Slashdot Mirror
HDCP Master Key Revealed
solafide writes "The HDCP Master Key has allegedly been revealed. If true, this information will allow anyone to create their own source or sink keys, essentially making HDCP useless for content protection permanently. No word yet on how it was obtained, but if true, this is a great day for content freedom around the world!"
How will this actually become practical?
From my understanding this breaks the HDMI cable protection, more than anything re-opening 'the analog hole' except with full digital goodness if someone hacks the firmware on a player they can then use the signal freely. Expect many more downloads from 'the usual sources' of HD content....
Will be interesting to see how the industry reacts to this. As all these machines today have upgradeable firmwares and internet connection that wont be able to totally close this break in the hardware spec itself but may cause problems for those seeking to exploit this leak. As we know these companies are more than used to harassing customers for their own interests.
I for one welcome the new freedoms that come with this. Too many devices out now based on the standard for the industry to change overnight - the cat is out of the proverbial bag.
---- The real Slashdot is still here. You just have to browse at -1 to read the comments.
Actually the master key doesn't exist on all devices. The master key is theoretically kept private and managed by the consortium that oversees HDCP. When a new vendor comes along then the HDCP consortium generates a sub-key from the master key and assigns it to that vendor. The vendor then uses that sub-key to create "sub-sub-keys" for each device they manufacture.
If a device key is compromised then the vendor can revoke it and issue a new sub-sub-key for the device. The HDCP consortium could also revoke the sub-key for the vendor, thereby invalidating all the vendor devices, if necessary.
The problem with the HDCP encryption is that if you have enough of those device keys (50 or so according to reports) then with a bit of grunt work you can reverse-engineer the HDCP consortium master key. That's apparently what happened in this case.
In general anyone can buy and use lockpicks for legitimate purposes. It's when you possess them with the intent to commit a crime that they are classed as "burglary tools" and get you some extra time.
As far as I can tell, yes. Which is almost mind-bogglingly stupid. Keep in mind that it's not enough to just have 40 HDCP devices, you also have to crack them all, which involves either some really clever known-plaintext attacks or disassembling the firmware on each device. But if you can do it once, you can do it 40 times, so the only way to avoid having the master key leak is to never release that 40th manufacturer's key.
To be fair, entertainment is a need. People who aren't getting any will start doing unbelievable stupid things just for fun, quite likely getting themselves and bystanders hurt. Boredom might not seem like much a threat, but it is.
Of course, making movies would likely be far more interesting than just watching them, and with computing power increasing, it's becoming available to a more and more common person. The biggest obstacle right now is the lack of a suitable program; we need some kind of digital actor system to take out the drudgery of 3D animation.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Also, police like having drugs be illegal as it helps prop up their power structure.
I'm not sure how far you are talking about when you say power structure, but it goes much further than just the people employed by pig forces all over the place.
Politicians get a very useful bogeyman with (some) drugs being illegal. The military have something to fight, keeping them busy (ever noticed how one of the biggest welfare systems in many countries is the military? There are places all over the western world where there are next to no jobs available, but the military. Threaten to take away the military, and these people will be as upset as perceived "dole scroungers". The biggest irony is that those who support the existence and use of monstrous militaries often are opposed to any forms of social security!).
The legal system and industry is one of the biggest beneficiary of the prohibition of some drugs. Lawyers write laws against substances, lawyers prosecute those breaking the rules, lawyers defend those breaking the rules, lawyers judge if you have broken the rules or not. And good luck trying to understand the law if you aren't in their club. The legal industry is one of the biggest rackets in the world! You can't call yourself a lawyer or solicitor unless you have a law degree and belong to a bar society, and the gate keepers to both what is a good law degree and who gets into bar societies are all lawyers. I don't see any accountability to the people when it comes to lawyers, yet we have to deal with them if we want to be in anyway successful in this world. And we have to deal with them if we are destined to be unsuccessful (by the usual social-success yard sticks).
Throw in other factors, like for-profit prisons, the legal drug industries (tobacco, drink, caffeinated products, medicine[1]), a press who's business is driven by shouting about the downfall of society, and the pressure to keep some drugs illegal becomes pretty big!
[1] If people could legally grow a plant in their garden that could be used for many, maybe even a majority, of minor ailments the market for paracetamol/Tylenol would shrink massively.
Why did they bother to use weak encryption? Is it not trivial to make longer formulas etc. ?
There are two possible answers.
1. They didn't get smart enough people to design the system (see DVD CSS).
2. The complexity of the key system was limited so as to allow small/cheap/embedded devices to implement it with limited processing power and speed.
I'd say option 2 is more likely, but wouldn't be surprised with option 1.
You know, that's not necessarily true. Some people, like me for example, just want to be able to connect devices through my home stereo equipment. I am the unfortunate owner of a NewEgg.com-sold Yamaha AV receiver that sports HDMI 1.0 in and out. I am not trying to be a pirate. I just want to connect my stuff through my amplifier.
This is great news for me because this will enable the creation of inexpensive [read: Unlicensed] conversion devices that will enable me to make use of my AV receiver as intended.
I really don't appreciate that copyright interests have decision-making ability to determine how I can connect my home AV system. They did it with Macrovision which disabled my ability to connect my DVD player through my VCR. (I had a cheap TV with only channel 3/4 as the input method and my VCR was using that... the VCR had RCA audio and video in, though, and I could use that to connect my very first-ever DVD player to my TV via the VCR... but no... I "might" copy a DVD to a VHS tape, so they decided to break it.) They tried to do the same thing with "broadcast flag" legislation to force all devices in the U.S. to respect the broadcast flag and not record programs from over the air. (What ever became of that? Did it fade away or return silently?)
I am a copyright violator. I'm not denying that. But my first experience with HDCP was by trying to connect my XBox360 to my TV through my AV amp which is, in my opinion, a perfectly legitimate use... before that time, as with my first experience with Macrovision, I didn't even know what HDCP was! HDCP is part of a paranoid market's desire to control how and where content is accessed. It shouldn't be their right to dictate this. They shouldn't even be able to prevent me from copying things as "fair use" is a legally acceptable reason for doing so... and yet they are allowed to attempt to block it.
I don't like it when legitimate purposes and uses are blocked because someone might use those methods for illegitimate purposes and uses.