Slashdot Mirror


AACS Specifications Released

An anonymous reader writes "AACS, the proposed key management scheme for HD DVD, has finally released preliminary (ver 0.9) specifications. The specs look like CSS on steroids: they use AES instead of proprietary crypto, but other than that they're basically the same. The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player."

5 of 486 comments (clear)

  1. Re:Manufacturers by Tx · · Score: 4, Interesting

    From the spec:

    If a set of Device Keys is compromised in a way that threatens the integrity of the system, an updated MKB can be released that causes a device with the compromised set of Device Keys to be unable to calculate the correct Km. In this way, the compromised Device Keys are "revoked" by the new MKB.

    If I read this right (which is not guaranteed this early in the morning), only hacked devices would be revoked. So it wouldn't be insane for manufacturers to use this scheme, and in fact would make them discourage hacks rather than making them easy as they do with many DVD players. Bad for fair use, but no problem for manufacturers.

    --
    Oh no... it's the future.
  2. What will the packaging say? by The+New+Andy · · Score: 5, Interesting
    Suppose player X has been revoked. Now, I'm assuming that any disks released after this won't work on it right? So, does the packaging for the disk say: "Plays on any player except blah"?

    Now, how does this scale, suppose players AAA through ZZZ have been revoked. Do we need larger DVD cases just so we can fit a list of all the players that won't work on it?

  3. This isn't new news... by harmless_mammal · · Score: 5, Interesting

    Here's analysis of AACS that was blogged last December. One interesting point mentioned is that there is no requirement to wait for keys to get compromized before revocation begins. They can revoke keys whenever they want, publicly claim it was due to hackers, and stimulate new equipment sales any time they want.

  4. It doesn't suck - it's perfect! by cheros · · Score: 4, Interesting

    Just think about it: to which extend can you abuse consumers? To the point where they discover they don't like the product.

    At that point the bottom will fall out of the market.

    Proof: see what DVD players sell best: those with zone restrictions or those without. The irony is that that does not happen because of piracy (pirated DVD appear to be generally set to zone 0 so zone selection is irrelevant) but because of legitimate purchases made elsewhere in the world.

    So, in summary, let them progress down this route. Eventually the market will die as alternatives pick up the revenue.

    As an example: how many of you buy protected contents or media in non-Open formats?

    I have looked at pirated DVDs and they are indeed not worth the money - if you're in a country with sane media prices. If they really, really, really wanted to address piracy all they need to do is become more sensible with the prices, that has already proved to work (hello MS, are you listening?). The increase in revenue more than offsets the expenditure they have to put in on lobbying, researching formats that don't work or get broken in a rainy weekend by a couple of bored teenagers.

    Hell, it'll probably even keep them in cocaine and limos.

    --
    Insert .sig here. Send no money now. Owner may sue, contents will settle. Batteries not included.
  5. Extortion Opprotunity by TobascoKid · · Score: 4, Interesting

    With that in mind, it's clear that you can read what you quoted in the above sense, and indeed it's the plausible way to read it: it's not "causes a compromised device to be unable...", it's "causes a device with the compromised set of Device Keys to be unable...". Any device using this set of keys--whether it's superDeCSS or any particular machine of the sort that was compromised, or any other machine that shares the same set of keys--will no longer be able to view content--presumably only new content created after the revocation.

    To me, this seems to be a golden opprotunity for organized crime, assuming they hire hackers good enough to reverse engineer a particular DVD player.

    For example, say Sony make a really popular player, so organized crime get the AACS code hacked and then turn around and extort Sony - give us a lot of money or we'll release the key. If they release the key and this device blocking kicks in, Sony are going to have a lot of angry custumers demanding their money back.

    --
    At some point, somewhere, the entire internet will be found to be illegal.