Slashdot Mirror
The DRM Scorecard
An anonymous reader writes "InfoWeek blogger Alex Wolfe put together a scorecard which makes the obvious but interesting point that, when you list every major DRM technology implemented to "protect" music and video, they've all been cracked. This includes Apple's FairPlay, Microsoft's Windows Media DRM, the old-style Content Scrambling System (CSS) used on early DVDs and the new AACS for high-definition DVDs. And of course there was the Sony Rootkit disaster of 2005. Can anyone think of a DRM technology which hasn't been cracked, and of course this begs the obvious question: Why doesn't the industry just give up and go DRM-free?"
No one ever expected DRM to stop all copying. That was never it's purpose. The purpose of DRM was to curb copying, which it has done. Everyone realizes there will always be a way to get around DRM (or anything else really) if you really want to. But if you can implement DRM and stop 50% or 75% of copying, that is a big improvement. That is exactly what they did. They implemented a solution that will reduce copying by the average person, which means more money in their pockets since less people are copying CDs and giving them to friends (and no, I'm not claiming every person who copied a CD would go and buy it, but certainly some of them will).
DRM works under the same concept as locking your car. IF someone really wants in, they will get in. But it certainly cuts down on the casual person who will take an easy opportunity, but doesn't care enough to put in the effort to get around the measures you put in place.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
From Wikipedia:
"Cryptanalysis researchers demonstrated fatal flaws in HDCP for the first time in 2001, prior to its adoption in any commercial product. Scott Crosby of Carnegie Mellon University authored a paper with Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner called "A Cryptanalysis of the High-bandwidth Digital Content Protection System". This paper was presented at ACM-CCS8 DRM Workshop on November 5, 2001.[1]
The authors conclude:
"HDCP's linear key exchange is a fundamental weakness. We can:
* Eavesdrop on any data
* Clone any device with only their public key
* Avoid any blacklist on devices
* Create new device keyvectors.
* In aggregate, we can usurp the authority completely."
It must be noticed, however, that for this attack you first have to break Blom's scheme (the linear algebra based key exchange system). In the case of HDCP you need a minimum of 39 device keys in order to reconstruct the secret symmetrical master matrix that has been used to compute all device keys.
Around the same time that Scott Crosby and co-authors were writing this paper, noted cryptographer Niels Ferguson independently claimed to have broken the HDCP scheme, but he did not publish his research, citing legal concerns arising from the controversial Digital Millennium Copyright Act [1].
The most well-known attack on HDCP is the conspiracy attack, where a number of devices are compromised and the information gathered is used to reproduce the private key of the central authority.