Slashdot Mirror

← Back to Stories (view on slashdot.org)

Building the AACS Next-Gen Copy Protection Scheme

Posted by michael on from the ties-that-bind dept.

Anonymous Slashdotter writes "The IEEE Spectrum has a piece that discusses the proposed encryption scheme for the upcoming HD-DVD standard. 'The key to the spirit of compromise is an agreement that the AACS specification will allow consumers to move the data on an optical disc to the various devices they own, including video servers and portable video players, either directly or via a home network.' AACS will use a so-called strong key, the 128-bit Advanced Encryption Standard approved by the U.S. National Institute of Standards and Technology."

10 of 491 comments (clear)

  1. Re:Heh... by TheGavster · · Score: 2, Informative

    If he designs the ciphers, people cracking them is job security :) I don't think the guy with that job will ever design a good solution, even if it were possible.

    Not that its really feasible to make an unbreakable encoding for movies. Allowing the user to have the player in their house is like giving the British an enigma machine encased in concrete during WW2; they can't immediately break your codes, but its not like they're going to refrain from cracking it out and using it.

    --
    "Because Science" is one step from "Because old book". Try "Because of my experiment testing my falsifiable assertion".
  2. Re:Especially considering by rokzy · · Score: 2, Informative

    > that re-digitized HDTV stream will have better quality than direct rip from a DVD.

    how?

    on this website we obey the laws of thermodynamics!

  3. Re:Copy protection my butt by Chirs · · Score: 2, Informative

    It's actually pretty easy to remove macrovision. You can buy black boxes to do it pretty easily.

  4. Re:Copy protection my butt by b1t+r0t · · Score: 2, Informative

    Another problem is that by the time it's in Blockbuster, it's way too late. Between cammers and insiders, a given movie gets warezed within days of the theatrical release.

    --

    --
    "Open source is good." - Steve Jobs
    "Open source is evil." - Microsoft
  5. Re:So compromised keys make for faulty hardware? by Sebastopol · · Score: 4, Informative

    Instead of paying one star 20 million for a picture why not pay 200 actors 100,000 for several movies? Duh cuz that would make sense...[well not for the self-centered power-tripping millionaire fake people].

    Bingo! I like your style. In a perfect world, the market decides the $$$ worth of a job, and I think we all can agree than John Travolta, Collin Farell, Hillary Duff, Sandra Bullock, Jeniffer Aniston and all those other frauds deserve a big fat realty bitch-slap.

    Philip Dick lived in poverty and ate fvcking dogfood when writing so that idiots like Tom Cruise and Ah-nuld could make millions off of PKD's plots.

    --
    https://www.accountkiller.com/removal-requested
  6. Re:So compromised keys make for faulty hardware? by ecki · · Score: 2, Informative

    Take a look at CPRM, AACS is quite similar.

  7. Re:Bah by timeOday · · Score: 2, Informative
    For a good while this was the case with DVDs. I didn't buy one. Unfortunately it didn't seem to bother "them" one bit.

    The only reason we can watch DVDs on Linux (and other OSS) today is due to some clever hacking that I'm sure was/would now be illegal under the DMCA. I thought it was purely a matter of recovering keys from a faulty player, but Andreas Bogk explains it was more complicated than that.

    Unlike most people here, I think it's entirely possible the HD DVD standard will remain unbroken for a long time, though I hope I'm wrong. The fact that IEEE is having open discussions on how to do it right is unsettling. I'd rather the industry just assigned the job of designing HD DVD security to a couple lackeys and told them to have it done by next monday, that way it would certainly be flawed.

  8. Re:So compromised keys make for faulty hardware? by tchuladdiass · · Score: 2, Informative

    In theory, this is simple. You have an encryption algorithm set up as follows:
    The data is encrypted using key "A", but can be decrypted with key "B" (similar to RSA). However, in this case "B" is computed via a function that has inputs "A" and "C", where "C" can be an one of a very large keyspace. And, "A" can't be determined by "B". This allows you to have a unique "B" decryption key for every player.
    In other words, you have:
    * encrypt(A)
    * decrypt(B)
    * B = hash_of (A, C), for any valid value of C
    * C = one out of a large keyspace (allows unique B for each unit)
    * A cant be determined by B

    Since key A isn't on the individual units, it is as secure as the manufacture's internal security policy (so it isn't likely to be compromised). And the decryption key B is unique for each player.

    Now, I don't know of any methods that can produce the above results, or if this is what AACS uses, but I don't see it being impossible either (just like asymetric encryption wasn't do-able until RSA came along).

  9. Re:So compromised keys make for faulty hardware? by eluusive · · Score: 2, Informative

    Simple:

    Disk is encrypted using private key A. Disk can be decoded using public key B.

    Public key B is then encrypted using 100 million other keys and each version is saved in a different place on the disk. These encrypted versions of B are small and take up very little space.

    When a player goes to play a disk, it looks for the key file for it's model, decodes it with the key it has in ROM and then uses the subsequent key to decode the movie.

    This is absurd, as I and I anyone else will not buy new DVD players every time some hacker steals the key from the model we bought.

  10. Re:So compromised keys make for faulty hardware? by silicon-pyro · · Score: 2, Informative

    The individual key thing is too easy to break. Lets try and go through it.

    One needs only break one of those keys and distribute it. Then all movies will be able to be read freely until that key is removed from the standard keyspace. This key may not be able to be gained from the disk itself, but manufacturing insiders would have access, and it may be able to be reverse engineered from the player ROM itself.

    Considering how quickly a new rip propagates down the network, just think how quickly 128 bits of data could do it. For instance it could easily be stegged into an image or sound file, and distibuted right under the noses of onlookers. There would be some lag time between the key being available and the studios finding out about it.

    Now wait until a guy gets his hands on ten of the "crackable" players. He gets ten unique keys, and now the problem is tenfold. Release a new key as soon as you see that the old one is no longer in use, and you're back in business.

    The studios don't know which key has been cracked, they only know that one has. Unless they mark the content separately with the key in question, or a hash thereof, and try and get it back after the movie has been recommpressed. They couldn't disable a whole lot/brand/model of players for fear of a peasant uprising.

    Compound this by the fact that it would be a recurring process, happening through multiple channels, and the pirates would have no trouble keeping ahead of the studios. The crackers stay a day ahead of the studios, and there is no control. The problem is that they would be weeks ahead at least.

    I don't mean to promote these things. I have downloaded a movie or two before for a laugh, but it's not worth it in time and quality, and on top of it all it's illegal and immoral (to me anyway). Buy the DVD if the movie has the sticker value to you, leave it on the store shelf if it doesn't. I don't forsee myself having any problems in this key-per-unit scenario; My key will always work. I only don't understand why people waste their money on something so fruitless as DRM.