous military dictatorships the world over (yes, these count too. If the entire country decides that a ruler is just an asshole and that opposition is the only option, he will fall), all of these rely on their implicit ability to define right and wrong.

      Don't forget organized religion...

    7. Re:Bail money by JWhitlock · · Score: 3, Interesting
      One more note: it's sad how this nation (the U.S.) finds locking up scientists for publishing their research acceptable.

      Who has been locked up for this? Oh wait, no one has. Yeah, someone else was locked up because their company was selling a product based on breaking a US law, but no one has been arrested for this.

      You can say "CORPORATE POLICE STATE!" all you want, but the fact is, this particular law is awful, one guy has been sent to jail, and there's been at least one court case so far which has affirmed that corporate interests do not outweigh free speech. Like every other horrible anti-speech law that has been passed in the last few years, it will die a slow death. People will be prosecuted under it, sure, but that's the only way to start the chain of events that leads to the Supreme Court striking the ugly thing down.

      This isn't goverment thugs defending their interests. This is government employees doing their jobs, and scientists taking a moral stance, and the American legal system taking it's slow, painful path to justice, same as it ever was.

      Yeah, democracy is the worst form of government, except for all those other forms which have been tried from time to time. Support the EFF, dammit!

    8. Re:Bail money by trilucid · · Score: 3, Interesting


      It isn't so much the actual current lockups (1 to be precise) that matter the most. It's the fact that countless researchers are probably wondering if they should ever publish their research again given the specter of arrest and lengthy imprisonment. I find it hard to believe you consider Dmitry to be nothing more than a "salesman pitching his product". In truth, his presentation in the States was more to do with findings of fact concerning his research into the system than anything else. The documents are all online, please check your sources.

      No, I'm not screaming "Corporate polic state!". I'm actually screaming "Screwed up crap in the legal code!" which is quite different. The fact that you find it acceptable for innocent people to get their lives ruined in the "short term" (explain that to their families) over this is somewhat galling.

      As for government employees doing their jobs, do we really have to go into the nasty details of other government employees "just doing their jobs"? Harsh example here, but I'm fairly sure a number terrorists groups (meaning their individuals actually doing the dirty work) are confident that they are (1) just doing their jobs, and (2) morally correct for doing so. It doesn't make it RIGHT.

      As for supporting the EFF, according my bank statement I do that on a routine basis. Have you contributed recently?

      Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
      Yes, this is my protest to the sig char limit :).

  2. Re:In Summary... by Bryan+Andersen · · Score: 5, Funny
    Why do people continue to think they can build a secure system designed to simultaneous distribute data publicly and prevent its distribution?

    They belived a salesman. They don't know how get independent verification. They don't do the needed research. They... OOooo! a shiny object.

  3. Side effect by Jucius+Maximus · · Score: 4, Insightful
    The fact that the original breaker of the code did not want to reveal their specific findings because of the DMCA reveals something interesting that was probably part of the original idea behind the law:

    The DMCA aims not only to protect companies who use crappy encryption from hackers, it aims to hide from the general public the potential dangers of using encryption that could have been deliberately made to be crackable. So the government could release some (easily crackable) encryption standard that gets added to a lot of hardware and software but the people won't know that their privacy could be easily violated because it would be illegal to try to crack the system. This then makes people vulnerable.

    Perhaps I just thought of something that everyone knows already, but I wanted to voice it nonetheless.

  4. Just in case... by Akardam · · Score: 4, Informative

    Just in case the origonal authors' fears are justified, I've mirrored the page here [http://lookingglass.akardam.net/mirrored/hdcp-wea kness/hdcp111901.htm for the link wary].

    Mirror early, mirror often.

  5. Unbelievable... by zunger · · Score: 5, Interesting
    HDCP uses a linear system for generating the shared secret.

    From a part-time mathematician's perspective (ok, actually a physicist) this was the line that just made my jaw drop. What were they thinking?! If this text is correct, this algorithm may as well have been designed by a high-school student.

    As several people have pointed out already, this is really one of the big threats of the DMCA -- that companies will go around using incredibly poor standards like this, and be immune to any pressure to improve their quality because their customers are legally forbidden to ask what they are receiving. It says a great deal about the present legal climate that anyone could get away with a mess like this cryptosystem in a commercial product.

    *sigh*

  6. not so unbelievable by mj6798 · · Score: 4, Insightful

    Perhaps they didn't realize it was a linear system. Many cryptosystems are broken when someone figures out "but your incredibly complex system is really mostly just doing X", for some well-known mathematical construct "X". Real cryptographers have made similar mistakes in the dim past, although in 2001, it is perhaps a little late for repeating this particular one.

  7. From the indications I know of. by Convergence · · Score: 5, Informative

    (This is the author of the slides, BTW)

    Intel wanted a scheme that could be implemented in under 10,000 gates. IMHO, the designers were aware of the flaw, though not necessarily of the full impact of the flaw. Some of the attacks are subtle.

  8. Re:In Summary... by tzanger · · Score: 3, Insightful

    Why do people continue to think they can build a secure system designed to simultaneous distribute data publicly and prevent its distribution?

    Maybe I'm missing something, but doesn't the DSS television broadcasting system do this already? I mean yes it's crackable now but I believe that by sacrificing some of the bandwidth for content and using it for security instead, it could be made a lot harder to crack than it is now.

    Cloning is going to be next to impossible to fix, yes, but I wonder if you couldn't get around the "wait 6 months for your receiver's "stop" command to stop being sent" by throwing a lot of processing power at it and basically encrypting the stream to every (yes the entire subscribed population) system's public key. Perhaps cloning could be avoided by making the cards smarter and using techniques of self-destruction if the cards detect that they're being tampered.

    I know I'm no cryptographer and it's late for me here, but the idea of having a secure system simultaneously distribute data publicly yet prevent distribution to unwanted systems doesn't seem impossible, just impractical at this point.

  9. As the person who was first..... by Convergence · · Score: 4, Informative

    There were two versions posted on cryptome, the second (latex2html, much easier to read) omitted this statement the first version had:

    `` The attacks on HDCP are neither complicated nor difficult. They are basic linear algebra. Thus, there have been at least 4 independent discoveries of these flaws. The four I know of are my co-authors, Neils Ferguson, Keith Irwin (http://www.angelfire.com/realm/keithirwin/HDCPAth acks.html), and myself (www.cryptome.org/hdcp-weakness.htm). The last two have been available publically for 3 months and 3 weeks prior to Neils Ferguson's declaration. Neils declaration and the skylarov case were an eye-openeer for me and made fully realize what I had done, and what negative consequences I was in danger of experiencing.

    What wrathful gods one risks angering by a 20 minute straightforward application of 40 year old math. This was an accident, not a habit. Like other researchers, I do not want to be smited and thus do not expect to analyze any more such schemes as long as the DMCA exists in its current form.

    (This statement is my own and does not represent the opinions of my co-authors.)''

    So, for those of you who watch cryptome, I broke it there about 3 days after it was leaked, 6 months ago. Keith Irwin also put his observations up 3 months ago. All of this predates skylarov and ferguson.

    So, this is only the official version of the break, the slides I presented 2 weeks ago.

  10. It was broken over 6 months ago. by Convergence · · Score: 5, Informative

    I broke it over 6 months ago, go look at the cryptome archives, where its been sitting since May 9th.

    I know of at least 4 researchers who have independently discovered the flaws. (See my other slashdot post).

    After Skylarov and Ferguson, I was reluctant to point out that my work had been sitting around on cryptome since May. I suspect Keith Irwin felt similarily.

    Neils wasn't the first to go public or even second, though he did raise a wonderful stink. :)

  11. Re:mirrored by jbridge21 · · Score: 3, Informative

    ok sorry changed the URL due to misinformation

    here's the proper URL

  12. HDTV by Ogerman · · Score: 5, Informative

    This is pretty basic, but for those who don't know, HDCP is the encryption scheme of choice for HDTV video signals. This is fairly huge news that it has been broken since all TV's and broadcasts in the US will supposedly eventually switch to the HDTV standard. Unless they pull a fast one and switch the standard (which would alienate everyone who has already bought expensive HDTV equipment), this means that DMCA or not, people are going to have guaranteed access to plaintext HDTV signals for as long as the standard is in use. Of course, I'm personally hoping that the DMCA is at least re-written, preferrably scuttled altogether.

  13. Re:He he ... "fabulous work" he said .. by tftp · · Score: 4, Insightful
    "Good crypto can only be developed in the open where it is subject to formal peer review and detailed scrutiny".

    I'm sure everyone in NSA shares your educated opinion.

    Most likely, NSA fully subscribes to this idea and promotes peer review of top-secret work. They have plenty of scientists with security clearances for that. If NSA doesn't send a paper for review to me or to you it doesn't mean that someone else, better qualified, doesn't look at it.

  14. Cash registers, not fireproof safes by streetlawyer · · Score: 4, Insightful
    I don't understand what the big deal is. This standard is not being used to encrypt medical records or nuclear missile codes. It's being used to encrypt digital television signals so that it is possible to charge for them. It's been designed for that purpose and to meet certain standards of simplicity which make it possible to use widely without making devices prohibitively expensive.



    For this purpose, it doesn't need to be mathematically valid, any more than a cash register needs to be fireproof and have a 28-digit combination lock. All that a cash register needs is to have a door that closes and stays closed. This means that you can't have things move from the cash register into your pocket by accident.



    If there was a vulnerability in the standard which meant that you could access the signals without trying to, that would be bad news. As it is, the signals are only accessible by those who want to consciously make equipment designed for the purpose of veiwing them, which has no legitimate alternative use. In other words, the "crack" of this standard only refers to an attack which is against the laws relating to theft (in this case the DMCA).



    This is not a "bad" or "stupid" encryption system; it's just an example of a company using the laws which protect them to cut a cost corner. After all, if one could trust people to pay for what they watched, they wouldn't need to encrypt the signal at all.



    For a bunch of self-styled "engineers", slashdot has a really hard time understanding the basic concept of "fit for purpose".

    --


    -- the most controversial site on the Web
    1. Re:Cash registers, not fireproof safes by streetlawyer · · Score: 3, Interesting

      Fair use, my ass. Any legitimate fair use of these signals could be satisfied by a simple VCR. The idea that there is some "first sale" doctrine for television signals is ludicrous, as is the idea that the fair use doctrine requires every copyright holder to do as much as possible to help you carry out whatever work you wish to produce using their content. Creators of material have more rights and consumers fewer than you think.

      --


      -- the most controversial site on the Web
  15. Re:DES can be brute-forced much faster than that by jovlinger · · Score: 4, Interesting

    There was a story a couple days ago about IBM's crypto box being broken. That was broken by tricking the box to use a weak 3DES key which was equivalent to a 1DES key and brute forcing that.

    The bruteforcing took 2 days on a sub $2000 FPGA running their published wiring schema.

    Significantly cheaper than the EFF's machine, but then time does march on.

  16. The patch is simple by Global-Lightning · · Score: 3, Funny

    Reading the document, the crack hinges on collecting a sufficient number of public keys. The solution is obvious:

    Ban the sharing of public keys!
    Oh, wait...