HDCP Master Key Revealed

solafide writes "The HDCP Master Key has allegedly been revealed. If true, this information will allow anyone to create their own source or sink keys, essentially making HDCP useless for content protection permanently. No word yet on how it was obtained, but if true, this is a great day for content freedom around the world!"

Hooray for freedom

[fnj]

And hooray for common sense. You knew it was hopeless.

Re:Hooray for freedom

[jedidiah]

> how many years, now?

How many years of being obscure overpriced early adopter stuff, or how many years of actually being relevant to most consumers?

Re:Hooray for freedom

[bieber]

I wouldn't say hooray for freedom. If this is a win for freedom, it's only in the sense of breaking out of jail for as long as it takes them to catch you and toss you back in. The answer isn't to keep cracking these "protection" schemes, it's to stop buying into them at all until the companies behind them realize that customers are tired of paying for hardware that actively works against their interests. There seems to be a really dominant mentality among people in the know about these things that it's alright to keep supporting this nonsense monetarily because we'll always find a way to break it. That's all fine and dandy for now, but what happens when they start to get really serious about "protecting their content," and start introducing devices that can't be so easily broken?

Re:Hooray for freedom

[JanneM]

"Because it's always good to make it easier to break the law and steal movies."

Most places explicitly allow backups and format shifting, in addition to excerpting and other fair use exceptions. All of which now become possible where it was not before. No stealing or anything immoral involved.

Re:Hooray for freedom

[sycodon]

A DVD is a tangible good, no different than a book.

Re:Hooray for freedom

[captainpanic]

The more permanent freedom is a matter of time. At some point, lawmakers will be from the generation that also posts on forums, that downloaded mp3's when they were younger (or still do), and that watched 2 or 3 movies illegally when they were students.

The current lawmakers and judges are of a different generation altogether. they paid the equivalent of a good night out (bar / club) for just 10 songs on a piece of plastic that wouldn't last for more than 10 years of you use it frequently.

So, anything that postpones or reverses silly laws and technology is worth a "hooray", as it brings the solution closer.

-- At least, that's the future I hope for. Don't sue me if it turns out differently! ;-)

Re:Hooray for freedom

[drinkypoo]

What other for profit industries can we attack? Maybe someone could come up with a universal electronic key so you can drive any car you want.

Electronic unlock devices already exist. They can be used by locksmiths or other authorized personnel for good. You can buy a variety of security-defeating devices on dealextreme. Have a nice day.

Re:Hooray for freedom

[Albert+Sandberg]

And when you stop buing them they start blaming piracy instead...

Re:Hooray for freedom

Also the 'crimes' being committed are merely civil offenses.

Ah, the classic slashdot myth, repeated so many times that most people here actually believe it. However, the United States criminal code would beg to differ. Ever download $1,000 worth of material in 6 months? Guess what, you committed a crime.

  506. Criminal offenses6

(a) Criminal Infringement. —

(1) In general. — Any person who willfully infringes a copyright shall be punished as provided under section 2319 of title 18, if the infringement was committed —

(A) for purposes of commercial advantage or private financial gain;

(B) by the reproduction or distribution, including by electronic means, during any 180-day period, of 1 or more copies or phonorecords of 1 or more copyrighted works, which have a total retail value of more than $1,000; or

(C) by the distribution of a work being prepared for commercial distribution, by making it available on a computer network accessible to members of the public, if such person knew or should have known that the work was intended for commercial distribution.

(2) Evidence. — For purposes of this subsection, evidence of reproduction or distribution of a copyrighted work, by itself, shall not be sufficient to establish willful infringement of a copyright.

(3) Definition. — In this subsection, the term “work being prepared for commercial distribution” means —

(A) a computer program, a musical work, a motion picture or other audiovisual work, or a sound recording, if, at the time of unauthorized distribution —

(i) the copyright owner has a reasonable expectation of commercial distribution; and

(ii) the copies or phonorecords of the work have not been commercially distributed; or

(B) a motion picture, if, at the time of unauthorized distribution, the motion picture —

(i) has been made available for viewing in a motion picture exhibition facility; and

(ii) has not been made available in copies for sale to the general public in the United States in a format intended to permit viewing outside a motion picture exhibition facility.

(b)(b) Forfeiture, Destruction, and Restitution.—Forfeiture, destruction, and restitution relating to this section shall be subject to section 2323 of title 18, to the extent provided in that section, in addition to any other similar remedies provided by law.

(c) Fraudulent Copyright Notice. — Any person who, with fraudulent intent, places on any article a notice of copyright or words of the same purport that such person knows to be false, or who, with fraudulent intent, publicly distributes or imports for public distribution any article bearing such notice or words that such person knows to be false, shall be fined not more than $2,500.

(d) Fraudulent Removal of Copyright Notice. — Any person who, with fraudulent intent, removes or alters any notice of copyright appearing on a copy of a copyrighted work shall be fined not more than $2,500.

(e) False Representation. — Any person who knowingly makes a false representation of a material fact in the application for copyright registration provided for by section 409, or in any written statement filed in connection with the application, shall be fined not more than $2,500.

(f) Rights of Attribution and Integrity. — Nothing in this section applies to infringement of the rights conferred by section 106A(a).

Re:Hooray for freedom

[jamesh]

he more permanent freedom is a matter of time. At some point, lawmakers will be from the generation that also posts on forums, that downloaded mp3's when they were younger (or still do), and that watched 2 or 3 movies illegally when they were students.

I'm from that generation, more or less, and still think it's pretty rude to download stuff that you didn't pay for. I'm against supporting broken business models that don't let you store the media in the format that's most useful to you (eg on a media center) but that still doesn't mean that you get to download stuff illegally.

The smart thing to do would be to concentrate less on prevention - people are always going to copy stuff no matter what - and focus more on detection. Find the people who are downloading your stuff and get them, rather than making stuff harder for the rest of us.

And it doesn't matter what generation you are from. There will always be someone who's willing to take the media empires money to tow their agenda through the lawmaking process.

Re:Hooray for freedom

[ArsenneLupin]

At some point, lawmakers will be from the generation that also posts on forums, that downloaded mp3's when they were younger (or still do), and that watched 2 or 3 movies illegally when they were students.

Current lawmakers all smoked dope when they were students. That doesn't mean that they are all in favor of legalizing marihuana.

Re:Hooray for freedom

[Mr.+Slippery]

A DVD is a tangible good, no different than a book.

Have they implemented a region scheme for books? Can a book be rendered illegible by a scratch? Is there some scheme in place to prevent you from quoting an except from a book verbatim?

Re:Hooray for freedom

[The+Grassy+Knoll]

At some point, lawmakers will be from the generation that []

Is this why marijuana is now legal in most western countries, the lawmakers being from the generation that first started widely using it...?

.

Re:Hooray for freedom

[MightyYar]

Right, and if I steal an actual DVD, I've stolen a tangible good. Whomever I steal it from will have to cope with a tangible loss. I think what we are talking about is making an unauthorized copy, which may or may not affect the income of the person who holds the government rights to the work.

Re:Hooray for freedom

[supersloshy]

The answer isn't to keep cracking these "protection" schemes, it's to stop buying into them at all until the companies behind them realize that customers are tired of paying for hardware that actively works against their interests.

I agree with your post except for this sentence. The problem with that argument is that most people, quite frankly and quite unfortunately, don't care whether or not something has "DRM or GPL or whatever crap you're trying to convince me to have or not have" (in the paraphrased words of everyone else). Most people don't care about region-lockout, SecuROM-style DRM, HDCP or any of that so long as it "works" for the time being. Most people, instead of caring whether or not their media will play on some out-there FOSS player, just buy whatever player can so they can watch it right then without caring or even thinking about whether or not that DRM will be around long enough for them to not have to re-buy all of their media. I'm almost as anti-DRM as you can get, and it's the depressing truth from what I've found.

Re:Hooray for freedom

[mcvos]

A DVD is a tangible good, no different than a book.

But DRM doesn't prevent anyone from shoplifting DVDs.

Re:Hooray for freedom

[somersault]

I think your problem here should be with people who choose to buy pirated copies of movies, not the technology that allows for copying. Might as well make pen and paper illegal if you want to go down that route. Quit whining.

Re:Hooray for freedom

[blincoln]

Yeah, Bonded and authorized.

A lot of good that actually does. It's easy to make DIY lockpicks from the pieces of spring steel that come off of the metal brushes that street-cleaning vehicles use. Once someone has those, they can make an electric lockpick out of them and a $10 (or less) electric flossing tool.

Re:Hooray for freedom

[putaro]

In general anyone can buy and use lockpicks for legitimate purposes. It's when you possess them with the intent to commit a crime that they are classed as "burglary tools" and get you some extra time.

Re:Hooray for freedom

[IndustrialComplex]

At some point, lawmakers will be from the generation that also posts on forums,

Same generation, different culture.

The Democrat looks at the Republican and wonders how he could believe that. The New Yorker takes a look at the rural farmer and wonders why he would subject himself to that sort of life. The rural citizen wonders how anyone could deal with so much noise. And DC elects Marion Barry. Again.

But if you want the real reason: The people who care about a subject will get their way. Just because some people would vote for/against an issue doesn't mean that they actually care enough about that issue to do anything about it.

Re:Hooray for freedom

[jedidiah]

> A DVD is a tangible good, no different than a book.

Yes it is. I should be able to dispose of that "tangible good" in any manner as I see fit as the owner of that good.

That includes copying it for my own use.

MY individual property rights should not be nullified for the benefit of some corporation or for the sake of some non-right.

Re:Hooray for freedom

[c0lo]

At some point, lawmakers will be from the generation that also posts on forums, that downloaded mp3's when they were younger (or still do), and that watched 2 or 3 movies illegally when they were students.

Current lawmakers all smoked dope when they were students. That doesn't mean that they are all in favor of legalizing marihuana.

And the "flower power" generation had, during 60-ies - 70-ies, some pretty liberal idea about sex ... FF 40 years (they should be in their 60 now) and... try singing that in public, you'll see it's almost as illegal as marijuana.

Re:Hooray for freedom

[Kjella]

People want content, the hardware is just a means to that end. As long as the copyright holder can exclusively decide what DRM will be applied you have no possibility to vote with your wallet short of doing completely without it. Also it's practically impossible to avoid DRM-capable hardware, 99% of all computers today have a DVD drive and thus pay a CSS license and thus support DRM. All graphics cards from Intel, AMD and nVidia support HDCP. Same with any modern TV or monitor.

The only way people win is when DRM is broken, but they are committed to continue selling it. That is the only reason you can still buy DVDs, otherwise they would have moved to DVD 2.0 with new and better DRM long ago. I just hope the combined mass of cable boxes, TVs, recievers, graphics cards, monitors and so on now is big enough they will not be able to implement a new standard. That is how DRM dies, not trying to make them go for a DRM free platform. That we already know they won't.

Re:Hooray for freedom

[Bert64]

The problem is a lack of user education, the average end user doesn't understand how their freedoms are being restricted by such products...
The only way to educate those users, is through the mass media, and unfortunately that mass media is controlled by the very people who are trying to enforce restrictions upon them.

I would much rather media companies work on more competitive pricing and superior products, rather than actively spending their time and money to make their product inferior to the pirate copies. Look at asia, where the cinemas are nicer and companies like nokia are offering much cheaper music services than we get elsewhere, all thanks to the competition from piracy.

Re:Hooray for freedom

[jedidiah]

> or any of that so long as it "works" for the time being

Well. That's the problem with all of this nonsense.

IT DOESN'T and it's only getting worse.

The n00bs won't care why something breaks. They will just get upset when it
does and blame the most convenient target available. This may be the studios
or the hardware vendor depending on the individual.

However, they won't need to understand the situation to lay blame.

Although Big Content might get lucky and get away with stuff like Microsoft did.

No. DRM makes it much more likely that it won't "just work".

The whole "need to patch BD player to play new movie" nonsense is one of the reasons I won't touch that technology yet.

As geeky as I am, I just don't believe that a consumer appliance should be in constant need of patches.

Re:Hooray for freedom

[Vintermann]

it's much more difficult to show your friends a clip from a movie that you don't own.

Especially when George Lucas sues you for making lightsaber noises.

Re:Hooray for freedom

[flink]

The more permanent freedom is a matter of time. At some point, lawmakers will be from the generation that also posts on forums, that downloaded mp3's when they were younger (or still do), and that watched 2 or 3 movies illegally when they were students.

Right, because all those hippies from the baby boomer generation that are in power now have shutdown the military, ended the war on drugs, and prevented racial discrimination in all its forms. Or more likely, 99% of those who make it into power had to sell most of their ideals to the highest bidder or never had any in the first place.

The law makers we have in 20 years will be the same assholes we have now with different faces. Real change comes when the people force the government to take action, not the other way around.

Re:Hooray for freedom

[multisync]

If I remember correctly, in many states, illegal possession of lock picks is generally prosecuted as a felony under the category of possession of burglary tools or similar statutes.

How is this not anything but a lock pick for DVDs?

IANAL, but I'm pretty sure that only applies if you use them for, or are in possession of them while, committing a crime. Hammers can be used to gain illegal entry to someone's property, just like lock picks. If you're advocating for outlawing anything that *can* be used to commit a crime, you'd better be willing to give up a lot.

Regardless, as others have pointed out there are plenty of good, legitimate reasons I might want to "pick the locks" on the DVDs I own. Outlawing the ability of citizens to pick the digital locks on the media they own effectively negates Fair Use, and prevents copyrighted works from entering the Public Domain at the expiration of the term (lolz ... like that would ever happen).

That is why DRM is incompatible with copyright law. Encumberring a work with DRM should result in forfeiture of its copyright.

Re:Hooray for freedom

[Vintermann]

There's a very good one, actually. It's possible to install a program to enable you to read books written for another language region, but it takes several years and a lot of hard work.

Some people are working on automatic cracking tools, but they're not very good.

Re:Hooray for freedom

[Posting=!Working]

Not all of them, but enough of them that it is now legal medicinally in many states and California has legalization for recreational use on the ballot this November. This represents a massive shift in views in the electorate and made it acceptable for politicians to advance these bills.

These things take time. 40 years of telling people that marijuana will make you jump out of a window after stabbing someone in your crazy drug-induced rage backfired when pretty much everyone has either been high or seen enough people high to know that's not what happens. It'll take a while, but a few decades of companies bitching that illegal downloading will cause people to stop making music or movies will eventually have the same effect. It'll be a lot tougher, since there's money behind the **AA lobbying groups, whereas legal marijuana doesn't directly effect any large legitimate financial group negatively.

Re:Hooray for freedom

[Haffner]

I think most of slashdot is pretty clear on the fact that it's against the law - the general consensus here though is that the law is wrong.

Re:Hooray for freedom

[Chrisq]

> A DVD is a tangible good, no different than a book.

Yes it is. I should be able to dispose of that "tangible good" in any manner as I see fit as the owner of that good.

I choose shoving it up the RIAA's arse.

Re:Hooray for freedom

[somersault]

Would you have an ethical problem with someone using one of these devices to access their own car if they lost the key? Do you have any idea how ridiculous that is?

I'm not talking about the law here (which often has little relation to ethics), I'm just talking about what you think is right and wrong. I've always hated the sound of devices which won't let you setup your AV equipment the way you want without paying for a HDCP licensed device. I hate how Apple devices use proprietary connectors and DRM formats to make it awkward to play the movie you rented or purchased on any device you want without doing something illegal. I hate lock-in. I buy all my music, movies and books legally, but I'll only buy from sources that allow me to consume my media in a way that I consider reasonable and convenient.

Re:Hooray for freedom

[Mikkeles]

'... whereas legal marijuana doesn't directly effect any large legitimate financial group negatively.'

Well, not legitimate, but organised crime is heavily dependent financially on drugs being illegal, so they would probably try and finance resistance to legalisation.
Also, police like having drugs be illegal as it helps prop up their power structure.

Re:Hooray for freedom

[srussia]

The more permanent freedom is a matter of time. At some point, lawmakers will be from the generation that also posts on forums, that downloaded mp3's when they were younger (or still do), and that watched 2 or 3 movies illegally when they were students.

Let's run through that last phrase a couple more times: "watched 2 or 3 movies illegally... watched 2 or 3 movies illegally".

It sounds strangely archaic (or dystopian) when said with a straight face like that.

Re:Hooray for freedom

[EasyTarget]

That gets tricky.. what with their heads getting in the way etc..

Re:Hooray for freedom

[starfishsystems]

Current lawmakers all smoked dope when they were students.

Probably not. But many did.

That doesn't mean that they are all in favor of legalizing marihuana.

Probably not. But many are.

Re:Hooray for freedom

[rpresser]

Get this through your head: The cost of maintaining a distribution network -- be it servers in a data center, theaters in malls across the country, or warehouses and trucks -- far exceeds the cost of manufacturing a physical article in bulk. And the cost of CREATING content exceeds them both.

Re:Hooray for freedom

[uglyduckling]

Well, uh... for starters, it's nothing to do with DVDs. HDCP is the copy protection mechanism for display interfaces. The copy protection for DVDs is CSS, which was broken over a decade ago. HDCP is a ridiculous system which makes a display authenticate itself against the playback device before a high definition picture will be displayed. This is purportedly to prevent piracy, however most piracy takes place by decrypting the information on the disk before it's ever output to the display, and copying the raw data.

All HDCP does is limit the freedom of the end user in choosing their display device(s) and creates the risk that a device's key might be revoked. Traditional uses of display equipment, e.g. multiple displays in bars, places of worship, retail etc., is made much more difficult because of the handshaking and key exchanging involved. All HDCP really does is placate ignorant studio bosses whilst making things more costly for the consumer. The 'professional' pirates don't care about it at all.

Re:Hooray for freedom

Current lawmakers all smoked dope when they were students. That doesn't mean that they are all in favor of legalizing marihuana.

Because the alcohol and tobacco lobbies, collectively known as "The partnership for a drug-free America", pay damn good money to buy the lawmakers opinions.

Re:Hooray for freedom

[ultranova]

Exactly! Because Oxygen, Food, Shelter, DVD's, BluRay's and CD's are required to live.

To be fair, entertainment is a need. People who aren't getting any will start doing unbelievable stupid things just for fun, quite likely getting themselves and bystanders hurt. Boredom might not seem like much a threat, but it is.

Of course, making movies would likely be far more interesting than just watching them, and with computing power increasing, it's becoming available to a more and more common person. The biggest obstacle right now is the lack of a suitable program; we need some kind of digital actor system to take out the drudgery of 3D animation.

Re:Hooray for freedom

[kimvette]

So, all those crappy copies of DVDs coming from China will NOT become perfect copies, because the Chinese pirates will obviously only use this technology to create excerpts and backups.

The Chinese won't bother with that - they run the DVD and Blu-Ray replication houses, so all they need to do is run off a bunch of copies and sell them on the side, or use their gear to make DRM-free copies or rip it and make stamped rather than DVD or CD-R copies of those movies.. I've bought one such DVD off of Amazon (it was listed as used, only available from one seller since the DVD was long discontinued) and was pissed. The DVD menus and everything were intact, it was a stamped DVD (as in not WORM/DVD-R) but the silkscreened label was offset, there was no CSS present, and the DVD jacket was offset as well. it came in an envelope originating from China. Why am I pissed even though it was a perfect copy (in fact superior to the original technically since it is DRM-free)? For this reason: DRM obviously did not deter the "pirates" in the least. I have to contend with DeCSS, not having a Blu-Ray player for Linux, blue-screens when putting AV receivers between cable boxes and monitors/television panels, and so on, and the "pirates" are completely unaffected and undeterred in the least.

Re:Hooray for freedom

[L4t3r4lu5]

Get this through your head: Centralised distribution networks cost lots to host and run. How they go about monetising P2P isn't my concern. It does, however, take all of the heartache of high cost hosting out of this.

And the cost of creating content is negligible, as Jamendo is proof of. You can achieve near-studio quality with a Powerbook and a lot of patience. Talent doesn't cost a thing, but it can still make you a lot of money.

Re:Hooray for freedom

[Xiaran]

Why do you need lots of servers in data centres for a P2P distribution network?

Re:Hooray for freedom

[hawguy]

Get this through your head: The cost of maintaining a distribution network -- be it servers in a data center, theaters in malls across the country, or warehouses and trucks -- far exceeds the cost of manufacturing a physical article in bulk. And the cost of CREATING content exceeds them both.

Uhh...I thought the big advantage of electronic distribution was that it's far cheaper than creating physical articles. I can get a server with 100mbit bandwidth + 10TB monthly transfer for $350/mo -- that will let me distribute 300K albums (at 30MB each). Or, one tenth of a cent each. Even if I hosted on Amazon EC2, my costs would be around 0.6 cents per CD.

I don't think you can press a CD for that little, even if you're buying 10 million of them at a time. I'd bet that the setup fee for a big CD run costs more than hosting the website for 6 months or a year.

Whether or not the cost of creating the content costs more than that depends on who the artist is and why they are creating it and what costs are included -- I have friends that burn CD's and give them out for free because they create music for the fun of it. I think their "recording studio" (including hardware and software) cost less than $500.

Re:Hooray for freedom

Also, police like having drugs be illegal as it helps prop up their power structure.

I'm not sure how far you are talking about when you say power structure, but it goes much further than just the people employed by pig forces all over the place.

Politicians get a very useful bogeyman with (some) drugs being illegal. The military have something to fight, keeping them busy (ever noticed how one of the biggest welfare systems in many countries is the military? There are places all over the western world where there are next to no jobs available, but the military. Threaten to take away the military, and these people will be as upset as perceived "dole scroungers". The biggest irony is that those who support the existence and use of monstrous militaries often are opposed to any forms of social security!).

The legal system and industry is one of the biggest beneficiary of the prohibition of some drugs. Lawyers write laws against substances, lawyers prosecute those breaking the rules, lawyers defend those breaking the rules, lawyers judge if you have broken the rules or not. And good luck trying to understand the law if you aren't in their club. The legal industry is one of the biggest rackets in the world! You can't call yourself a lawyer or solicitor unless you have a law degree and belong to a bar society, and the gate keepers to both what is a good law degree and who gets into bar societies are all lawyers. I don't see any accountability to the people when it comes to lawyers, yet we have to deal with them if we want to be in anyway successful in this world. And we have to deal with them if we are destined to be unsuccessful (by the usual social-success yard sticks).

Throw in other factors, like for-profit prisons, the legal drug industries (tobacco, drink, caffeinated products, medicine[1]), a press who's business is driven by shouting about the downfall of society, and the pressure to keep some drugs illegal becomes pretty big!

[1] If people could legally grow a plant in their garden that could be used for many, maybe even a majority, of minor ailments the market for paracetamol/Tylenol would shrink massively.

Re:Hooray for freedom

[Abcd1234]

Get this through your head: The cost of maintaining a distribution network -- be it servers in a data center, theaters in malls across the country, or warehouses and trucks -- far exceeds the cost of manufacturing a physical article in bulk. And the cost of CREATING content exceeds them both.

Well, you're half right: the cost of *both* is actually surprisingly cheap, and is just a small percentage of the total cost of a piece of media.

Re:Hooray for freedom

[icebraining]

The smart thing to do would be to concentrate less on prevention - people are always going to copy stuff no matter what - and focus more on detection. Find the people who are downloading your stuff and get them, rather than making stuff harder for the rest of us.

And how do you propose to implement such "protection" without the constant privacy violations (ISP-wide deep packet inspection, loss of anonymity, etc) we've been hearing about?

While I can perfectly understand that it's "rude to download stuff that you didn't pay for", I don't see any means of prevention/detection that don't violate more important rights.

Re:Hooray for freedom

[MoonBuggy]

HDCP comes alongside HDMI, which has been standard in run of the mill Dell laptops and the like for a while, not to mention games consoles. I see the occasional problem with something as simple as people hooking up a laptop to a projector or TV, simply because there's a handshake and key exchange going on rather than a straightforward connection. I'd say it's been working its way into the offices and living rooms of the average user for three to four years now.

The fact that it's been relatively (but by no means entirely) hassle free so far does not, however, mean that the trend will continue. The companies don't want to go all out with the media restrictions while HDMI is 'new' - it'd just risk causing a backlash and having consumers avoid it. Much more sensible to allow an installed base to build and then bring in the restrictions later. I'm glad to see that yet another piece of useless DRM has (apparently) fallen.

Re:Hooray for freedom

[mikeabbott420]

Americas vast prison system is also a huge industry with a vested interest in marijuana hysteria.
I suspect the alcohol industry may see it as a threat as well. In my experience people who smoke weed abuse alcohol less and that could cause a loss of revenue. Thus the alcohol industry will feed hysteria because they know it is false.

Re:Hooray for freedom

[CRCulver]

Exactly! Because Oxygen, Food, Shelter, DVD's, BluRay's and CD's are required to live.

Most developed countries do consider the arts necessary for quality of life, which is why they massively fund things like films and music. Nearly every CD and DVD I own acknowledges state arts funding. And if the public paid for it, the public ought to be able to access it as they wish, without struggling with DRM.

Re:Hooray for freedom

[StuartHankins]

Don't lump "servers in a data center" in with a physical distribution network. The cost of maintaining servers and their associated HR costs is very small in comparison [to all the other costs], and getting smaller. If I can rent a movie for $1 at any RedBox or BlockBuster Express, I expect it to be even less by downloading it directly. And in some cases (NetFlix, Hulu) it IS cheaper.

The old-style physical content distribution model is dead.

And as far as content creation costs go, it appears a lot of popular / decent movies were created without huge budgets. More and more people are creating their own movies on a shoestring. The tables are tipping from "we provide what we want you to see" to amateur-provided content, and guess who doesn't like it? <tiny violins play softly>

Re:Hooray for freedom

[phyrexianshaw.ca]

Not that I'm a big music producer or anything, but this is exactly my distribution model. I make music/video for fun on: an old DSLR, an 8mm video camera, a computer with open source software, a few m-audio products and a few Shure microphones. all said and done, To cover a 4 man band I think the complete setup cost me about $2500, (though it would have been about $5000 had I bought it all new).

to date, I think I've grossed about ~$3000, having done about twenty or so live shows at $150 a night. production quality if a lot better than the bands expect, and for the cost of my internet connection a month, they get a torrent seed to give away a link to for free copies of the production.

in either case, the total production cost for a band to release a private CD of pretty close to record industry quality, would run about $1200 for 500 discs (including the cost of the venue, mastering, discs, burning, printing, and jewel case construction/design/printing.) with additional discs running about $0.65/disc.

even at $5 a disk, that's still a HUGE profit margin. (assuming instruments and any other equipment needed to preform was already paid for. though not often the case, a few shows and a few happy buyers quickly take care of that)

Re:Hooray for freedom

[master0ne]

and while it is illegal to steal a physical copy of a dvd form a retail store (this would clearly be theft) copying the information ON the dvd is not theft as it does not deprive anyone of the orignal. This is the definition of copyright infringment. Theft is physical, copyright infringment involves using the IDEAS (or the resulting work comming from the idea) of others. The point here is that a stealing a car deprives someone else of that physical good they bought and paid for, copying data however does not deprive anyone of what they have, it results in loss of revenue for the creative mind behind the work (or more likely loss of revenue for the greedy corperate overloards that tricked the creative mind into tranfering rights to their work for a small sum of money).

Re:Hooray for freedom

[Progman3K]

To be fair, entertainment is a need. People who aren't getting any will start doing unbelievable stupid things just for fun, quite likely getting themselves and bystanders hurt.

Darwin wins, Youtube wins, I don't see a problem.

Re:Hooray for freedom

[Americano]

And the cost of creating content is negligible, as Jamendo is proof of. You can achieve near-studio quality with a Powerbook and a lot of patience. Talent doesn't cost a thing, but it can still make you a lot of money.

It is only negligible if your time has no value, or the time of the other people involved in making the music has no value. Most people are not born musical savants - they must learn to play their instrument, they must practice their instrument, they must purchase an instrument (or multiple instruments) to play. To record, they must purchase a powerbook (or a cheap dell), they must purchase the recording software, and they must learn how to use the recording software. They must also then actually get around to *writing their own* music. And while you're doing that, you have to earn money to meet the million other obligations of daily existence - food, clothing, shelter, utilities, transportation... all of this costs money and/or time.

To suggest that the process of making music is more or less zero-cost - "cost of creation is negligible" is either willfuly ignorant or absurdly naive. It requires a lot more than patience. And the ultra-rich rock stars are the exception, not the rule. You'll find a lot more musicians that work shitty waiter and retail jobs to pay the bills while they work on their music, and for whom that $100 they could have brought in off 5-10 CD sales would mean one less shitty double-shift.

Production AND distribution are a very small portion of "content creation," whether it be a P2P distribution scheme, or shipping by trucks to hundreds of stores around the country. If you place any sort of value on the work of the musicians whose music you love, then paying them $10-15 to support their work and help them continue to make music is not an unreasonable expectation. Make an effort to find music produced by independent artists, who market directly to their audience, and support those people.

Re:Hooray for freedom

[DavidTC]

Yeah, that whole 'passed on to customers' meme is idiotic.

It's called supply and demand, people. Companies don't base prices on how much it costs them to make, they base prices based on what the market will pay.

I work for a company that sells a few similar products online. Let me generalize and say one of them is $100, one $200, one $250, etc.

We sell all of the things in the product line, because customers are often looking for a specific one. We'd much rather sell the $100 one, as, because of a special deal with the wholeseller, we make like $50 dollars on that, vs. about $45 dollars on the $200.

But we're not idiots and haven't raised the price of the others, because the market won't stand it! The pricing is utterly unrelated to our cost, it's what everyone else is selling for. If we tried to raise the price, people would shop elsewhere. Likewise, we don't lower the cost of the $100, because people buy it at the current price! (We've tried, we don't get statistically more customers. We do use coupons, though, that works to some extent.)

Pricing is entirely based on what people will pay for things, not what it 'costs' to make. (Obviously, companies aren't going to sell things for less than the cost to make them, but that pushes them out of the market entirely, not makes them sell for more.)

And it's the same idiotic concept in the other direction, that lower corporate taxes let them hire more people. Um, companies hire exactly how many people they think they need to do what they're trying to do. Period. They don't hire 'extra' people because they have money laying around.

Them having more money might, if they were already planning on expanding, allow them to expand sooner, but, hell, that could operate just as easily the other way, jobwise...they now might have the cash to shut down their production line for a month to revamp, resulting in no work for a month and less jobs afterward. 'They might expand' is an idiotic hypothesis...they might automate jobs away with that money instead, if we're in hypothetical land. In reality, 99% of the time, the money is just added profit.

The real fun idea is that less taxes on the superrich might result in more jobs...because the superrich, if they take home more money after taxes, ask to have their salaries lowered so a company can hire some pointless workers, which manages to be an idiotic premise twice over.

Re:Hooray for freedom

"When _my_ generation is in charge ..."

That made no difference for grass. Music will be no different. When your generation is in charge they will be as greedy as mine.

Re:Hooray for freedom

[DavidTC]

No one who is complaining about HDCP is trying to pirate. Cracking HDCP is utterly useless for pirates, and HDCP doesn't stop anything they're trying to do.

The HDCP 'protection' was a delusional attempt by the content providers to get a step ahead of pirate-copy-makers. They fantasized that their current media protection was 'perfect', so figured pirates would start copying from the video connection.

Of course, their protection wasn't perfect, so copier have continued to just strip the DRM off the provided media instead of rigging weird setups to copy from a monitor cable.

Which copiers could do anyway, as HDCP decoders have existed forever. This crack was the master key...before that, you had to buy a 'licensed' piece of hardware that could strip HDCP, which is fairly easy to get, although you have to order from overseas. With this crack, now, you can simply record the encrypted signal and decode it, I guess. (Maybe not, though.)

But no copier did that, or will start doing that. They'll just remove the BlueRay or cable encryption instead, like they've been doing.

In short, HDCP was 'second-level' DRM, which required, as a base assumption, that no one would be able to decode DRM before it get outputted, so HDCP was an attempt to protect the output. As people can decode the DRM before output, it's, um, utterly pointless to crack.

Even if copiers were copying from there, none of that has anything to do with 99.9999% of pirates, who download copied movies,and thus could give a flying fuck where the copy came from. Any HDCP connections will display a pirated video as well anything else.

Re:Hooray for freedom

[PybusJ]

When i was young it was considered rude to take sweets from the local shops without paying, yet some proportion of the shops stock was stolen. Shopkeepers have reacted (and technology has moved on) and it is now standard for shops to be recording CCTV, as well as implementing policies such limiting the number of school age kids in the shop at one time. This is not without privacy implications, but society has in general accepted it.

Copyright infringement is not an exact analogy with theft, as is regularly pointed out on /. , but there are some valid comparisons to be made.

I'm not at all convinced that society in general agrees that you have fundamental rights in the are of network packet inspection and online anonymity. I'm sorry if that's news to you.

For myself, I'm not a fan of DRM: it gets in the way of what I consider legitimate use of content I pay for (such as playing it on a variety of hardware, including my linux machines, and being able to access it in the future), and I'm not prepared to pay for content which is locked behind DRM. This does limit my access to a variety of culture in digital form, but at least for now, it's a limitation I can live with. But that doesn't mean I believe I should be given something for nothing, or that just because I can now pay for clean mp3s, that entitles me to spread them as widely as I like.

Re:Hooray for freedom

[geekoid]

Just so you know

section 1 violation is A AND(B or C)

Re:Hooray for freedom

[ultranova]

What on earth are you talking about?

Business.

Price is driven by cost of development - of course it is. If it weren't, then companies would be selling a product for a price floated on the market as you suggest, and then finding themselves out of capital b/c their total income would be *less than* their total expenditures.

No. Cost of development is a sunk cost. Once it's paid, there's nothing to do but to try and maximize your income. If the total income - number of units sold * (price per unit - cost per unit) - is less than price of development, then yes, the company will be running a deficit rather than profit on that product. That's precisely why they often conduct market surveys before investing in R&D.

How they recoup their dev costs depends on the business model, but to suggest that dev costs don't impact pricing is just nonsense.

It's math, and unless and until you understand it - and I mean really understand it - you better not try to run a company, for your own sake, because you will fail miserably.

To recap: profit = number_of_units_sold * (price_per_unit - cost_per_unit) - cost_of_development, where number_of_units_sold is a function of price_per_unit, benefit per unit to the buyer and human psychology.

Seriously, all aspiring businessmen: read this and understand it. If you can't, you can't succeed. There is no way around this.

If one company has lower dev costs than another, they have what's known as "competitive advantage" -- they can create new products with equal value to the consumer at a lower cost. That company now has a viable option (not available to their competitor) to float their product to the market at a price lower than their competitor, and still make positive net revenue.

Of course they do. That's perfectly in agreement with the equation and its implications. After all, they make the same profit with less (price_per_unit - cost_per_unit), since their cost_of_development is lower.

However, in the long run, for long-selling goods, the cost_per_unit is the dominating factor. That's why it's often a good idea to spend some extra R&D to make sure your manufacturing processes are as efficient as possible. Experience shows that this is especially true of goods with low cost_per_unit. In the bottom end are Internet-downlodable games, where all of the costs are in cost_of_development, and cost_per_unit is for all practical purposes zero; in such items, it's almost always beneficial to decrease the price, since it increases the sales a lot - a hundred times as many people pay for a $1 game than $10 one, adding up to 10-time profits.

In the very extreme end of this, Girl Genius, Dwarf Fortress and The Freenet Project seem to survive entirely on donations/auxiliary sells. But then again, they are bringing something valuable and wonderful to the Internet, unlike most corporations.

Re:Hooray for freedom

[SanityInAnarchy]

HDCP comes alongside HDMI,

Not necessarily. In fact, HDCP is independent of HDMI, and works just fine over DVI-D. The reverse is also true -- HDMI can work as essentially DVI + audio, without HDCP at all.

Re:Hooray for freedom

[erroneus]

You know, that's not necessarily true. Some people, like me for example, just want to be able to connect devices through my home stereo equipment. I am the unfortunate owner of a NewEgg.com-sold Yamaha AV receiver that sports HDMI 1.0 in and out. I am not trying to be a pirate. I just want to connect my stuff through my amplifier.

This is great news for me because this will enable the creation of inexpensive [read: Unlicensed] conversion devices that will enable me to make use of my AV receiver as intended.

I really don't appreciate that copyright interests have decision-making ability to determine how I can connect my home AV system. They did it with Macrovision which disabled my ability to connect my DVD player through my VCR. (I had a cheap TV with only channel 3/4 as the input method and my VCR was using that... the VCR had RCA audio and video in, though, and I could use that to connect my very first-ever DVD player to my TV via the VCR... but no... I "might" copy a DVD to a VHS tape, so they decided to break it.) They tried to do the same thing with "broadcast flag" legislation to force all devices in the U.S. to respect the broadcast flag and not record programs from over the air. (What ever became of that? Did it fade away or return silently?)

I am a copyright violator. I'm not denying that. But my first experience with HDCP was by trying to connect my XBox360 to my TV through my AV amp which is, in my opinion, a perfectly legitimate use... before that time, as with my first experience with Macrovision, I didn't even know what HDCP was! HDCP is part of a paranoid market's desire to control how and where content is accessed. It shouldn't be their right to dictate this. They shouldn't even be able to prevent me from copying things as "fair use" is a legally acceptable reason for doing so... and yet they are allowed to attempt to block it.

I don't like it when legitimate purposes and uses are blocked because someone might use those methods for illegitimate purposes and uses.

Re:Hooray for freedom

[Hashi+Lebwohl]

Books, yes, I believe so. I only found this out beacuse I was shopping around on Amazon the other day, looking for books from a particular author. I live in Australia, and have downloaded heaps of books from Amazon, no troubles. Then I came across a book I wanted to read, went to buy it, and Amazon kindly informed me that this book was not for sale in my region! Sucks if you ask me.

Odd

[DavidR1991]

On twitter, the original link to the pastebin is from 'IntelGlobalPR'. Is that a fake account, hacked, or is this actually a publicity stunt from Intel for something?

Re:Odd

[bsDaemon]

Some one had made a similarly named account with regards to BP during the height of the oil spill issue and used it to basically be a dick about various things, or so I heard on NPR. I quit using twitter months ago. I would expect its a fake account name. That doesn't sound like the sort of name that the "official" Intel twitter account would use.

Man

[The+MAZZTer]

I can't wait for THIS number to be turned into a song!

So can someone answer this:

[ihatewinXP]

How will this actually become practical?

From my understanding this breaks the HDMI cable protection, more than anything re-opening 'the analog hole' except with full digital goodness if someone hacks the firmware on a player they can then use the signal freely. Expect many more downloads from 'the usual sources' of HD content....

Will be interesting to see how the industry reacts to this. As all these machines today have upgradeable firmwares and internet connection that wont be able to totally close this break in the hardware spec itself but may cause problems for those seeking to exploit this leak. As we know these companies are more than used to harassing customers for their own interests.

I for one welcome the new freedoms that come with this. Too many devices out now based on the standard for the industry to change overnight - the cat is out of the proverbial bag.

Re:So can someone answer this:

[jeffmeden]

There are plenty of picture-perfect copies of digital media out there already, that's the bitterly ironic thing about DRM as it sits today; the people just trying to play by the rules are getting stuck buying more expensive, less compatible equipment while the pirates use software techniques to get whatever content they want, however they want it, with relative ease.

If HDCP didn't exist, there would still be legal battles over what kind of hardware was legal to sell (like bluray copiers, "open" DVRs, etc). If it were to go away tomorrow, the possible upside would be more software tools available to do things like media backups, software DVR of "protected" content, and more choices when it comes to what kind of TV/monitor you can use with a media source like a bluray player or cable box. Again, ironically, I wouldn't expect genuine piracy to be helped at all by this, and by and large people buying gear off the shelf at Best Buy will never know what happened.

Re:So can someone answer this:

[Coopjust]

From what I understand,the leak makes revocation useless:

"The master key allows you to recover every other key in the system and lets you decrypt [HDCP video content], impersonate a device, or create new displays and start selling HDCP compatible devices."

While [Intel and content providers] are spending millions on HDCP, he says, they will be denied the benefits of research that can help fix the technology. Ferguson predicts that a year from now, someone will post a HDCP master key on the Internet, and the money spent on the system will be wasted.

Upgrading the firmware of players to disable HDMI altogether isn't possible at this point. I'm not sure of the exact process, but since you can make new displays, you can create a device that just makes up a random one if it doesn't handshake in five seconds. Also, you can impersonate any existing device- and blocking every existing monitor on the market isn't feasible either.

Re:So can someone answer this:

[Vertana]

If you hooked your HTPC to your non-HDCP compliant display, you could possibly modify your device driver to decode the HDCP encryption and be able to view content at full 1080p on your non-HDCP compliant display. Alternatively, someone might be able to implement it in hardware and provide a cheap device to lay in between your device and non-HDCP display to decode the stream on the fly. All of this... just so people can watch content at full HD on the monitor they legally paid for.

yup

[Pojut]

Further proof that DRM is, for all intents and purposes, completely useless other than pissing off "honest" consumers.

Re:Isn't this like AACS

[jdong]

No, this is actually the master key that you can use to generate vendor keys -- changing this key would break compatibility with existing HDCP equipment!

Maybe a manufacturer gets my money now

[tonique]

Let's see... I have been postponing buying a blu-ray player or drive until the protection is broken. Maybe a manufacturer will get my money if this is true!

Who revealed it

[iONiUM]

There's just one key, and they never expected this to happen? "But.. but, well, we just never expected someone to give it out. It was umpossible."

What kind of security is that? Quite frankly I hope corporations continue to be stupid, so we can continue to break their stupidity with our key mastering abilities.

Re:Who revealed it

Nobody had to give it out. The encryption is weak, and it has been known for a long time that it would be possible to derive the master key given data from a sufficient number of devices. I'm surprised it took this long for someone to actually do it.

Re:Who revealed it

[Iphtashu+Fitz]

Actually the master key doesn't exist on all devices. The master key is theoretically kept private and managed by the consortium that oversees HDCP. When a new vendor comes along then the HDCP consortium generates a sub-key from the master key and assigns it to that vendor. The vendor then uses that sub-key to create "sub-sub-keys" for each device they manufacture.

If a device key is compromised then the vendor can revoke it and issue a new sub-sub-key for the device. The HDCP consortium could also revoke the sub-key for the vendor, thereby invalidating all the vendor devices, if necessary.

The problem with the HDCP encryption is that if you have enough of those device keys (50 or so according to reports) then with a bit of grunt work you can reverse-engineer the HDCP consortium master key. That's apparently what happened in this case.

Re:Who revealed it

[Twinbee]

Why did they bother to use weak encryption? Is it not trivial to make longer formulas etc. ?

Re:Who revealed it

[atamido]

Why did they bother to use weak encryption? Is it not trivial to make longer formulas etc. ?

There are two possible answers.

1. They didn't get smart enough people to design the system (see DVD CSS).

2. The complexity of the key system was limited so as to allow small/cheap/embedded devices to implement it with limited processing power and speed.

I'd say option 2 is more likely, but wouldn't be surprised with option 1.

Content Freedom?

[wilsone8]

Why is I when I read "content freedom", I have a feeling you mean your ability to copy movies from torrent and avoid having to pay anyone for the huge investment and hard work they put into making movies. Sure, that's not what everyone will use it for, but it seems like most will. That's not something to cheer about in my book, but to each his own.

Re:Content Freedom?

[Cyberax]

How come movie industry hasn't died after the invention of VHS tapes?

Re:Content Freedom?

[ledow]

Because, as in all things, most people are honest.

If I want a movie, I buy it. That might mean buying it second-hand, or buying it from a friend, but I don't do the shady deals in pubs with strangers. Most people are like me, and most people actually pay for stuff. VCR's and DVD-R's are, of course, used for piracy - because they are recording devices. But if you didn't have those, people have camcorders, or webcams, or any one of a million and one recording devices.

The recording device, or the technology built into any recorded media, does not stop anything, at all, ever, except genuine, honest customers doing something quite reasonable. Anyone who wants an illegal copy can get one in any one of a million different ways. Hell, the early DVD rippers basically screenshotted the screen of a DVD player so many times a second and recorded the audio. It's not hard at all, because of the "analog hole". But the only people who bother to go to that amount of effort are established pirates and those who genuinely believe they are doing something quite reasonable and should be allowed to do it.

Despite popular opinion, that's NOT the majority of people.

Re:Content Freedom?

[size1one]

A 2-pass 1080p x264 rip+encode takes much longer than the runtime of the movie, unless you have a very nice computer. You could rent any movie you wanted from a video store. but those things are irrelevant, the movie industry hasn't died. It's making as much money as ever.

Re:Content Freedom?

[denmarkw00t]

Speaking as someone who has partaken in piracy from time to time, I see your argument a lot. While piracy may be bad in the sense that you're stealing from hard working individuals, supposedly, I can guarantee to you that almost every show I've seen in the last 6 years, every CD I have purchased, every movie I paid to see or own or rent, would not have seen my hard earned cash without piracy first. It's the truth. I wouldn't have listened to nearly any of the artists I do now without piracy as I would have heard one or two tracks and not bought the CD - the Big Music industry ruined that for me when I paid for CDs because of singles on the radio to find that the whole CD was crap, save for that one song. Now I can know if a CD is good or not before devoting my money to it. I pay to go see bands that need my money and otherwise wouldn't have seen it because of piracy. I paid for videogames I may have been apprehensive about buying because of piracy. Piracy is almost the wrong word for it, really.

As another quick example - this past weekend I ran across some blog posts talking about an iPhone app called TouchOSC. Cost: $4.99. I pirated it with Installulous and gave it a test drive. At first I didn't know how I was going to make good use of this app. Then I ran across a program for OSX called OSCulator. Cost: Minimum $19, Preferred: $39. Also, they distribute a trial. After playing with the two, I've decided that tomorrow's paycheck is going to pay for a copy of both. While I could pirate both, I believe the developers deserve my money because they have created quality products, and no matter how many videos or demos of the two you could show me online, if I hadn't been able to run them in my setup and know how they are relevant to MY work flow, I wouldn't dream of forking over $35 (I plan to pay $30 for OSCulator).

Re:Clever idea to slashdot the site with the key..

Here you go:

HDCP MASTER KEY (MIRROR THIS TEXT!)

This is a forty times forty element matrix of fifty-six bit
hexadecimal numbers.

To generate a source key, take a forty-bit number that (in
binary) consists of twenty ones and twenty zeroes; this is
the source KSV. Add together those twenty rows of the matrix
that correspond to the ones in the KSV (with the lowest bit
in the KSV corresponding to the first row), taking all elements
modulo two to the power of fifty-six; this is the source
private key.

To generate a sink key, do the same, but with the transposed
matrix.

6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9
82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6
1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39
b3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e
2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378
672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d
07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc32c7e63
1d6b501ae0f003 f5a8fcecb28092 854349337aa99e 9c669367e08bf1 d9c23474e09f70

3c901d46bada9a 40981ffcfa376f a4b686ca8fb039 63f2ce16b91863 1bade89cc52ca2
4552921af8efd2 fe8ac96a02a6f9 9248b8894b23bd 17535dbff93d56 94bdc32a095df2
cd247c6d30286e d2212f9d8ce80a dc55bdc2a6962c bcabf9b5fcbe6f c2cfc78f5fdafa
80e32223b9feab f1fa23f5b0bf0d ab6bf4b5b698ae d960315753d36f 424701e5a944ed
10f61245ebe788 f57a17fc53a314 00e22e88911d9e 76575e18c7956e c1ef4eee022e38
f5459f177591d9 08748f861098ef 287d2c63bd809e e6a28a6f5d000c 7ae5964a663c1b
0f15f7167f56c6 d6c05b2bbe8800 544a49be026410 d9f3f08602517f 74878dc02827f7
d72ef3ea24b7c8 717c7afc0b55a5 0be2a582516d08 202ded173a5428 9b71e35e45943f

9e7cd2c8789c99 1b590a91f1cffd 903dca7c36d298 52ad58ddcc1861 56dd3acba0d9c5
c76254c1be9ed1 06ecb6ae8ff373 cfcc1afcbc80a4 30eba7ac19308c d6e20ae760c986
c0d1e59db1075f 8933d5d8284b92 9280d9a3faa716 8386984f92bfd6 be56cd7c4bfa59
16593d2aa598a6 d62534326a40ee 0c1f1919936667 acbaf0eefdd395 36dbfdbf9e1439
0bd7c7e683d280 54759e16cfd9ea cac9029104bd51 436d1dca1371d3 ca2f808654cdb2
7d6923e47f97b5 70e256b741910c 7dd466ed5fff2e 26bec4a28e8cc4 5754ea7219d4eb
75270aa4d3cc8d e0ae1d1897b7f4 4fe5663e8cb342 05a80e4a1a950d 66b4eb6ed4c99e
3d7e9d469c6165 81677af04a2e15 ada4be60bc348d dfdfbbad739248 98ad5986f3ca1f

971d02ada31b46 2adab96f7b15da 9855f01b9b7b94 6cef0f65663fbf eb328e8a3c6c5d
e29f0f0b1ef2bf e4a30b29047d31 52250e7ae3a4ac fe3efc3b8c2df1 8c997d15d6078b
49da8b4611ff9f b1e061bc9be995 31fd68c4ad6dc6 fd8974f0c506dd 90421c1cd2b26c
53eec84c91ed17 5159ba3711173b 25e318ddceea6a 98a14125755955 2bb97fd341cea2
3f8404769a0a8e bce5c7a45fb5d4 9608307b43f785 2a98e5856afe75 b4dbead4815cac
d1118af62c964a 3142667a5b0d14 6c6f90933acd3d 6b14a0052e2be4 1b1811fda0f554
12300aa7f10405 1919ca0bff56ea d3e2f3aad5250c 4aeeea5101d2ec 377fc499c07057
6cb1a90cdb7b11 3c839d47a4b814 25c5ac14b5ec28 4ef18646d5b9c2 95a98cc51ebd3b

310e98028e24de 092ffc76b79f44 0740a1ca2d4737 b9f38966257c99 a75afc7454abe4
a6dd815be8ccbf ec2cac2df0c675 41f7636aa4080f 30e87b712520fd d5dfdc6d3266ac
ee28f5479f836f 0bf8ee2112173f 43ae802fa8d52d 4e0dffd36c1eac 3cbda974bb7585
fb60a4700470e3 d9f6b6083ef13d 4a5840f02d0130 6c20ef5e35e2bf dad2f85c745b5b
61c5ddc65d3fc9 7f6ec395d4ae22 2b8906fb3996e2 e4110f59eb92ac 1cb212b44128bb
545afda80a4fd1 b1ffea547eab6b fac3d9166afce8 3fe35fe17586f2 9d082667026a4c
17ffaf1cb50145 24f27b316acfff b6bb758ec4ad60 995e8726359ef7 c44952cb424035
5ec53461dbd248 40a1586f04aee7 49ea3fa4474e52 c13e8f52c51562 30a1a70162cfb8

ccbada27b91c33 33661064d05759 3388bb6315b036 0380a6b43851fb 0228dadb44ad3d
b732565bc37841 993c0d383cfaae 0bea49476758ac accc69dbfcde8b f416ab0474f022
2b7dbcc3002502 20dc4e67289e50 0068424fde9515 64806d59eb0c18 9cf08fb2abc362
8d0ee78a6cace9 b6781bd504d105 af65fab8ee6252 64a8f8dd8e2d14 cb9d3354e06b5b
53082840d3c011 8e08

Monetization != bulletproof protection

[Bruce+Perens]

Monetize your content all you want. Prosecute illegal distribution. Just let me play it with my own device and software.

Re:Monetization != bulletproof protection

[jedidiah]

The MAFIAA/RIAA doesn't prosecute illegal distribution.

They use grossly inappropriate laws intended for professional pirates on housewives.

They bully people with barratry suits.

The seem to ignore the real commercial pirates that might actually be "stealing" paying customers from the industry.

Instead they engage in the sort of thing they tell you to avoid the first day of law school (suing non-solvent parties).

Re:Monetization != bulletproof protection

[Lunix+Nutcase]

The seem to ignore the real commercial pirates that might actually be "stealing" paying customers from the industry.

They only "seem" to be ignoring these people because either the stories don't make a frontpage headline or you are just being willfully ignorant. The MPAA/RIAA go after commercial pirates, such as Hong Kong and Russian bootleggers, on a regular basis.

I AM THE GOD OF HELLFILE AND I BRING YOU ...

The HDCP Master key !! so now you can burn, Burn, BURN !!

Re:I AM THE GOD OF HELLFILE AND I BRING YOU ...

[ScrewMaster]

fire?

Well, whether he meant Fire or File, it's still a pretty funny use of Arthur Brown's FIRE.

Re:Proof?

[guruevi]

1. HDCP MASTER KEY (MIRROR THIS TEXT!)
2.
3. This is a forty times forty element matrix of fifty-six bit
4. hexadecimal numbers.
5.
6. To generate a source key, take a forty-bit number that (in
7. binary) consists of twenty ones and twenty zeroes; this is
8. the source KSV. Add together those twenty rows of the matrix
9. that correspond to the ones in the KSV (with the lowest bit
10. in the KSV corresponding to the first row), taking all elements
11. modulo two to the power of fifty-six; this is the source
12. private key.
13.
14. To generate a sink key, do the same, but with the transposed
15. matrix.
16.
17.
18. 6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9
19. 82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6
20. 1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39
21. b3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e
22. 2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378
23. 672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d
24. 07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc32c7e63
25. 1d6b501ae0f003 f5a8fcecb28092 854349337aa99e 9c669367e08bf1 d9c23474e09f70
26.
27. 3c901d46bada9a 40981ffcfa376f a4b686ca8fb039 63f2ce16b91863 1bade89cc52ca2
28. 4552921af8efd2 fe8ac96a02a6f9 9248b8894b23bd 17535dbff93d56 94bdc32a095df2
29. cd247c6d30286e d2212f9d8ce80a dc55bdc2a6962c bcabf9b5fcbe6f c2cfc78f5fdafa
30. 80e32223b9feab f1fa23f5b0bf0d ab6bf4b5b698ae d960315753d36f 424701e5a944ed
31. 10f61245ebe788 f57a17fc53a314 00e22e88911d9e 76575e18c7956e c1ef4eee022e38
32. f5459f177591d9 08748f861098ef 287d2c63bd809e e6a28a6f5d000c 7ae5964a663c1b
33. 0f15f7167f56c6 d6c05b2bbe8800 544a49be026410 d9f3f08602517f 74878dc02827f7
34. d72ef3ea24b7c8 717c7afc0b55a5 0be2a582516d08 202ded173a5428 9b71e35e45943f
35.
36. 9e7cd2c8789c99 1b590a91f1cffd 903dca7c36d298 52ad58ddcc1861 56dd3acba0d9c5
37. c76254c1be9ed1 06ecb6ae8ff373 cfcc1afcbc80a4 30eba7ac19308c d6e20ae760c986
38. c0d1e59db1075f 8933d5d8284b92 9280d9a3faa716 8386984f92bfd6 be56cd7c4bfa59
39. 16593d2aa598a6 d62534326a40ee 0c1f1919936667 acbaf0eefdd395 36dbfdbf9e1439
40. 0bd7c7e683d280 54759e16cfd9ea cac9029104bd51 436d1dca1371d3 ca2f808654cdb2
41. 7d6923e47f97b5 70e256b741910c 7dd466ed5fff2e 26bec4a28e8cc4 5754ea7219d4eb
42. 75270aa4d3cc8d e0ae1d1897b7f4 4fe5663e8cb342 05a80e4a1a950d 66b4eb6ed4c99e
43. 3d7e9d469c6165 81677af04a2e15 ada4be60bc348d dfdfbbad739248 98ad5986f3ca1f
44.
45. 971d02ad

The viewpoint from two worlds

[Bruce+Perens]

I paid for my home with my share of Pixar's IPO. And I'm an Open Source evangelist. So, I'm in both worlds where this is concerned.

What I think is fair is for infringing redistribution of copyrighted content to be prosecuted as necessary. You really don't have the right to give all of the internet a copy of that Hannah Montana song. But when I have paid or done whatever is appropriate to gain the right to view that media on my LG TV, I should have the right to view it on my Linux system too.

So, basically I am for content creators having the right to monetize their work and against having an electronic cop in my TV room. And I'm against having Free Software locked out of being a player.

I hope the key is real and that it's really this simple. I am not equipped to test it today but I'm sure someone here is.

Re:The viewpoint from two worlds

[guruevi]

It gets worse actually, with HDCP you cannot use signal splitters or other devices like scalers or converters that are frequently used in professional projection and scientific setups. If you do, you will get snow (not immediately, just sometime down the road when somebody has loaded HDCP protected content) on the whole display (not just the content) making those things useless. If you use a splitter for example, you have to go out of your way and buy another device ($80) to sit on the primary channel to make sure it can't negotiate the HDCP encryption. But HD content will still play even if you don't have an HDCP-compatible setup (as there is no content I know off yet that forcefully locks people out of their Chinese/Wal-Mart TV/Blu-Ray el-cheapo knockoff setup), it's just that if you do have an HDCP-compatible setup (and you paid good money for eg. Dual-DVI KVM, splitter, displays and projectors with high-res 120Hz signals for scientific research), it will malfunction.

Re:The viewpoint from two worlds

[Dr_Barnowl]

... the perfect copy machine, why shouldn't we use it? ... Star Trek ... Replicator

In a "Replicator" society, there are only two commodities ; matter and energy.

Matter you can get from most places, with the right tools and a variable amount of energy. Energy you can collect for yourself with the right arrangements of matter.

In such a society, there is no excuse for everyone not to be physically wealthy. I'm not talking about gold toilet seats and yachts, I'm talking about there being no excuse for anyone lacking food, water, and shelter.

But we don't live in such a society yet (I'm optimistic that it's possible within my lifetime). We still have an economy of scarcity (whether you believe that's artificial or not). Perhaps if and when we solve this problem, we will have collectives of people, who because they are freed up from the constraints of having to struggle to survive, who can just get together and make movies because it's freaking awesome. But until then, artists need to eat. I'm not saying that the current means of achieving that is equitable or fair, but it sorta-kinda works, in that works of art are produced and that you don't see masses of dying artists on the 9 o'clock news.

Why should I pay you for something that costs you next to nothing?

The first answer is there in your question ; it doesn't cost nothing - even if you concede that it's "next to nothing", zero is not the same thing as more-than-zero.

The second answer is that it costs a lot more than next to nothing. Did you ever see the credits for a Pixar movie? They roll on for a looong time. Sure, the marginal cost of duplication is small, but the up front cost is huge. Yes, Hollywood accounting is bent and evil. Yes, they'll claim that the movie didn't make any money while rolling in piles of greenbacks. Yes, I disapprove of that. No, I don't think that all those people should entertain me for nothing but kudos and job satisfaction - unless they are all independently wealthy, just like everyone on Earth should be in a Replicator economy.

Re:The viewpoint from two worlds

[anUnhandledException]

That has nothing to do with HDCP.

It simply is a limit of toslink (optical digital connection).
Essentially toslink standard definies what your receiver "expects" to come down the pipe.

It expects (and thus can property handle)
DTS
Dolby Digital
2 channel stereo uncompressed

If something else (DTS-HD, Dolby TrueHD, 7.1 channel uncompressed) came down the pipe your receiver would simply not "understand" the data.

If you took the movie, stripped all the encryption off of it and played it on hardware without HDCP you would have the exact same limitation.

Hell, yes, hooray for freedom!

[KingSkippus]

Because it's always good to make it easier to break the law and steal movies.

No, because it makes it easier for you to use your content that you paid for with your hard-earned cash the way you want to instead of how some third party who doesn't have your best interest at heart (and who only wants to get their greedy fingers on the aforementioned hard-earned cash, whether they've earned it or not) would like to make you pay for it over and over for making personal copies, displaying on alternate devices, etc.

The ability to infringe copyright is simply a side effect. Yes, some people may use it for that purpose. I won't.

When they invented the car, are you the type that sarcastically would have said, "Because it's always good to make it easier to to get away after robbing a bank. What other law-breaking things can we invent? Maybe someone should add sound to our good ol' silent films so that people can break the law by singing copyrighted songs."

Re:Hell, yes, hooray for freedom!

[asdfghjklqwertyuiop]

That'd be my pictures, whatever I wrote (and didn't sign away copyright for), music I created...
That's my content

Your pictures or your music are not machines capable of following instructions. My media player is, and since it is my machine it ought to follow my instructions, not yours. If I tell my machine to display your pictures on a screen that wasn't "authorized" by somebody then just that's what it ought to do.

Re:Complete fail.

[ledow]

Like all encryption systems - if you learn enough about the keys, you can crack them and recover the original keys. In this case, just 40 devices with HDCP and a lot of mathematics is virtually guaranteed to recover the master key.

Don't use encryption to secure a digital product. It *will* fail because, at some point, you have to give people a key to access that product - thus they have access to the decrypted stream and to a number which is reliant on the private key. Encryption does NOT take account of protecting against an authorised user with a valid decryption key, or numbers of those users working in a concerted effort to crack your encryption. It's a misuse of the technology and any company that claims the opposite (e.g. all DRM companies) are lying to you.

No

[wzinc]

This is not a good day for content freedom. If true, this is a good day for the entertainment industry to try and lock-down media even more, or simply make it unavailable in a way consumers want. Piracy goes up, and they attempt to figure-out what's wrong while honest consumers suffer.

Read beyond the summary.

[goodmanj]

In particular, read
    http://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection
and
    http://en.wikipedia.org/wiki/Blom's_scheme

Some key (heh) facts:
* This key is not stored in high-def devices themselves, nor does any manufacturer possess it. This is the key used to *make* individual manufacturers' keys.
* The generated manufacturers' keys are set up in a way that device A and B can communicate secretly without knowing each others' keys.
* Because of the way this system works, if enough individual manufacturers' keys are known, one can figure out the master key. In this case, "enough" is 40.

Important point: it's not like some random tech at Sony got fired and decided to blow the whole thing wide open. If it's a leak, it's a leak from just one or two specific keyholders at Intel, who developed the system. But it doesn't have to be: any random person with 40 different Blu-Ray players and a whole lot of cleverness could potentially figure this out.

Re:Read beyond the summary.

[goodmanj]

As far as I can tell, yes. Which is almost mind-bogglingly stupid. Keep in mind that it's not enough to just have 40 HDCP devices, you also have to crack them all, which involves either some really clever known-plaintext attacks or disassembling the firmware on each device. But if you can do it once, you can do it 40 times, so the only way to avoid having the master key leak is to never release that 40th manufacturer's key.

Re:Read beyond the summary.

[radtea]

This is the key used to *make* individual manufacturers' keys.

I haven't paid much attention to the whole HDCP mess as I've seen that movie before, but this simple fact is the most astonishing thing in the whole account.

There are only two possible outcomes to a set-up that depends on a single master key like this:

1) the key gets out. For a technology that is supposed to be around for decades this is as near to inevitable as can be, even if it couldn't be reverse-engineered. Even if 99.99% of the attempts to find or leak it fail, only one has to succeed and the key is out there forever.

2) the key gets lost. Most organizations suck at data management, and if there are few enough copies to be safe there are few enough copies to lose over the course of decades. My only regret now is we'll never see headlines that read, "MPAA asks hacker community to reverse engineer lost secret key".

I'm half-way tempted to go into the DRM business. If you're being paid buckets of money to build something that you know won't work it never matters if you fail. Wouldn't that be nice?

Re:Read beyond the summary.

[goodmanj]

1) is clearly a problem, but I don't think you have to worry about 2) losing the master key.

From a mathematical standpoint, if I understand the linear algebra right, the key-generating authority could ask each manufacturer to send back a copy of their individual key: it would be easy to construct a new master key matrix which is compatible with all the manufacturers' keys. It might not be exactly the same as the original, but it wouldn't matter.

From a practical standpoint, bureaucracies are pretty good at not losing important pieces of paper. Keeping them *secret*, on the other hand, is more difficult.

Re:Read beyond the summary.

[goodmanj]

I was using shorthand: by "40 different players" I meant 40 different keys.

It's not clear from what I've read whether these keys are distributed 1 per manufacturer, 1 per device model, or god forbid one per device. It is clear that revoked / deleted keys can still be used to help decipher the master key.

Re:there is no more excuse to steal movies

[pyite]

only excuse you may have is that you're outside the USA and want US content

Or if I want to use it under my terms and my choice of file format. On my choice of device. Using my choice of "unsupported" operating system.

It's people like you who let us get into this sort of situation in the first place.

Re:Proof?

[xtracto]

Cryptome has an interesting reading on the weakness of the key

Re:Isn't this like AACS

[the_other_chewey]

If i look at the pastbin post this is just a complex way to publish 40 keys, not ONE master key

It's the master key matrix - not an HDCP key by itself, but THE key to generate all valid HDCP keys.

New Prometheus all over again

[tekrat]

I predict Sony will announce Blu-Ray2 tomorrow, and now you have to dump all your existing HD equipment and buy their newfangled crap with a different master key. All your existing investment in HD crap must be tossed in the trash.

Think of the boom to the economy if every American has to buy their movies ALL OVER AGAIN, for the 4th time, as well as replace their player, TV and the expensive cable between them.

Oh yeah, firmware update to PS3's that prevent playing Blu-Ray. Sony changes tagline for PS3 commercials to "It only does nothing".

Either that, or here comes Toshiba with HD-dvd-2... Div-X anyone?

This could signal the end of physical media. My prediction is that media companies will start selling only executable packages that contain player-code, the movie itself, and rootkit, and the player program will erase the movie after it's been watched, leaving the rootkit installed, so they can monitor if the player program is altered by the user, or the movie is watched again.

And then Orrin Hatch will allow Sony to blow up your computer if you tamper with their movie.

Re:New Prometheus all over again

[Pentium100]

My prediction is that media companies will start selling only executable packages that contain player-code, the movie itself, and rootkit, and the player program will erase the movie after it's been watched, leaving the rootkit installed, so they can monitor if the player program is altered by the user, or the movie is watched again.

That won't work at all.
1. some hard drives can be set to read only.
2. you can record the exe file to a WORM medium or just make a bunch of copies.
3. there's always analog hole.
4. virtual machines can be used.
5. I can make the image of my system drive before playing the movie and restore it after (removing the rootkit).

Also, this does not change the fact, that the exe file will contain: the encrypted content, the decryption algorithm and the key.

DRM for non-interactive media does not work.

This is premature

[gr8_phk]

HDCP has not really become widespread enough for this to be a good thing - in fact it's a bad thing at this time. People don't complain about it yet and with it broken, the manufacturers will simply do something different - and possibly worse. So next time you break an encryption system, please keep quiet until it becomes a widespread problem for people ;-)

Re:This is premature

What do you mean with "not widespread enough"? If I'd have to guess than there are easily more than a hundred million devices with HDCP out there. It's in everything that has a HDMI or DVI connector that was released in the last couple of years. Every HD-DVD and Blu-Ray player. Most HD TVs and LCD Computer monitors. Most XBox 360s and every PS3.

The reason people don't currently complain about HDCP is that the complaining phase is already over. Look at any video enthusiast forum about four years ago and you'll find plenty of complaints about incompatibility and things simply not working as they should, but today these problems are largely gone. If you wanted to get rid of HDCP devices stripping the protection have been available for years. They are mainly used to make newer players and consoles work with older displays. They aren't commonly used for ripping or recording since it is usually less of a hassle just to circumvent the DRM on the source.

Apart from that keeping quiet about the break was not an option since again it's been known for years that the master key could be generated out of 39+ device keys. It was just a question of someone investing the time and money to actually do it.

Re:Inside sources

[InsertWittyNameHere]

Inside sources say that the CEO had it written down on a post-it stuck to his monitor.

Re:Isn't this like AACS

[chefmonkey]

No, it's a complex way to publish 147,846,528,820 keys ( http://www.wolframalpha.com/input/?i=40+C+20 ).

  The initial input to the algorithm is a 40-bit random integer, selected so that the binary representation contains exactly 20 zeros and 20 ones. These bits are then used to select rows in the matrix.

Re:Was this a leak or reverse-engineering?

[ledow]

Copy protection using encryption is inherently insecure, because you have to give genuine customers some way of viewing material, thus some way to break the encryption. The second you do that, you are going against the established design criteria of modern encryption. No encryption specifically guards against multiple genuine recipients having multiple, genuine, valid decryption keys for ever and ever, and preventing *ANYONE* (even the genuine recipients) from ever decrypting that content.

Copy protection requires a WHOLE different design, one which no one has really bothered with, and any copy-protection system that advertises that it "uses AES" or any other such nonsense can possibly be taken seriously. That's *NOT* what it was designed to not and *NOT* what it will do. Hell, even DES, AES, etc. had stated lifetimes which were much shorter than the current copyright extension terms. Encryption and copy-protection try to solve different problems. Their combined use can complicate but not prevent such things from happening.

HDCP really has no legit reason to exist

[Sycraft-fu]

As you say, there are two separate issues, the issue of respecting copyright and the issue of doing what you want with your devices. Well HDCP does nothing to stop copyright infringement. The pirates just nab a copy earlier in the chain, just rip the disc. Sometimes they do it later in the chain, just record a movie in a theater. Either way the fact that they can't nab a signal from the wire doesn't matter at all, they don't even try.

What this does do is prevent legit uses. I really want to build a HD DVR for my living room. I don't want the one the cable company sells. Not only do you pay a monthly charge, but I don't care for its features or its tiny drive. I want to build my own. The capture card I want is already on the market, the Blackmagic Intensity. Expensive, but worth it. ...

Except HDCP stops all that from working.

So I could go and just download the content online, any and every thing I could want is out there, free for the taking. I cannot legitimately just record it off my expensive ($80/month currently) cable TV connection.

I'm very fed up with copy protection these days because this is what is happening. It isn't protecting anything, it is hurting normal users. It is so overbearing that it interferes with normal usage, and still it does nothing to stop infringement.

Another thing, along those lines, is I can't play Blu-ray movies on my PC. I have a BD-RW drive, 1920x1200 monitor and HDMI soundcard out to a massive home theater system. Seems like the tech is there. However because of the way my system works, the display output is mirrored, one copy via DVI to the screen, the other via HDMI to the soundcard, since it need a video signal to get clock from to send its sound. All devices HDCP enabled, but Blu-ray disallows playback in the event of a mirrored screen.

They've done a great job of protecting me from myself, but nothing to stop me from downloading a program and ripping and uploading their movies, if I so chose.

Re:HDCP really has no legit reason to exist

[anUnhandledException]

Firewire doesn't use HDCP. It uses a complete different encryption standard called DTCP (also know as 5C).

If the content is flagged as "do not record" the STB will shutdown/block the firewire port. The HDCP crack will do nothing to change this restriction.

Re:Proof?

[imakemusic]

377. ???
378. Loss of profits.

Blu Ray: Now Ready for the Living Room?

[Blue+Stone]

It has other uses too: dissuading casual pirates from ever jumping ship and buying into the medium.

A friend of mine couldn't play a couple of Blu Ray discs he'd bought because of various compatibilty issues to do with updated keys or whatever. It convinced me that Blu Ray just wasn't ready for the living room. Why would I want to give these fools my money when it results in a crapshoot? No Blu Ray player for me, no discs either. I decided to spend my money on something that's not so flaky.

More info here

[supervillian64]

More technical details described here: http://cryptome.org/hdcp-weakness.htm

Re:there is no more excuse to steal movies

[ledow]

"Since you're one of the 1% no one cares about you"

Which is exactly why some people decide "fuck it" and go and break people's copy protection schemes. 1% of your customers is a big chunk of your income, especially in a economic slump. And that 1% are likely to be the most tech-savvy, probably quite large consumers of such content and, by strange coincidence, quite capable of destroying your petty copy protection and letting everyone in the world have it, safe in the knowledge that that life in a non-DMCA country.

Just a for-instance. If a company doesn't care about me, I don't care about that company either. I wouldn't break such things myself but hell, if someone comes up with a way to consume their content MILLIONS like me (even if we're only 1%) and millions of others that spot an opportunity will be doing what they can to view your content.

I'm not saying that companies that "play fair" have zero piracy, that would be an insane claim, but it's the act of deliberately excluding customers that WANT to consume your content that creates the majority of the problem in the first place.

Signed,

A happy hacked-get_iplayer user who download iPlayer content that I'm legally entitled to view, via an unofficial channel, because it's the only damn way I can view it properly and in a reasonable manner.

Originally cracked in 2001....

....but took another 9 years to develop an implementation of it:

http://www.macfergus.com/niels/dmca/cia.html

There is also a repost of this info available @ John Young's Cryptome, that someone else in this thread already posted.

One question: I noticed in the 2001 papers that this was designed against the 1.0 version of HDCP. Will it also work against it's revisions?

Ya

[Sycraft-fu]

I think some forget how hypocritical people can be. This is even easier when you are talking old people being hypocritical with regards to what they did in youth. For one, we tend to remember the past through rose colored glasses. Not only does this mean we think things were better back then, but we kinda white wash our own histories. We forget some of the shit we did, the positions we held, and remember a more idealized version of ourselves. So "I smoked pot daily and loved it," may morph in to "I tried pot a few times socially and don't think it was a good idea."

Also people get overly cautious about what they did in the past. They see things as "stupid" and they are "amazed they survived." Of course you look further and it turns out that most people did that kind of stuff, so maybe it really isn't as dangerous as you think. However that isn't considered, instead the "protect the children" instinct takes over and they want to restrict things for their own good.

So I can perfectly well see people who are currently massive downloader growing up and getting power and then fighting against it. They'll remember it as something they did a bit and what a bad idea it was and how bad it is to do, and be all the more convinced it has to be stopped.

Re:Isn't this like AACS

[AmiMoJo]

It is the master key from which all others are generated.

You can already record HDCP protected video via a USB converter that uses a legit manufacturer's key, but in theory they can ban that key on future discs. With the master key that isn't a problem, you just generate a new device key and issue a firmware update.

Re:Isn't this like AACS

[goodmanj]

... but since the source matrix is 40x40, if you know 40 linearly independent identifier/key pairs, you can deduce the entire matrix.

As I understand it, the only way to avoid disclosure of the entire matrix is to avoid releasing more than 40 keys ... so of those 147,846,528,820 possible keys, only 40 are useable. So it really is a complex way to publish 40 keys.

Forgot a few extra evils

[Mathinker]

> The MAFIAA/RIAA ...

They game governments to get laws passed which enrich themselves at the cost of depriving society of: the use of the public domain, due process, and other privileges like anonymity on the net.

They use their legal muscle to try to prevent independently created content from becoming competitive with their product (e.g.: Veoh).

about time

[lusid1]

Finally. It was a stupid idea to begin with. I should be able to time-shift all my content without renting a crippleware box from the cableco. 2 months for china to make capture hardware, 6 month for an open source driver to mature, another 6 months for support to stabalize in mythtv, plus some time for it to make it into the distros. Maybe a year and a half before I can refresh my mythboxen. Yeah.

A Won Battle, an Indeterminate War

[Pfhool]

Proponents of open video have potentially won a battle here, but I have to agree with the commenters that say that this may just push the content companies to add new controls elsewhere in the content ecosystem. For example, DTCP (and particular the IP-oriented DTCP-IP) is already widespread in newer "TV Anywhere" style devices. It may also have cryptographic weaknesses, but compared to HDCP it is even more closed and it is controlled by an independent cabal of corporations.

See Engadget's summary of the comments on the FCC's set-top-box competition proceeding for a sense of what is to come.

Meet the new boss.

Re:Clever idea to slashdot the site with the key..

[El_Muerte_TDS]

Too large for a T-Shirt

you are not entirely correct

[Chirs]

Actually, you will get 5.1 over the optical cable. You won't get 7.1, you won't get 96KHz sampling rate, and you won't get lossless bitstream. But basic Dolby Digital and DTS 5.1 work just fine.

Haul it back to Fox, sista

[marxmarv]

You are apparently also of the generation that prefers ignorant mob rule and lazy scapegoating to spending even modest effort on understanding copyright law.

Hint: Start by finding the part of copyright law that criminalizes the receipt of information. Then find the section of law that allows an individual or corporation to enforce a contract against someone not a party to it.

Re:Clever idea to slashdot the site with the key..

[YourExperiment]

Not for most Slashdot readers!

Re:Isn't this like AACS

[AmiMoJo]

It depends how ACTA works out. Say a Chinese manufacturer makes a device that decodes HDCP content but does not pay the license fee for a key. They can sell it cheaper than anyone else because the cost of the license is taken out. The US has been trying to add a clause to ACTA that would prevent that kind of product being imported.

Fortunately it looks like the EU has killed it. In the EU such a product would be perfectly legal in many countries (maybe all, not 100% sure) because circumventing copy protection for the purposes of interoperability is allowed.

How it works

[DrJimbo]

Someone asked why the matrix wasn't symmetric as per the master matrix in Blom's Scheme.

I figured out the answer by reading the three short articles linked to from HDCP: Why So Weak?. The deal is that they placed severe hardware constraints on themselves. They were only allowed to require devices to do addition, no multiplication. Therefore the implementation in the Wiki article was not acceptable.

The HDCP scheme only allows "sources" to create a shared private key with "sinks", not other sources. Each source (sink) gets a private key that is a sum of 20 rows (columns) of the master matrix mod(P) where P seems to be 2^56 (which is not prime). Their public key is not a vector of integers like in the Wiki article. It is a vector of 40 zeros or ones with a total of 20 zeros and 20 ones. It is the same vector that selected their 20 rows (columns).

If you look at how an arbitrary source's 20 rows overlap with an arbitrary sink's 20 columns in the master matrix, they will intersect at exactly 400 (= 20 x 20) numbers. The shared private key is the sum mod(P) of these 400 numbers. The source's private key is the 40 word vector containing the sum of its 20 rows. So the 400 numbers at the intersections have been summed into 20 numbers out of the 40 numbers of the source's private key. The sink tells the source which of the 20 of the 40 numbers in the source's private key to sum. These correspond to the 20 bits that were set (out of 40 bits) to select the 20 columns that make up the sink's private key. When the sources adds the 20 numbers from its private key it gets the sum of the 400 numbers in the intersection between the source's rows and the sinks columns.

The sink does the same thing. It gets told by the source which 20 of the 40 numbers in it's private key correspond to the sources 20 rows. The sink adds up these 20 numbers and it too gets the sum of the 400 numbers that are in the intersection of the sources rows and the sinks columns. This way each one uses their own private key (the sum of their 20 rows or columns which is a vector of 40 numbers) combined with the public key of the other (which 20 out of 40 numbers to sum) in order to find a shared private key. They both end up with the same number which is called the shared private key. It is the sum of the 400 numbers where the source's rows intersect the sink's columns in the master matrix.