Slashdot Mirror

← Back to Stories (view on slashdot.org)

HDCP Break Proven

Posted by timothy on from the importance-of-honesty-in-a-relationship dept.

zavyman writes: "I just noticed at Cryptome that the flaws in HDCP posted to Slashdot earlier this year, which one person refused to disclose due to possible threats from the DMCA, have been made public by different authors. Scott Crosby of Carnegie Mellon University, Ian Goldberg of Zero Knowledge Systems, and Robert Johnson, Dawn Song, and David Wagner of UC Berkeley have published a formal cryptanalysis of the High-bandwidth Digital Content Protection System that proves its fatal flaws. Interesting reading for those with some background with cryptanalysis."

16 of 220 comments (clear)

  1. Bail money by nbvb · · Score: 5, Funny

    I guess this means we need to start pooling bail money then, huh?

    --nbvb

    1. Re:Bail money by trilucid · · Score: 5, Insightful


      One more note: it's sad how this nation (the U.S.) finds locking up scientists for publishing their research acceptable.

      If seems awfully close to the practices of the old U.S.S.R. People can call me an extremist all they want for having this view, but many of the Iron Curtain policies don't seem so alien anymore. We lock up scientists, have mass media monopolies that manipulate the masses, and recently massively expanded "police powers" in government. Seems pretty nasty to me. For all those who think the recent intrusions upon civil liberties are "only temporary during our nation's hour of crisis", history shows us differently.

      BTW, if you're gonna reply, please be polite. If you're gonna email, use my public key. Thanks.

    2. Re:Bail money by renehollan · · Score: 5, Interesting
      If there's one good thing about the present insanity, it shows how easily such things can come about.

      No longer can we redicule the Russian people for "letting" Communism happen, or citizens of 1930s Gernany for accepting Nazi rule.

      We are as blind and "foolish" as they were.

      Rather humbling, I think.

      --
      You could've hired me.
    3. Re:Bail money by TGK · · Score: 5, Insightful

      The German philosopher and author, Adorno, had some sage words on this topic. He argued that Facism was the outgrowth of a people with so fragile an ego that they lost the ability to belive in their capability of judging for themselves what was right and wrong. Adorno argues that when this happens we allow demagauges (sp?) to make those judgements for us, and the result is the concentration of an enourmous amount of power in the hands of a very very very few.

      His argument can be expanded to deal with almost all forms of oppresive government. Bolshivism, Nazism, Maoism, to say nothing of the numerous military dictatorships the world over (yes, these count too. If the entire country decides that a ruler is just an asshole and that opposition is the only option, he will fall), all of these rely on their implicit ability to define right and wrong.

      Are we letting big buisness and other corrupt hyper-capitalist interests define that for us? It's a question left up to history to decide, but I'm not above saying that it scares me sometimes.

      --
      Killfile(TGK)
      No trees were killed in the creation of this post. However, many electrons were inconvenienced.
  2. Re:In Summary... by Bryan+Andersen · · Score: 5, Funny
    Why do people continue to think they can build a secure system designed to simultaneous distribute data publicly and prevent its distribution?

    They belived a salesman. They don't know how get independent verification. They don't do the needed research. They... OOooo! a shiny object.

  3. Side effect by Jucius+Maximus · · Score: 4, Insightful
    The fact that the original breaker of the code did not want to reveal their specific findings because of the DMCA reveals something interesting that was probably part of the original idea behind the law:

    The DMCA aims not only to protect companies who use crappy encryption from hackers, it aims to hide from the general public the potential dangers of using encryption that could have been deliberately made to be crackable. So the government could release some (easily crackable) encryption standard that gets added to a lot of hardware and software but the people won't know that their privacy could be easily violated because it would be illegal to try to crack the system. This then makes people vulnerable.

    Perhaps I just thought of something that everyone knows already, but I wanted to voice it nonetheless.

  4. Just in case... by Akardam · · Score: 4, Informative

    Just in case the origonal authors' fears are justified, I've mirrored the page here [http://lookingglass.akardam.net/mirrored/hdcp-wea kness/hdcp111901.htm for the link wary].

    Mirror early, mirror often.

  5. Unbelievable... by zunger · · Score: 5, Interesting
    HDCP uses a linear system for generating the shared secret.

    From a part-time mathematician's perspective (ok, actually a physicist) this was the line that just made my jaw drop. What were they thinking?! If this text is correct, this algorithm may as well have been designed by a high-school student.

    As several people have pointed out already, this is really one of the big threats of the DMCA -- that companies will go around using incredibly poor standards like this, and be immune to any pressure to improve their quality because their customers are legally forbidden to ask what they are receiving. It says a great deal about the present legal climate that anyone could get away with a mess like this cryptosystem in a commercial product.

    *sigh*

  6. not so unbelievable by mj6798 · · Score: 4, Insightful

    Perhaps they didn't realize it was a linear system. Many cryptosystems are broken when someone figures out "but your incredibly complex system is really mostly just doing X", for some well-known mathematical construct "X". Real cryptographers have made similar mistakes in the dim past, although in 2001, it is perhaps a little late for repeating this particular one.

  7. From the indications I know of. by Convergence · · Score: 5, Informative

    (This is the author of the slides, BTW)

    Intel wanted a scheme that could be implemented in under 10,000 gates. IMHO, the designers were aware of the flaw, though not necessarily of the full impact of the flaw. Some of the attacks are subtle.

  8. As the person who was first..... by Convergence · · Score: 4, Informative

    There were two versions posted on cryptome, the second (latex2html, much easier to read) omitted this statement the first version had:

    `` The attacks on HDCP are neither complicated nor difficult. They are basic linear algebra. Thus, there have been at least 4 independent discoveries of these flaws. The four I know of are my co-authors, Neils Ferguson, Keith Irwin (http://www.angelfire.com/realm/keithirwin/HDCPAth acks.html), and myself (www.cryptome.org/hdcp-weakness.htm). The last two have been available publically for 3 months and 3 weeks prior to Neils Ferguson's declaration. Neils declaration and the skylarov case were an eye-openeer for me and made fully realize what I had done, and what negative consequences I was in danger of experiencing.

    What wrathful gods one risks angering by a 20 minute straightforward application of 40 year old math. This was an accident, not a habit. Like other researchers, I do not want to be smited and thus do not expect to analyze any more such schemes as long as the DMCA exists in its current form.

    (This statement is my own and does not represent the opinions of my co-authors.)''

    So, for those of you who watch cryptome, I broke it there about 3 days after it was leaked, 6 months ago. Keith Irwin also put his observations up 3 months ago. All of this predates skylarov and ferguson.

    So, this is only the official version of the break, the slides I presented 2 weeks ago.

  9. It was broken over 6 months ago. by Convergence · · Score: 5, Informative

    I broke it over 6 months ago, go look at the cryptome archives, where its been sitting since May 9th.

    I know of at least 4 researchers who have independently discovered the flaws. (See my other slashdot post).

    After Skylarov and Ferguson, I was reluctant to point out that my work had been sitting around on cryptome since May. I suspect Keith Irwin felt similarily.

    Neils wasn't the first to go public or even second, though he did raise a wonderful stink. :)

  10. HDTV by Ogerman · · Score: 5, Informative

    This is pretty basic, but for those who don't know, HDCP is the encryption scheme of choice for HDTV video signals. This is fairly huge news that it has been broken since all TV's and broadcasts in the US will supposedly eventually switch to the HDTV standard. Unless they pull a fast one and switch the standard (which would alienate everyone who has already bought expensive HDTV equipment), this means that DMCA or not, people are going to have guaranteed access to plaintext HDTV signals for as long as the standard is in use. Of course, I'm personally hoping that the DMCA is at least re-written, preferrably scuttled altogether.

  11. Re:He he ... "fabulous work" he said .. by tftp · · Score: 4, Insightful
    "Good crypto can only be developed in the open where it is subject to formal peer review and detailed scrutiny".

    I'm sure everyone in NSA shares your educated opinion.

    Most likely, NSA fully subscribes to this idea and promotes peer review of top-secret work. They have plenty of scientists with security clearances for that. If NSA doesn't send a paper for review to me or to you it doesn't mean that someone else, better qualified, doesn't look at it.

  12. Cash registers, not fireproof safes by streetlawyer · · Score: 4, Insightful
    I don't understand what the big deal is. This standard is not being used to encrypt medical records or nuclear missile codes. It's being used to encrypt digital television signals so that it is possible to charge for them. It's been designed for that purpose and to meet certain standards of simplicity which make it possible to use widely without making devices prohibitively expensive.



    For this purpose, it doesn't need to be mathematically valid, any more than a cash register needs to be fireproof and have a 28-digit combination lock. All that a cash register needs is to have a door that closes and stays closed. This means that you can't have things move from the cash register into your pocket by accident.



    If there was a vulnerability in the standard which meant that you could access the signals without trying to, that would be bad news. As it is, the signals are only accessible by those who want to consciously make equipment designed for the purpose of veiwing them, which has no legitimate alternative use. In other words, the "crack" of this standard only refers to an attack which is against the laws relating to theft (in this case the DMCA).



    This is not a "bad" or "stupid" encryption system; it's just an example of a company using the laws which protect them to cut a cost corner. After all, if one could trust people to pay for what they watched, they wouldn't need to encrypt the signal at all.



    For a bunch of self-styled "engineers", slashdot has a really hard time understanding the basic concept of "fit for purpose".

    --


    -- the most controversial site on the Web
  13. Re:DES can be brute-forced much faster than that by jovlinger · · Score: 4, Interesting

    There was a story a couple days ago about IBM's crypto box being broken. That was broken by tricking the box to use a weak 3DES key which was equivalent to a 1DES key and brute forcing that.

    The bruteforcing took 2 days on a sub $2000 FPGA running their published wiring schema.

    Significantly cheaper than the EFF's machine, but then time does march on.