The Great HDCP Fiasco

Toasty16 writes "According to an article on Firingsquad, our shiny new Radeon and Geforce cards won't be able to play HDCP-encrypted content, even though they have been advertising HDCP support as a feature for a few generations. Want to watch that new Blu-ray movie on your custom built PC at full resolution? Sorry, retail graphics cards won't be able to do that; only OEM-built computers from Dell, Sony, HP and the like will have that functionality built in."

Re:Well now

[v1]

The current scheme is a little more complex, and the planned methods are a LOT more complex.

A pool of device keys were rolled up randomly to start with. I don't know how many. Probably a few thousand.

For each DVD, a random key is rolled up. (it's possible for them to roll up a new key for each production run) This master key is used to encrypt the content. The master key is then separately encrypted many times, once with each device key, and the result stored on the disk in a key dictionary. Note that each disk has a different master key.

Each device manufacturer that wants to make a DVD player has to sign a contract with the MPAA/RIAA or whoever it was that runs this madness. They agree that in exchange for one of the device keys, they agree to protect and keep the key secret.

Two of the manufacturers did not follow the terms of the contract, and stored their device keys in their players' firmware in easily retrievable format. Once these keys had been discovered, any disk that had been pressed up to that time contained the master key for that disk encrypted using that device key, so all disks up to that date had their security defeated.

Due to the nature of the encryption, once you know the master key, it is possible and practical to reverse engineer the remaining device keys. As a result of this, all device keys are now known to a number of people. If this had not happened, the MPAA/RIAA would have just deleted the compromised device keys from the dictionary for future releases. But since all device keys to date are now known, the only thing they could do is make a new device key dictionary, which would render all DVD players made to date unable to play new DVDs.

Among other improvements, the new system, it's designed in such a way that the compromise of one device key does not reveal all the other device keys. Also, I know little about the remaining technology, but one of them allows a "kill list" to be placed on a disk. They have added a way to obtain a "serial number" of sorts from the DVD player based on a ripped movie. They then would place that DVD player in the kill list for their new DVDs, and when placed in the targetted player, would deactivate it. Hard to say if this is rumor or true, it'd be a trick but certainly not out the realm of possibility. This way, if a sing;e player was compromised, they could deactivate it eventually. I doubt this would be very effective, but they are apparently going to try it anyway.