Slashdot Mirror

← Back to Stories (view on slashdot.org)

HDCP Break Proven

Posted by timothy on from the importance-of-honesty-in-a-relationship dept.

zavyman writes: "I just noticed at Cryptome that the flaws in HDCP posted to Slashdot earlier this year, which one person refused to disclose due to possible threats from the DMCA, have been made public by different authors. Scott Crosby of Carnegie Mellon University, Ian Goldberg of Zero Knowledge Systems, and Robert Johnson, Dawn Song, and David Wagner of UC Berkeley have published a formal cryptanalysis of the High-bandwidth Digital Content Protection System that proves its fatal flaws. Interesting reading for those with some background with cryptanalysis."

9 of 220 comments (clear)

  1. Bail money by nbvb · · Score: 5, Funny

    I guess this means we need to start pooling bail money then, huh?

    --nbvb

    1. Re:Bail money by trilucid · · Score: 5, Insightful


      One more note: it's sad how this nation (the U.S.) finds locking up scientists for publishing their research acceptable.

      If seems awfully close to the practices of the old U.S.S.R. People can call me an extremist all they want for having this view, but many of the Iron Curtain policies don't seem so alien anymore. We lock up scientists, have mass media monopolies that manipulate the masses, and recently massively expanded "police powers" in government. Seems pretty nasty to me. For all those who think the recent intrusions upon civil liberties are "only temporary during our nation's hour of crisis", history shows us differently.

      BTW, if you're gonna reply, please be polite. If you're gonna email, use my public key. Thanks.

    2. Re:Bail money by renehollan · · Score: 5, Interesting
      If there's one good thing about the present insanity, it shows how easily such things can come about.

      No longer can we redicule the Russian people for "letting" Communism happen, or citizens of 1930s Gernany for accepting Nazi rule.

      We are as blind and "foolish" as they were.

      Rather humbling, I think.

      --
      You could've hired me.
    3. Re:Bail money by TGK · · Score: 5, Insightful

      The German philosopher and author, Adorno, had some sage words on this topic. He argued that Facism was the outgrowth of a people with so fragile an ego that they lost the ability to belive in their capability of judging for themselves what was right and wrong. Adorno argues that when this happens we allow demagauges (sp?) to make those judgements for us, and the result is the concentration of an enourmous amount of power in the hands of a very very very few.

      His argument can be expanded to deal with almost all forms of oppresive government. Bolshivism, Nazism, Maoism, to say nothing of the numerous military dictatorships the world over (yes, these count too. If the entire country decides that a ruler is just an asshole and that opposition is the only option, he will fall), all of these rely on their implicit ability to define right and wrong.

      Are we letting big buisness and other corrupt hyper-capitalist interests define that for us? It's a question left up to history to decide, but I'm not above saying that it scares me sometimes.

      --
      Killfile(TGK)
      No trees were killed in the creation of this post. However, many electrons were inconvenienced.
  2. Re:In Summary... by Bryan+Andersen · · Score: 5, Funny
    Why do people continue to think they can build a secure system designed to simultaneous distribute data publicly and prevent its distribution?

    They belived a salesman. They don't know how get independent verification. They don't do the needed research. They... OOooo! a shiny object.

  3. Unbelievable... by zunger · · Score: 5, Interesting
    HDCP uses a linear system for generating the shared secret.

    From a part-time mathematician's perspective (ok, actually a physicist) this was the line that just made my jaw drop. What were they thinking?! If this text is correct, this algorithm may as well have been designed by a high-school student.

    As several people have pointed out already, this is really one of the big threats of the DMCA -- that companies will go around using incredibly poor standards like this, and be immune to any pressure to improve their quality because their customers are legally forbidden to ask what they are receiving. It says a great deal about the present legal climate that anyone could get away with a mess like this cryptosystem in a commercial product.

    *sigh*

  4. From the indications I know of. by Convergence · · Score: 5, Informative

    (This is the author of the slides, BTW)

    Intel wanted a scheme that could be implemented in under 10,000 gates. IMHO, the designers were aware of the flaw, though not necessarily of the full impact of the flaw. Some of the attacks are subtle.

  5. It was broken over 6 months ago. by Convergence · · Score: 5, Informative

    I broke it over 6 months ago, go look at the cryptome archives, where its been sitting since May 9th.

    I know of at least 4 researchers who have independently discovered the flaws. (See my other slashdot post).

    After Skylarov and Ferguson, I was reluctant to point out that my work had been sitting around on cryptome since May. I suspect Keith Irwin felt similarily.

    Neils wasn't the first to go public or even second, though he did raise a wonderful stink. :)

  6. HDTV by Ogerman · · Score: 5, Informative

    This is pretty basic, but for those who don't know, HDCP is the encryption scheme of choice for HDTV video signals. This is fairly huge news that it has been broken since all TV's and broadcasts in the US will supposedly eventually switch to the HDTV standard. Unless they pull a fast one and switch the standard (which would alienate everyone who has already bought expensive HDTV equipment), this means that DMCA or not, people are going to have guaranteed access to plaintext HDTV signals for as long as the standard is in use. Of course, I'm personally hoping that the DMCA is at least re-written, preferrably scuttled altogether.