Slashdot Mirror
HDCP Master Key Revealed
solafide writes "The HDCP Master Key has allegedly been revealed. If true, this information will allow anyone to create their own source or sink keys, essentially making HDCP useless for content protection permanently. No word yet on how it was obtained, but if true, this is a great day for content freedom around the world!"
And hooray for common sense. You knew it was hopeless.
On twitter, the original link to the pastebin is from 'IntelGlobalPR'. Is that a fake account, hacked, or is this actually a publicity stunt from Intel for something?
I can't wait for THIS number to be turned into a song!
screenshot or it didn't happen
Is there really just one master key? Or is this merely one of the keys a vendor would use to create compatible equipment, meaning the next "critical firmware update" to any HDCP hardware will include a blacklist entry for this key...
How will this actually become practical?
From my understanding this breaks the HDMI cable protection, more than anything re-opening 'the analog hole' except with full digital goodness if someone hacks the firmware on a player they can then use the signal freely. Expect many more downloads from 'the usual sources' of HD content....
Will be interesting to see how the industry reacts to this. As all these machines today have upgradeable firmwares and internet connection that wont be able to totally close this break in the hardware spec itself but may cause problems for those seeking to exploit this leak. As we know these companies are more than used to harassing customers for their own interests.
I for one welcome the new freedoms that come with this. Too many devices out now based on the standard for the industry to change overnight - the cat is out of the proverbial bag.
---- The real Slashdot is still here. You just have to browse at -1 to read the comments.
Further proof that DRM is, for all intents and purposes, completely useless other than pissing off "honest" consumers.
Living With a Nerd
... so nobody can get hold of it.
Watch this Heartland Institute video
Let's see... I have been postponing buying a blu-ray player or drive until the protection is broken. Maybe a manufacturer will get my money if this is true!
There's just one key, and they never expected this to happen? "But.. but, well, we just never expected someone to give it out. It was umpossible."
What kind of security is that? Quite frankly I hope corporations continue to be stupid, so we can continue to break their stupidity with our key mastering abilities.
Why is I when I read "content freedom", I have a feeling you mean your ability to copy movies from torrent and avoid having to pay anyone for the huge investment and hard work they put into making movies. Sure, that's not what everyone will use it for, but it seems like most will. That's not something to cheer about in my book, but to each his own.
The real problem is not whether machines think but whether men do. - B.F. Skinner
I tell you, this is an MPAA plot!
Palm trees and 8
Here you go:
HDCP MASTER KEY (MIRROR THIS TEXT!)
This is a forty times forty element matrix of fifty-six bit
hexadecimal numbers.
To generate a source key, take a forty-bit number that (in
binary) consists of twenty ones and twenty zeroes; this is
the source KSV. Add together those twenty rows of the matrix
that correspond to the ones in the KSV (with the lowest bit
in the KSV corresponding to the first row), taking all elements
modulo two to the power of fifty-six; this is the source
private key.
To generate a sink key, do the same, but with the transposed
matrix.
6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9
82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6
1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39
b3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e
2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378
672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d
07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc32c7e63
1d6b501ae0f003 f5a8fcecb28092 854349337aa99e 9c669367e08bf1 d9c23474e09f70
3c901d46bada9a 40981ffcfa376f a4b686ca8fb039 63f2ce16b91863 1bade89cc52ca2
4552921af8efd2 fe8ac96a02a6f9 9248b8894b23bd 17535dbff93d56 94bdc32a095df2
cd247c6d30286e d2212f9d8ce80a dc55bdc2a6962c bcabf9b5fcbe6f c2cfc78f5fdafa
80e32223b9feab f1fa23f5b0bf0d ab6bf4b5b698ae d960315753d36f 424701e5a944ed
10f61245ebe788 f57a17fc53a314 00e22e88911d9e 76575e18c7956e c1ef4eee022e38
f5459f177591d9 08748f861098ef 287d2c63bd809e e6a28a6f5d000c 7ae5964a663c1b
0f15f7167f56c6 d6c05b2bbe8800 544a49be026410 d9f3f08602517f 74878dc02827f7
d72ef3ea24b7c8 717c7afc0b55a5 0be2a582516d08 202ded173a5428 9b71e35e45943f
9e7cd2c8789c99 1b590a91f1cffd 903dca7c36d298 52ad58ddcc1861 56dd3acba0d9c5
c76254c1be9ed1 06ecb6ae8ff373 cfcc1afcbc80a4 30eba7ac19308c d6e20ae760c986
c0d1e59db1075f 8933d5d8284b92 9280d9a3faa716 8386984f92bfd6 be56cd7c4bfa59
16593d2aa598a6 d62534326a40ee 0c1f1919936667 acbaf0eefdd395 36dbfdbf9e1439
0bd7c7e683d280 54759e16cfd9ea cac9029104bd51 436d1dca1371d3 ca2f808654cdb2
7d6923e47f97b5 70e256b741910c 7dd466ed5fff2e 26bec4a28e8cc4 5754ea7219d4eb
75270aa4d3cc8d e0ae1d1897b7f4 4fe5663e8cb342 05a80e4a1a950d 66b4eb6ed4c99e
3d7e9d469c6165 81677af04a2e15 ada4be60bc348d dfdfbbad739248 98ad5986f3ca1f
971d02ada31b46 2adab96f7b15da 9855f01b9b7b94 6cef0f65663fbf eb328e8a3c6c5d
e29f0f0b1ef2bf e4a30b29047d31 52250e7ae3a4ac fe3efc3b8c2df1 8c997d15d6078b
49da8b4611ff9f b1e061bc9be995 31fd68c4ad6dc6 fd8974f0c506dd 90421c1cd2b26c
53eec84c91ed17 5159ba3711173b 25e318ddceea6a 98a14125755955 2bb97fd341cea2
3f8404769a0a8e bce5c7a45fb5d4 9608307b43f785 2a98e5856afe75 b4dbead4815cac
d1118af62c964a 3142667a5b0d14 6c6f90933acd3d 6b14a0052e2be4 1b1811fda0f554
12300aa7f10405 1919ca0bff56ea d3e2f3aad5250c 4aeeea5101d2ec 377fc499c07057
6cb1a90cdb7b11 3c839d47a4b814 25c5ac14b5ec28 4ef18646d5b9c2 95a98cc51ebd3b
310e98028e24de 092ffc76b79f44 0740a1ca2d4737 b9f38966257c99 a75afc7454abe4
a6dd815be8ccbf ec2cac2df0c675 41f7636aa4080f 30e87b712520fd d5dfdc6d3266ac
ee28f5479f836f 0bf8ee2112173f 43ae802fa8d52d 4e0dffd36c1eac 3cbda974bb7585
fb60a4700470e3 d9f6b6083ef13d 4a5840f02d0130 6c20ef5e35e2bf dad2f85c745b5b
61c5ddc65d3fc9 7f6ec395d4ae22 2b8906fb3996e2 e4110f59eb92ac 1cb212b44128bb
545afda80a4fd1 b1ffea547eab6b fac3d9166afce8 3fe35fe17586f2 9d082667026a4c
17ffaf1cb50145 24f27b316acfff b6bb758ec4ad60 995e8726359ef7 c44952cb424035
5ec53461dbd248 40a1586f04aee7 49ea3fa4474e52 c13e8f52c51562 30a1a70162cfb8
ccbada27b91c33 33661064d05759 3388bb6315b036 0380a6b43851fb 0228dadb44ad3d
b732565bc37841 993c0d383cfaae 0bea49476758ac accc69dbfcde8b f416ab0474f022
2b7dbcc3002502 20dc4e67289e50 0068424fde9515 64806d59eb0c18 9cf08fb2abc362
8d0ee78a6cace9 b6781bd504d105 af65fab8ee6252 64a8f8dd8e2d14 cb9d3354e06b5b
53082840d3c011 8e08
Monetize your content all you want. Prosecute illegal distribution. Just let me play it with my own device and software.
Bruce Perens.
The HDCP Master key !! so now you can burn, Burn, BURN !!
I paid for my home with my share of Pixar's IPO. And I'm an Open Source evangelist. So, I'm in both worlds where this is concerned.
What I think is fair is for infringing redistribution of copyrighted content to be prosecuted as necessary. You really don't have the right to give all of the internet a copy of that Hannah Montana song. But when I have paid or done whatever is appropriate to gain the right to view that media on my LG TV, I should have the right to view it on my Linux system too.
So, basically I am for content creators having the right to monetize their work and against having an electronic cop in my TV room. And I'm against having Free Software locked out of being a player.
I hope the key is real and that it's really this simple. I am not equipped to test it today but I'm sure someone here is.
Bruce Perens.
Wow.. I just finished blogging about a dream I had last night that involved rainbows, colors and numbers... http://blog.invalidip.com/
No, because it makes it easier for you to use your content that you paid for with your hard-earned cash the way you want to instead of how some third party who doesn't have your best interest at heart (and who only wants to get their greedy fingers on the aforementioned hard-earned cash, whether they've earned it or not) would like to make you pay for it over and over for making personal copies, displaying on alternate devices, etc.
The ability to infringe copyright is simply a side effect. Yes, some people may use it for that purpose. I won't.
When they invented the car, are you the type that sarcastically would have said, "Because it's always good to make it easier to to get away after robbing a bank. What other law-breaking things can we invent? Maybe someone should add sound to our good ol' silent films so that people can break the law by singing copyrighted songs."
it's 2010 and we have netflix with it's so so instant streaming. along with a few other buy/rent online stores that offer content at decent prices. we even have blu ray's coming out with a digital copy so you can watch it on your phone, ipad, laptop without an optical drive, etc.
it's not the ideal where any blu ray or DVD should come with a digital copy and iTunes is not the greatest place to buy/rent from but they are all good enough not to steal with the excuse that the media companies aren't offering an easy way to consume media. only excuse you may have is that you're outside the USA and want US content
It just repeats the same claim as the title of the pastebin title. That is good enough for wikipedia but wikipedia is not a second source/confirmation. Until someone actually creates a sink with this key this is nothing more than this slashdot article.
Like all encryption systems - if you learn enough about the keys, you can crack them and recover the original keys. In this case, just 40 devices with HDCP and a lot of mathematics is virtually guaranteed to recover the master key.
Don't use encryption to secure a digital product. It *will* fail because, at some point, you have to give people a key to access that product - thus they have access to the decrypted stream and to a number which is reliant on the private key. Encryption does NOT take account of protecting against an authorised user with a valid decryption key, or numbers of those users working in a concerted effort to crack your encryption. It's a misuse of the technology and any company that claims the opposite (e.g. all DRM companies) are lying to you.
This is not a good day for content freedom. If true, this is a good day for the entertainment industry to try and lock-down media even more, or simply make it unavailable in a way consumers want. Piracy goes up, and they attempt to figure-out what's wrong while honest consumers suffer.
The HDCP is for communicating over HDMI links. Blue ray uses ACCS and some other protections. "the" blue ray protection is not broken cryptographically.
But now you can at least create an open source tv that can play HDCP content.
In particular, read
http://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection
and
http://en.wikipedia.org/wiki/Blom's_scheme
Some key (heh) facts:
* This key is not stored in high-def devices themselves, nor does any manufacturer possess it. This is the key used to *make* individual manufacturers' keys.
* The generated manufacturers' keys are set up in a way that device A and B can communicate secretly without knowing each others' keys.
* Because of the way this system works, if enough individual manufacturers' keys are known, one can figure out the master key. In this case, "enough" is 40.
Important point: it's not like some random tech at Sony got fired and decided to blow the whole thing wide open. If it's a leak, it's a leak from just one or two specific keyholders at Intel, who developed the system. But it doesn't have to be: any random person with 40 different Blu-Ray players and a whole lot of cleverness could potentially figure this out.
In fact, here is what you find on Wikipedia:
"In order to prevent legal issues, please do not reproduce the supposed matrix value on Wikipedia. If you wish to view the key, see the External Links section below for a link."
I predict Sony will announce Blu-Ray2 tomorrow, and now you have to dump all your existing HD equipment and buy their newfangled crap with a different master key. All your existing investment in HD crap must be tossed in the trash.
Think of the boom to the economy if every American has to buy their movies ALL OVER AGAIN, for the 4th time, as well as replace their player, TV and the expensive cable between them.
Oh yeah, firmware update to PS3's that prevent playing Blu-Ray. Sony changes tagline for PS3 commercials to "It only does nothing".
Either that, or here comes Toshiba with HD-dvd-2... Div-X anyone?
This could signal the end of physical media. My prediction is that media companies will start selling only executable packages that contain player-code, the movie itself, and rootkit, and the player program will erase the movie after it's been watched, leaving the rootkit installed, so they can monitor if the player program is altered by the user, or the movie is watched again.
And then Orrin Hatch will allow Sony to blow up your computer if you tamper with their movie.
If telephones are outlawed, then only outlaws will have telephones.
HDCP has not really become widespread enough for this to be a good thing - in fact it's a bad thing at this time. People don't complain about it yet and with it broken, the manufacturers will simply do something different - and possibly worse. So next time you break an encryption system, please keep quiet until it becomes a widespread problem for people ;-)
If it was a leak someone is going to jail.
If it was reverse engineering the next form of copy protection will be less vulnerable to such an attack.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Inside sources say that the CEO had it written down on a post-it stuck to his monitor.
Who cares?
There are so many great movies and music that have already been created. I can watch or listen to those if I want to be entertained. Hell, I frequently listen to music over a hundred years old, and it's great. Or I could just go on the internet and do any of a thousand different activities to entertain me or provide me with a creative outlet.
Most of what's coming out now is pure shit.Will Smith recycling Karate Kid so his talentless brat can have a career handed to him? Step up 3D? Hey I've got an idea, fuck off.
"Content creation" dying would actually be a good thing in some ways. It certainly wouldn't be a disaster. Of course, if you're an artist / musician / film maker / actor, you might be out of a job, but hey... nobody owes you a living, no matter how many billions of dollars you think your presence deserves. You can always get a real job instead.
The answer isn't to keep cracking these "protection" schemes, it's to stop buying into them at all
That's rawther difficult without abandoning computers altogether. Are there any new monitors that don't support HDCP? I thought it was a requirement for the HDMI license, and every TV monitor has an HDCP-capable HDMI port nowadays.
Do what you want 'cause a pirate is free / You are a pirate!
Bibo Ergo Sum.
I have never, and will never, buy anything with HDCP enabled. The only DRM scheme I use is Steam, and that's because it's convenient and unintrusive, and completely compatible with my existing hardware without any modification whatsoever.
HDMI / HDCP can die in a fire. I've had 16:10 1920x1200 better-than-HD for over two years without any of this HDMI crap, and I can go a hell of a lot longer without it. By the way, that includes the next progression, whatever that may be.
Finally had enough. Come see us over at https://soylentnews.org/
it can't get better.
My experience is that those who want to "aggressively monetize content creation" are rarely creators.
duh... they enable the creators... WITH MONEY.
"only excuse you may have is that you're outside the USA and want US content"
Ok, so for me (as I am living in Europe) this excuse is valid to me? ;-)
What about those poor USA citizens who desperately want to access Non-USA content??
I rest my case
Who cares?
i care that a publisher was irresponsible and published short sighted opinion presented as fact.
As you say, there are two separate issues, the issue of respecting copyright and the issue of doing what you want with your devices. Well HDCP does nothing to stop copyright infringement. The pirates just nab a copy earlier in the chain, just rip the disc. Sometimes they do it later in the chain, just record a movie in a theater. Either way the fact that they can't nab a signal from the wire doesn't matter at all, they don't even try.
What this does do is prevent legit uses. I really want to build a HD DVR for my living room. I don't want the one the cable company sells. Not only do you pay a monthly charge, but I don't care for its features or its tiny drive. I want to build my own. The capture card I want is already on the market, the Blackmagic Intensity. Expensive, but worth it. ...
Except HDCP stops all that from working.
So I could go and just download the content online, any and every thing I could want is out there, free for the taking. I cannot legitimately just record it off my expensive ($80/month currently) cable TV connection.
I'm very fed up with copy protection these days because this is what is happening. It isn't protecting anything, it is hurting normal users. It is so overbearing that it interferes with normal usage, and still it does nothing to stop infringement.
Another thing, along those lines, is I can't play Blu-ray movies on my PC. I have a BD-RW drive, 1920x1200 monitor and HDMI soundcard out to a massive home theater system. Seems like the tech is there. However because of the way my system works, the display output is mirrored, one copy via DVI to the screen, the other via HDMI to the soundcard, since it need a video signal to get clock from to send its sound. All devices HDCP enabled, but Blu-ray disallows playback in the event of a mirrored screen.
They've done a great job of protecting me from myself, but nothing to stop me from downloading a program and ripping and uploading their movies, if I so chose.
This will have no difference on Blu Ray players that require HDCP to output their high def content, still spitting in the face of thousands of early adopters.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
They couldn't have waited until Sunday to release this?
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Encryption used for things like DVD's, Blu-Ray, HDPC, etc. suffer from two major weaknesses:
1. As ledow pointed out, you need to provide a decryption method and a key to the end user in order for them to view the content. With unencrypted content and a decryption key, it's possible to reverse-engineer the encryption. Given enough samples (eg. dozens of Blu-Ray movies each with different keys) the process becomes easier.
2. The encryption must be weak enough so that the content can be decrypted in real-time. You've got to be able to decrypt roughly 2K of data for every frame displayed. At 30 frames a second that would mean being able to decrypt 60K of data per second. Your average Blu-Ray DVD player doesn't have a high end multi-core CPU in it to aid in decryption, so it requires an algorithm that's relatively light weight and fast.
It has other uses too: dissuading casual pirates from ever jumping ship and buying into the medium.
A friend of mine couldn't play a couple of Blu Ray discs he'd bought because of various compatibilty issues to do with updated keys or whatever. It convinced me that Blu Ray just wasn't ready for the living room. Why would I want to give these fools my money when it results in a crapshoot? No Blu Ray player for me, no discs either. I decided to spend my money on something that's not so flaky.
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
More technical details described here: http://cryptome.org/hdcp-weakness.htm
HDCP Effect: A preemptive Streisand effect where there is no immediate aggressor but one is implied. Which means the material gets blasted around the internet 'just in case' there are aggressor actions.
....but took another 9 years to develop an implementation of it:
http://www.macfergus.com/niels/dmca/cia.html
There is also a repost of this info available @ John Young's Cryptome, that someone else in this thread already posted.
One question: I noticed in the 2001 papers that this was designed against the 1.0 version of HDCP. Will it also work against it's revisions?
I think some forget how hypocritical people can be. This is even easier when you are talking old people being hypocritical with regards to what they did in youth. For one, we tend to remember the past through rose colored glasses. Not only does this mean we think things were better back then, but we kinda white wash our own histories. We forget some of the shit we did, the positions we held, and remember a more idealized version of ourselves. So "I smoked pot daily and loved it," may morph in to "I tried pot a few times socially and don't think it was a good idea."
Also people get overly cautious about what they did in the past. They see things as "stupid" and they are "amazed they survived." Of course you look further and it turns out that most people did that kind of stuff, so maybe it really isn't as dangerous as you think. However that isn't considered, instead the "protect the children" instinct takes over and they want to restrict things for their own good.
So I can perfectly well see people who are currently massive downloader growing up and getting power and then fighting against it. They'll remember it as something they did a bit and what a bad idea it was and how bad it is to do, and be all the more convinced it has to be stopped.
Here you go, compact version:
The key's 22,400 bytes interpreted as raw RGB data, padded
with a single 0 at the and to make it divisible by three:
http://img80.imageshack.us/img80/9746/hdcp.png
Not only that, but the DRM peddlers completely ignore the wetware that's actually implementing this stuff. To a team that develops a player or display firmware, DRM is an annoyance -- it's extra work that adds nothing to the value or functionality of their product, it's only a market enabler. They'll implement it only as far as it takes to get their product blessed by whoever does a 3rd party review/certification (if there's such a thing for DRM). Thus one can't but expect security holes galore and spaghetti code and whatnot. Never mind weaknesses in the algorithms themselves.
A successful API design takes a mixture of software design and pedagogy.
I was sick and tired of my TVs/Monitors deciding by themselves what they would and wouldn't show. I'd like to think maybe this time manufactures will get a clue - i don't see it happening any time soon though.
> The MAFIAA/RIAA ...
They game governments to get laws passed which enrich themselves at the cost of depriving society of: the use of the public domain, due process, and other privileges like anonymity on the net.
They use their legal muscle to try to prevent independently created content from becoming competitive with their product (e.g.: Veoh).
> No word yet on how it was obtained, but if true, this is a
> great day for content piracy around the world!"
>
> There, I fixed that for you.....
Content piracy never needed this.
A Pirate and a Puritan look the same on a balance sheet.
What you heard is completely wrong and is bordering on libel. No way would he be stupid enough to keep such an important piece of intellectual property on a post-it note on a monitor in clear view. He is far too clever for that, you see.
It was taped under his keyboard. Shows what you know! :-p
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Seriously?
Freedom has seen some great days, the end of WWII in Europe being a shining example that comes to mind, but this really isn't that big of a deal.
I think if this 'day' gets you all excited, you probably need a little perspective in your life. Not that this isn't a good thing, lets just try to keep things in a proper view.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
no money = NO CREATIVE WORK
Finally. It was a stupid idea to begin with. I should be able to time-shift all my content without renting a crippleware box from the cableco. 2 months for china to make capture hardware, 6 month for an open source driver to mature, another 6 months for support to stabalize in mythtv, plus some time for it to make it into the distros. Maybe a year and a half before I can refresh my mythboxen. Yeah.
Proponents of open video have potentially won a battle here, but I have to agree with the commenters that say that this may just push the content companies to add new controls elsewhere in the content ecosystem. For example, DTCP (and particular the IP-oriented DTCP-IP) is already widespread in newer "TV Anywhere" style devices. It may also have cryptographic weaknesses, but compared to HDCP it is even more closed and it is controlled by an independent cabal of corporations.
See Engadget's summary of the comments on the FCC's set-top-box competition proceeding for a sense of what is to come.
Meet the new boss.
Too large for a T-Shirt
But now that the DRM is broken, the poor movie studios will have no defense against piracy.
Expect them to release numbers and graphs showing how their revenue takes a sharp turn downwards.
(Unless, of course, their claims of connections between piracy and revenue are all lies, but I would never suggest anything like that...)
"As long as the copyright holder can exclusively decide what DRM will be applied you have no possibility to vote with your wallet short of doing completely without it."
It's not freaking oxygen. Go without it. That's what voting with your wallet means - or should mean.
The key is actually 11200 bytes. It seems you took the hex data instead of the raw bytes?
Ah, damn - yes. That also explains why the picture is so dark, I was already wondering if there was an additional weakness in there...
Actually, you will get 5.1 over the optical cable. You won't get 7.1, you won't get 96KHz sampling rate, and you won't get lossless bitstream. But basic Dolby Digital and DTS 5.1 work just fine.
You are apparently also of the generation that prefers ignorant mob rule and lazy scapegoating to spending even modest effort on understanding copyright law.
Hint: Start by finding the part of copyright law that criminalizes the receipt of information. Then find the section of law that allows an individual or corporation to enforce a contract against someone not a party to it.
/. -- the Free Republic of technology.
Not for most Slashdot readers!
Yes, it does sound strange. Perhaps that's because the parent meant "watched 2 or 3 illegally obtained movies."
But, you were smart enough to figure that out on your own, weren't you? Or, were you relying on your misnomer to push your agenda, you filthy copyright infringer?
It really doesn't take much at all to turn any person off the street into a jackbooted thug, if they have the slightest inclination for it.
/. -- the Free Republic of technology.
Just curious -- could a similar technique be used to derive the private key of a bank's ssl cert? If not, what's the difference. If so, why hasn't that been done to date? TIA.
There aint no pancake so thin it doesn't have two sides.
how long before someone arrested for stealing a DVD is also charged with 'Intent to Distribute'. Off to a Super Max for a hard 20, you society-destroying Kingpin!
You are obviously not a creative person.
Money is rarely THE motivating factor. People were creating and performing long before the MAFIAA became the middleman in the process and began searching for their holy grail of control via DRM. Artists of all disciplines will continue to do so long after they are rotting in their graves.
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
Damn. I was really hoping for something to replace my ancient DeCSS shirt.
Your average Blu-Ray DVD player doesn't have a high end multi-core CPU in it to aid in decryption
Says who?
For a million-unit product, it becomes quite economical to design and fab single-purpose accelerators that can decrypt megabytes per second of 1024-bit RSA. It's even more economical for a semiconductor company like Zoran or ST or Toshiba to integrate such an accelerator core into one of their ARM systems-on-chip and sell millions per month as a stock item, complete with development support. After all, they've been doing the same with MPEG-2 video decoders for years.
/. -- the Free Republic of technology.
It's only 89,600 digits in binary. That can easily be represented as a 300x300 b/w image (or, if you prefer perfect fits, 512x175)...
That's all fine and dandy for now, but what happens when they start to get really serious about "protecting their content," and start introducing devices that can't be so easily broken?
HDCP was about as serious as it gets.
But the fact is that when anyone has physical control over all of the parts of a system, you cannot prevent them from deconstructing to the point where they can do what they want.
If these controls keep being broken, then eventually people will realize it makes no monetary sense to pay for them (as they have with music). We are a ways off from that in video, but it will happen someday - or it won't, but it will not matter for anyone that cares about it because the crackers cannot be stopped.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
anything that's worth creating costs money
HDCP has nothing to do with piracy.
Suppose I want to buy a Bluray movie and watch it. I buy a Bluray player, but most likely it does not have a VGA output. My highest resolution display is my CRT computer monitor (up to 2048x1536@80Hz), but it only accepts VGA input. So, I have to break HDCP in order to convert from DVI or HDMI to VGA (there are devices, like HDFury, that already do that).
Or, I could download a rip using BitTorrent and play it on my computer.
So, HDCP actually would prevent me from watching a movie that I bought on a monitor that I won.
From TFA: "Just as the MPAA is preparing to offer movies to customers at home while they're still in theaters ..."
If I'm still in the theater why would I also want the movie showing at home?
No because a bank is a closed key pair. For the bank there exists only a single private key and a single public key. With only a single public key you can't determine the private key.
With HDCP a single device key would have similar immunity but it would also have another larger problem. If the key ever becomes compromised you would have no mechanism to rescind it (every device in whole world would use same key). Thus the "solution" was to make each device key unique but mathematically related. They are related via the master key. Get enough device keys = get enough mathematically related keys = reverse engineer the original.
With a bank website there is no need for multiple keys. There is a public key and private key. If that pair is ever compromised it would simply be replaced (and via key revocation the old key marked as bad forever).
different scenario thus different potential weaknesses.
As with many technologies in history, porn leads the way - brazzers for instance gives videos in 1080P, as well as lower quality.
And as usual, if the adult industry can do it why can't the mainstream industries?
If this were really happening, what would you think?
And this is modded informative? Sure, if you have a secret key you will have to distribute it to use it. That seems to have been the case for DHCP (which is obviously not - yet - suited for asymmetric encryption due to cost/latency constraints). But you'll be famous if you can retrieve a asymmetric private key from encrypted content that you distributed together with the public key. Most standardized encryption systems in are safe from plain text attacks (e.g. 3DES, AES, RSA and Elliptic Curves).
The big problem with DRM is that you need to distribute the key to decrypt the stream in the first place. If that eco-system is not completely airtight (manufacturers of players and players) then you will run into trouble. Because you can retrieve the playing key or the content if it isn't. This becomes worse when you don't have a flexible key management system - the reason why there is one in the Blu-ray spec. But the Blu-ray spec can rely on high end / hardware accelerated processors - I presume DHCP can't.
I think they meant mirror this text on other sites. A copy of another comment posted six minutes earlier doesn't really help.
I saw this on Freenet already.
Between this and the fact that local Best Buy has BluRay players on sale for $70, it looks like it's finally time to upgrade, since I can finally get something that's on par with DVD in terms of features other than image quality.
Someone asked why the matrix wasn't symmetric as per the master matrix in Blom's Scheme.
I figured out the answer by reading the three short articles linked to from HDCP: Why So Weak?. The deal is that they placed severe hardware constraints on themselves. They were only allowed to require devices to do addition, no multiplication. Therefore the implementation in the Wiki article was not acceptable.
The HDCP scheme only allows "sources" to create a shared private key with "sinks", not other sources. Each source (sink) gets a private key that is a sum of 20 rows (columns) of the master matrix mod(P) where P seems to be 2^56 (which is not prime). Their public key is not a vector of integers like in the Wiki article. It is a vector of 40 zeros or ones with a total of 20 zeros and 20 ones. It is the same vector that selected their 20 rows (columns).
If you look at how an arbitrary source's 20 rows overlap with an arbitrary sink's 20 columns in the master matrix, they will intersect at exactly 400 (= 20 x 20) numbers. The shared private key is the sum mod(P) of these 400 numbers. The source's private key is the 40 word vector containing the sum of its 20 rows. So the 400 numbers at the intersections have been summed into 20 numbers out of the 40 numbers of the source's private key. The sink tells the source which of the 20 of the 40 numbers in the source's private key to sum. These correspond to the 20 bits that were set (out of 40 bits) to select the 20 columns that make up the sink's private key. When the sources adds the 20 numbers from its private key it gets the sum of the 400 numbers in the intersection between the source's rows and the sinks columns.
The sink does the same thing. It gets told by the source which 20 of the 40 numbers in it's private key correspond to the sources 20 rows. The sink adds up these 20 numbers and it too gets the sum of the 400 numbers that are in the intersection of the sources rows and the sinks columns. This way each one uses their own private key (the sum of their 20 rows or columns which is a vector of 40 numbers) combined with the public key of the other (which 20 out of 40 numbers to sum) in order to find a shared private key. They both end up with the same number which is called the shared private key. It is the sum of the 400 numbers where the source's rows intersect the sink's columns in the master matrix.
We don't see the world as it is, we see it as we are.
-- Anais Nin
So, can Linux playback BluRay movies now? Or does that still require Rube Goldberg contortions to get poor quality playback?
I use MakeMKV to stream Bluray content to xbmc. I have an nvidia card that enables hardware decoding via vdpau. The streaming means I don't have to rip Blurays to a hard drive and the hardware decoding means that my cpu is coasting at about 15% usage. The quality is fabulous, xbmc is really slick. I'm planning to use the wonderful Bluray playback to show off my Linux system as a media center to my friends who still use Windows.
I start the streaming from the command line. If you think typing is a Rube Goldberg contortion, you could use the GUI that lets you start the streaming with just a few mouse clicks. It is now very easy and the quality is excellent. The biggest problem I have is that most of the movies I like aren't yet available on Bluray. If you like movies with lots of violence and action, you probably don't have this problem.
As an added bonus, I don't have to screw around with firmware updates to my Bluray drive.
We don't see the world as it is, we see it as we are.
-- Anais Nin
Copyright infringement is not an exact analogy with theft, as is regularly pointed out on /. , but there are some valid comparisons to be made.
Indeed there are.
One valid comparison is that copyright infringement and theft are both illegal.
Another is that they both involve the actor getting something for free.
However, they fail the most important comparison. Theft is wrong not because it's illegal, or because the thief gets something for free, but because the victim of theft suffers a tangible loss. Before the act of theft, the victim had X; after the act, he no longer has X; he is now poorer than he used to be, thanks to the thief's actions. That's precisely why theft is wrong.
Copyright infringement lacks that quality. You can draw some superficial comparisons to theft, but it's missing the most important aspect of theft, the one that makes theft wrong. The comparison really only serves to cheapen actual theft.
Visual IRC: Fast. Powerful. Free.
You're a complete fucking moron if you believe that. I could easily point out hundreds of things that don't cost money to create but are well worth the effort. You are NOTHING idiot.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
TIME is money, idiot. SPENDING TIME IS SPENDING MONEY.
straighten your dick, pee hook.
you are NOTHING
SPENDING TIME IS SPENDING MONEY
So how much does it cost you to sleep at night? Time is only money if you can or want to actually make money during that time.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
perhaps because they don't exist and you're a liar or an idiot...
you are NOTHING
2 needs a brief revision. It wasn't specifically about cheap embedded devices, it was entirely about small and simple.
The issue was that they wanted to encourage (at pain of death) the vendors to embed the HDCP encoding hardware directly into the video decoding chips. The HDCP encoder needed to be tiny enough that it would take only a minuscule portion of the FPGA/ASIC containing the video decoder. This made it so vendors would agree to do it. If they would have implemented a more complex system similar to ZRTP (one of the more complex, yet secure streaming encryption systems) first of all, there would be tons of compatibility problems. Vendors of video IP would have tons of problems implementing it and the differing interpretations of the spec would guarantee uselessness of the spec.
Additionally, it should be able to be implemented using pure logic, arithmetic is expensive. A full adder adds a huge layer of gate depth into a chip. Each bit adds at least one layer of depth. This adds latency etc... a logical algorithm can perform an entire step in the encoding/decoding chain in one level of depth. Also, logic operations are REALLY simple to route in ASICs and FPGAs. Non-power-of-2 multiplications and divisions would add loss, not only damaging the quality of the signal, but possibly the control codes, rendering the output undecodable.
By placing the HDCP stuff directly within the ASIC/FPGAs of the decoders (the primary goal as earlier noted), it made it so that while the algorithm itself was generally weak to begin with, the keys would be much harder to obtain as they would be coded directly inside the ASIC. Also, it makes it impossible to intercept the decoded signal between the decoder and the encrypter.
DVD CSS is an entirely separate interesting case. I was attempting to license the DVD specs to make a licensed DVD player back before DeCSS was released. I was reading through the requirements for licensing and find it amazing that almost all the interesting bits have disappeared from the face of the planet. Here's some things I vaguely remember from it, they may be imprecise :
1) The spec was made by Intel (a pretty smart group of guys normally)
2) The spec itself cost $5,000 + delivery via a secure physical method.
3) The spec was licensed to a company, but only after meeting certain security requirements.
4) Only "cleared individuals" would be permitted access to the spec.
5) The spec was to exist ONLY within a sealed room, no windows, heavily locked door.
6) The door would only be able to be opened by individuals cleared for access by the DVD consortium.
7) When the cleared individuals were not in the room and at any time the door was open, the spec would have to be stored in a fireproof safe which limited access only to individuals (the ones cleared to be in the room).
8) All source code for implementing the spec would exist ONLY on a removable medium (floppy, removable hard disk, zip disk, this was before thumb drives).
9) All binary implementations of the code would be heavily encrypted and could not be decrypted or deciphered without the use of a multi-million dollar laboratory environment.
Oops! That's where the failure was. So long as code can be run, it has to be in a decrypted form. So once the code is decrypted to be executed, then ANY debugger which can function on an application in memory could be used to read the code in assembler form. The complexity of the algorithm is irrelevant, all that matters is the amount of time a person has to sit and sort it out. The film industry wanted this clause in, but I'm entirely convinced that the guys who made the spec knew before hand it was entirely unrealistic.
You'll note that they focused a great deal of effort on the protection of the physical specification. I'd actually be amazed if the formal specification even exists in electronic form anymore. I'd imagine that it's strictly in print and is photocopied for each new licensee if there are actually any.
I have purchased approximately a thousand DVDs over the past 14 years. I have a room in my house damn near consumed by them. They take tons of space. Before that, I bought tons of VHS (possibly literally, they were heavy)
:) Oh.. this is Norway, wouldn't matter.
What I hate is :
1) buying on VHS then having to pay again when I want DVD, then again when I want Bluray, then again when I want downloadable, etc... I have pirated films that I have already purchased on earlier formats. If the industry wants a proof of purchase for every film in my library and a serial number for it, cool... where do I send it. Then when they release it in a new format, let me download it.
2) If I can't buy a film downloadable in another country, I simply download it elsewhere. I'm perfectly happy to pay for films I watch. But I sure as shit won't be treated like a 3rd rate citizen because they decided where I live isn't convenient to them to sell in (Norway is too small to interest many companies).
3) If they are price gouging because of my location (very common, BluRay in U.S. $14, in Norway $45) and they won't let me download it at U.S. prices + Norwegian taxes, then I'll pirate it today and wait for it to land on the $15 rack in clearance down the line.
As I said, I've bought about 1000 DVD's at an average price of $22 (have a spreadsheet) a disc. That's $22,000 U.S., if they want to call me a pirate for trying to give them money but refusing to pay a 200% premium for my location, then send the cops my way
I actually work in the industry as well. Used to develop software at a post production shop that produced DVDs for the Scandinavian market for WB, BV, etc... Disney used to ask me to rip DVDs for them because they couldn't get their hands on their own films due to licensing limitations. So to make local trailers for films, they'd send my pre-release DVDs and ask me to rip them for them.
I often pirate video games, can't find them in the local stores and I won't pay $15 shipping for a $10 disc... I use cracks constantly, I buy games and use cracks so I don't need to leave the disc in.
Oh... I have all 1400 discs ripped to my server so I don't need to screw with finding discs. Also, I'm bloody tired of paying over and over for the same film if my kid scratches the disc. So, both my Wii's are cracked and play from hard disc, my playstation 2 too.
At the moment, I can't hook my DVD player's HDMI up to my projector since it's a cheap projector with only VGA on it. It has RCA also, but when I use it, the speakers in the room start buzzing as the chasis of the DVD player isn't properly grounded. The HDCP crack will solve this. HDFury is a half assed solution, this will allow real solutions instead.
That was an example, moron. Read what I wrote.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
straighten you dick, pee hook.
you're STILL nothing.
There will always be thieves in the world. It is the nature of some people. The proper question you need to answer is why do the honest people need to suffer?
But there is also the fair use issue. And NO, this is NOT a case of fair use being lost because of the thieves. Fair use is lost because the content producers see taking it away as a form of increasing their revenues. They want to force you to buy more copies of the content. If I want to be able to listen to a good song on my computer while posting on Slashdot, and also listen to the same song on my portable player while jogging, they want me to buy it TWICE. Compare this to places like Magnatune
that, instead, play fair with consumers ... and artists.
If your optical media is damaged, they don't want you to be able to play it from a backup source, even though you have paid for the music or movie. They want you to be forced to buy a new copy from them. A copy in which the artist gets less than 10% for music (it would not be good enough for them if you paid the artist directly for the cost of a replacement ... they want you to buy their piece of media ... again).
They also don't want you to resell their media to someone else just because you bought it to see if you might like it, and discover that you don't like it. If you don't like the content, they want you to be stuck with the full cost, regardless (and as such, they don't want you to even preview the content online, such it could mean lost sales because only people that like it would buy it).
now we need to go OSS in diesel cars
So sleep costs you money? Don't be an idiot. You know you are wrong making blanket statements like that so just admit it and shut up.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
perhaps you don't understand relativity or the concept of spending money to make money.
you are either an idiot or would have others believe you are.
is your pee hooked because of your crooked dick? STRAIGHTEN IT OUT, PEE HOOK.
you are NOTHING
You really are incapable of carrying on an adult conversation aren't you?
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.