HDCP Master Key Revealed

solafide writes "The HDCP Master Key has allegedly been revealed. If true, this information will allow anyone to create their own source or sink keys, essentially making HDCP useless for content protection permanently. No word yet on how it was obtained, but if true, this is a great day for content freedom around the world!"

Hooray for freedom

[fnj]

And hooray for common sense. You knew it was hopeless.

Re:Hooray for freedom

[bieber]

I wouldn't say hooray for freedom. If this is a win for freedom, it's only in the sense of breaking out of jail for as long as it takes them to catch you and toss you back in. The answer isn't to keep cracking these "protection" schemes, it's to stop buying into them at all until the companies behind them realize that customers are tired of paying for hardware that actively works against their interests. There seems to be a really dominant mentality among people in the know about these things that it's alright to keep supporting this nonsense monetarily because we'll always find a way to break it. That's all fine and dandy for now, but what happens when they start to get really serious about "protecting their content," and start introducing devices that can't be so easily broken?

Re:Hooray for freedom

[JanneM]

"Because it's always good to make it easier to break the law and steal movies."

Most places explicitly allow backups and format shifting, in addition to excerpting and other fair use exceptions. All of which now become possible where it was not before. No stealing or anything immoral involved.

Re:Hooray for freedom

[drinkypoo]

What other for profit industries can we attack? Maybe someone could come up with a universal electronic key so you can drive any car you want.

Electronic unlock devices already exist. They can be used by locksmiths or other authorized personnel for good. You can buy a variety of security-defeating devices on dealextreme. Have a nice day.

Re:Hooray for freedom

Also the 'crimes' being committed are merely civil offenses.

Ah, the classic slashdot myth, repeated so many times that most people here actually believe it. However, the United States criminal code would beg to differ. Ever download $1,000 worth of material in 6 months? Guess what, you committed a crime.

  506. Criminal offenses6

(a) Criminal Infringement. —

(1) In general. — Any person who willfully infringes a copyright shall be punished as provided under section 2319 of title 18, if the infringement was committed —

(A) for purposes of commercial advantage or private financial gain;

(B) by the reproduction or distribution, including by electronic means, during any 180-day period, of 1 or more copies or phonorecords of 1 or more copyrighted works, which have a total retail value of more than $1,000; or

(C) by the distribution of a work being prepared for commercial distribution, by making it available on a computer network accessible to members of the public, if such person knew or should have known that the work was intended for commercial distribution.

(2) Evidence. — For purposes of this subsection, evidence of reproduction or distribution of a copyrighted work, by itself, shall not be sufficient to establish willful infringement of a copyright.

(3) Definition. — In this subsection, the term “work being prepared for commercial distribution” means —

(A) a computer program, a musical work, a motion picture or other audiovisual work, or a sound recording, if, at the time of unauthorized distribution —

(i) the copyright owner has a reasonable expectation of commercial distribution; and

(ii) the copies or phonorecords of the work have not been commercially distributed; or

(B) a motion picture, if, at the time of unauthorized distribution, the motion picture —

(i) has been made available for viewing in a motion picture exhibition facility; and

(ii) has not been made available in copies for sale to the general public in the United States in a format intended to permit viewing outside a motion picture exhibition facility.

(b)(b) Forfeiture, Destruction, and Restitution.—Forfeiture, destruction, and restitution relating to this section shall be subject to section 2323 of title 18, to the extent provided in that section, in addition to any other similar remedies provided by law.

(c) Fraudulent Copyright Notice. — Any person who, with fraudulent intent, places on any article a notice of copyright or words of the same purport that such person knows to be false, or who, with fraudulent intent, publicly distributes or imports for public distribution any article bearing such notice or words that such person knows to be false, shall be fined not more than $2,500.

(d) Fraudulent Removal of Copyright Notice. — Any person who, with fraudulent intent, removes or alters any notice of copyright appearing on a copy of a copyrighted work shall be fined not more than $2,500.

(e) False Representation. — Any person who knowingly makes a false representation of a material fact in the application for copyright registration provided for by section 409, or in any written statement filed in connection with the application, shall be fined not more than $2,500.

(f) Rights of Attribution and Integrity. — Nothing in this section applies to infringement of the rights conferred by section 106A(a).

Re:Hooray for freedom

[jamesh]

he more permanent freedom is a matter of time. At some point, lawmakers will be from the generation that also posts on forums, that downloaded mp3's when they were younger (or still do), and that watched 2 or 3 movies illegally when they were students.

I'm from that generation, more or less, and still think it's pretty rude to download stuff that you didn't pay for. I'm against supporting broken business models that don't let you store the media in the format that's most useful to you (eg on a media center) but that still doesn't mean that you get to download stuff illegally.

The smart thing to do would be to concentrate less on prevention - people are always going to copy stuff no matter what - and focus more on detection. Find the people who are downloading your stuff and get them, rather than making stuff harder for the rest of us.

And it doesn't matter what generation you are from. There will always be someone who's willing to take the media empires money to tow their agenda through the lawmaking process.

Re:Hooray for freedom

[ArsenneLupin]

At some point, lawmakers will be from the generation that also posts on forums, that downloaded mp3's when they were younger (or still do), and that watched 2 or 3 movies illegally when they were students.

Current lawmakers all smoked dope when they were students. That doesn't mean that they are all in favor of legalizing marihuana.

Re:Hooray for freedom

[Mr.+Slippery]

A DVD is a tangible good, no different than a book.

Have they implemented a region scheme for books? Can a book be rendered illegible by a scratch? Is there some scheme in place to prevent you from quoting an except from a book verbatim?

Re:Hooray for freedom

[The+Grassy+Knoll]

At some point, lawmakers will be from the generation that []

Is this why marijuana is now legal in most western countries, the lawmakers being from the generation that first started widely using it...?

.

Re:Hooray for freedom

[MightyYar]

Right, and if I steal an actual DVD, I've stolen a tangible good. Whomever I steal it from will have to cope with a tangible loss. I think what we are talking about is making an unauthorized copy, which may or may not affect the income of the person who holds the government rights to the work.

Re:Hooray for freedom

[supersloshy]

The answer isn't to keep cracking these "protection" schemes, it's to stop buying into them at all until the companies behind them realize that customers are tired of paying for hardware that actively works against their interests.

I agree with your post except for this sentence. The problem with that argument is that most people, quite frankly and quite unfortunately, don't care whether or not something has "DRM or GPL or whatever crap you're trying to convince me to have or not have" (in the paraphrased words of everyone else). Most people don't care about region-lockout, SecuROM-style DRM, HDCP or any of that so long as it "works" for the time being. Most people, instead of caring whether or not their media will play on some out-there FOSS player, just buy whatever player can so they can watch it right then without caring or even thinking about whether or not that DRM will be around long enough for them to not have to re-buy all of their media. I'm almost as anti-DRM as you can get, and it's the depressing truth from what I've found.

Re:Hooray for freedom

[mcvos]

A DVD is a tangible good, no different than a book.

But DRM doesn't prevent anyone from shoplifting DVDs.

Re:Hooray for freedom

[somersault]

I think your problem here should be with people who choose to buy pirated copies of movies, not the technology that allows for copying. Might as well make pen and paper illegal if you want to go down that route. Quit whining.

Re:Hooray for freedom

[putaro]

In general anyone can buy and use lockpicks for legitimate purposes. It's when you possess them with the intent to commit a crime that they are classed as "burglary tools" and get you some extra time.

Re:Hooray for freedom

[IndustrialComplex]

At some point, lawmakers will be from the generation that also posts on forums,

Same generation, different culture.

The Democrat looks at the Republican and wonders how he could believe that. The New Yorker takes a look at the rural farmer and wonders why he would subject himself to that sort of life. The rural citizen wonders how anyone could deal with so much noise. And DC elects Marion Barry. Again.

But if you want the real reason: The people who care about a subject will get their way. Just because some people would vote for/against an issue doesn't mean that they actually care enough about that issue to do anything about it.

Re:Hooray for freedom

[jedidiah]

> A DVD is a tangible good, no different than a book.

Yes it is. I should be able to dispose of that "tangible good" in any manner as I see fit as the owner of that good.

That includes copying it for my own use.

MY individual property rights should not be nullified for the benefit of some corporation or for the sake of some non-right.

Re:Hooray for freedom

[c0lo]

At some point, lawmakers will be from the generation that also posts on forums, that downloaded mp3's when they were younger (or still do), and that watched 2 or 3 movies illegally when they were students.

Current lawmakers all smoked dope when they were students. That doesn't mean that they are all in favor of legalizing marihuana.

And the "flower power" generation had, during 60-ies - 70-ies, some pretty liberal idea about sex ... FF 40 years (they should be in their 60 now) and... try singing that in public, you'll see it's almost as illegal as marijuana.

Re:Hooray for freedom

[Kjella]

People want content, the hardware is just a means to that end. As long as the copyright holder can exclusively decide what DRM will be applied you have no possibility to vote with your wallet short of doing completely without it. Also it's practically impossible to avoid DRM-capable hardware, 99% of all computers today have a DVD drive and thus pay a CSS license and thus support DRM. All graphics cards from Intel, AMD and nVidia support HDCP. Same with any modern TV or monitor.

The only way people win is when DRM is broken, but they are committed to continue selling it. That is the only reason you can still buy DVDs, otherwise they would have moved to DVD 2.0 with new and better DRM long ago. I just hope the combined mass of cable boxes, TVs, recievers, graphics cards, monitors and so on now is big enough they will not be able to implement a new standard. That is how DRM dies, not trying to make them go for a DRM free platform. That we already know they won't.

Re:Hooray for freedom

[jedidiah]

> or any of that so long as it "works" for the time being

Well. That's the problem with all of this nonsense.

IT DOESN'T and it's only getting worse.

The n00bs won't care why something breaks. They will just get upset when it
does and blame the most convenient target available. This may be the studios
or the hardware vendor depending on the individual.

However, they won't need to understand the situation to lay blame.

Although Big Content might get lucky and get away with stuff like Microsoft did.

No. DRM makes it much more likely that it won't "just work".

The whole "need to patch BD player to play new movie" nonsense is one of the reasons I won't touch that technology yet.

As geeky as I am, I just don't believe that a consumer appliance should be in constant need of patches.

Re:Hooray for freedom

[flink]

The more permanent freedom is a matter of time. At some point, lawmakers will be from the generation that also posts on forums, that downloaded mp3's when they were younger (or still do), and that watched 2 or 3 movies illegally when they were students.

Right, because all those hippies from the baby boomer generation that are in power now have shutdown the military, ended the war on drugs, and prevented racial discrimination in all its forms. Or more likely, 99% of those who make it into power had to sell most of their ideals to the highest bidder or never had any in the first place.

The law makers we have in 20 years will be the same assholes we have now with different faces. Real change comes when the people force the government to take action, not the other way around.

Re:Hooray for freedom

[Vintermann]

There's a very good one, actually. It's possible to install a program to enable you to read books written for another language region, but it takes several years and a lot of hard work.

Some people are working on automatic cracking tools, but they're not very good.

Re:Hooray for freedom

[Haffner]

I think most of slashdot is pretty clear on the fact that it's against the law - the general consensus here though is that the law is wrong.

Re:Hooray for freedom

[Chrisq]

> A DVD is a tangible good, no different than a book.

Yes it is. I should be able to dispose of that "tangible good" in any manner as I see fit as the owner of that good.

I choose shoving it up the RIAA's arse.

Re:Hooray for freedom

[EasyTarget]

That gets tricky.. what with their heads getting in the way etc..

Re:Hooray for freedom

[uglyduckling]

Well, uh... for starters, it's nothing to do with DVDs. HDCP is the copy protection mechanism for display interfaces. The copy protection for DVDs is CSS, which was broken over a decade ago. HDCP is a ridiculous system which makes a display authenticate itself against the playback device before a high definition picture will be displayed. This is purportedly to prevent piracy, however most piracy takes place by decrypting the information on the disk before it's ever output to the display, and copying the raw data.

All HDCP does is limit the freedom of the end user in choosing their display device(s) and creates the risk that a device's key might be revoked. Traditional uses of display equipment, e.g. multiple displays in bars, places of worship, retail etc., is made much more difficult because of the handshaking and key exchanging involved. All HDCP really does is placate ignorant studio bosses whilst making things more costly for the consumer. The 'professional' pirates don't care about it at all.

Re:Hooray for freedom

[ultranova]

Exactly! Because Oxygen, Food, Shelter, DVD's, BluRay's and CD's are required to live.

To be fair, entertainment is a need. People who aren't getting any will start doing unbelievable stupid things just for fun, quite likely getting themselves and bystanders hurt. Boredom might not seem like much a threat, but it is.

Of course, making movies would likely be far more interesting than just watching them, and with computing power increasing, it's becoming available to a more and more common person. The biggest obstacle right now is the lack of a suitable program; we need some kind of digital actor system to take out the drudgery of 3D animation.

Re:Hooray for freedom

[L4t3r4lu5]

Get this through your head: Centralised distribution networks cost lots to host and run. How they go about monetising P2P isn't my concern. It does, however, take all of the heartache of high cost hosting out of this.

And the cost of creating content is negligible, as Jamendo is proof of. You can achieve near-studio quality with a Powerbook and a lot of patience. Talent doesn't cost a thing, but it can still make you a lot of money.

Re:Hooray for freedom

[Xiaran]

Why do you need lots of servers in data centres for a P2P distribution network?

Re:Hooray for freedom

[hawguy]

Get this through your head: The cost of maintaining a distribution network -- be it servers in a data center, theaters in malls across the country, or warehouses and trucks -- far exceeds the cost of manufacturing a physical article in bulk. And the cost of CREATING content exceeds them both.

Uhh...I thought the big advantage of electronic distribution was that it's far cheaper than creating physical articles. I can get a server with 100mbit bandwidth + 10TB monthly transfer for $350/mo -- that will let me distribute 300K albums (at 30MB each). Or, one tenth of a cent each. Even if I hosted on Amazon EC2, my costs would be around 0.6 cents per CD.

I don't think you can press a CD for that little, even if you're buying 10 million of them at a time. I'd bet that the setup fee for a big CD run costs more than hosting the website for 6 months or a year.

Whether or not the cost of creating the content costs more than that depends on who the artist is and why they are creating it and what costs are included -- I have friends that burn CD's and give them out for free because they create music for the fun of it. I think their "recording studio" (including hardware and software) cost less than $500.

Re:Hooray for freedom

Also, police like having drugs be illegal as it helps prop up their power structure.

I'm not sure how far you are talking about when you say power structure, but it goes much further than just the people employed by pig forces all over the place.

Politicians get a very useful bogeyman with (some) drugs being illegal. The military have something to fight, keeping them busy (ever noticed how one of the biggest welfare systems in many countries is the military? There are places all over the western world where there are next to no jobs available, but the military. Threaten to take away the military, and these people will be as upset as perceived "dole scroungers". The biggest irony is that those who support the existence and use of monstrous militaries often are opposed to any forms of social security!).

The legal system and industry is one of the biggest beneficiary of the prohibition of some drugs. Lawyers write laws against substances, lawyers prosecute those breaking the rules, lawyers defend those breaking the rules, lawyers judge if you have broken the rules or not. And good luck trying to understand the law if you aren't in their club. The legal industry is one of the biggest rackets in the world! You can't call yourself a lawyer or solicitor unless you have a law degree and belong to a bar society, and the gate keepers to both what is a good law degree and who gets into bar societies are all lawyers. I don't see any accountability to the people when it comes to lawyers, yet we have to deal with them if we want to be in anyway successful in this world. And we have to deal with them if we are destined to be unsuccessful (by the usual social-success yard sticks).

Throw in other factors, like for-profit prisons, the legal drug industries (tobacco, drink, caffeinated products, medicine[1]), a press who's business is driven by shouting about the downfall of society, and the pressure to keep some drugs illegal becomes pretty big!

[1] If people could legally grow a plant in their garden that could be used for many, maybe even a majority, of minor ailments the market for paracetamol/Tylenol would shrink massively.

Re:Hooray for freedom

[icebraining]

The smart thing to do would be to concentrate less on prevention - people are always going to copy stuff no matter what - and focus more on detection. Find the people who are downloading your stuff and get them, rather than making stuff harder for the rest of us.

And how do you propose to implement such "protection" without the constant privacy violations (ISP-wide deep packet inspection, loss of anonymity, etc) we've been hearing about?

While I can perfectly understand that it's "rude to download stuff that you didn't pay for", I don't see any means of prevention/detection that don't violate more important rights.

Re:Hooray for freedom

[mikeabbott420]

Americas vast prison system is also a huge industry with a vested interest in marijuana hysteria.
I suspect the alcohol industry may see it as a threat as well. In my experience people who smoke weed abuse alcohol less and that could cause a loss of revenue. Thus the alcohol industry will feed hysteria because they know it is false.

Re:Hooray for freedom

[StuartHankins]

Don't lump "servers in a data center" in with a physical distribution network. The cost of maintaining servers and their associated HR costs is very small in comparison [to all the other costs], and getting smaller. If I can rent a movie for $1 at any RedBox or BlockBuster Express, I expect it to be even less by downloading it directly. And in some cases (NetFlix, Hulu) it IS cheaper.

The old-style physical content distribution model is dead.

And as far as content creation costs go, it appears a lot of popular / decent movies were created without huge budgets. More and more people are creating their own movies on a shoestring. The tables are tipping from "we provide what we want you to see" to amateur-provided content, and guess who doesn't like it? <tiny violins play softly>

Re:Hooray for freedom

[phyrexianshaw.ca]

Not that I'm a big music producer or anything, but this is exactly my distribution model. I make music/video for fun on: an old DSLR, an 8mm video camera, a computer with open source software, a few m-audio products and a few Shure microphones. all said and done, To cover a 4 man band I think the complete setup cost me about $2500, (though it would have been about $5000 had I bought it all new).

to date, I think I've grossed about ~$3000, having done about twenty or so live shows at $150 a night. production quality if a lot better than the bands expect, and for the cost of my internet connection a month, they get a torrent seed to give away a link to for free copies of the production.

in either case, the total production cost for a band to release a private CD of pretty close to record industry quality, would run about $1200 for 500 discs (including the cost of the venue, mastering, discs, burning, printing, and jewel case construction/design/printing.) with additional discs running about $0.65/disc.

even at $5 a disk, that's still a HUGE profit margin. (assuming instruments and any other equipment needed to preform was already paid for. though not often the case, a few shows and a few happy buyers quickly take care of that)

Re:Hooray for freedom

[Progman3K]

To be fair, entertainment is a need. People who aren't getting any will start doing unbelievable stupid things just for fun, quite likely getting themselves and bystanders hurt.

Darwin wins, Youtube wins, I don't see a problem.

Re:Hooray for freedom

[Americano]

And the cost of creating content is negligible, as Jamendo is proof of. You can achieve near-studio quality with a Powerbook and a lot of patience. Talent doesn't cost a thing, but it can still make you a lot of money.

It is only negligible if your time has no value, or the time of the other people involved in making the music has no value. Most people are not born musical savants - they must learn to play their instrument, they must practice their instrument, they must purchase an instrument (or multiple instruments) to play. To record, they must purchase a powerbook (or a cheap dell), they must purchase the recording software, and they must learn how to use the recording software. They must also then actually get around to *writing their own* music. And while you're doing that, you have to earn money to meet the million other obligations of daily existence - food, clothing, shelter, utilities, transportation... all of this costs money and/or time.

To suggest that the process of making music is more or less zero-cost - "cost of creation is negligible" is either willfuly ignorant or absurdly naive. It requires a lot more than patience. And the ultra-rich rock stars are the exception, not the rule. You'll find a lot more musicians that work shitty waiter and retail jobs to pay the bills while they work on their music, and for whom that $100 they could have brought in off 5-10 CD sales would mean one less shitty double-shift.

Production AND distribution are a very small portion of "content creation," whether it be a P2P distribution scheme, or shipping by trucks to hundreds of stores around the country. If you place any sort of value on the work of the musicians whose music you love, then paying them $10-15 to support their work and help them continue to make music is not an unreasonable expectation. Make an effort to find music produced by independent artists, who market directly to their audience, and support those people.

Re:Hooray for freedom

[DavidTC]

No one who is complaining about HDCP is trying to pirate. Cracking HDCP is utterly useless for pirates, and HDCP doesn't stop anything they're trying to do.

The HDCP 'protection' was a delusional attempt by the content providers to get a step ahead of pirate-copy-makers. They fantasized that their current media protection was 'perfect', so figured pirates would start copying from the video connection.

Of course, their protection wasn't perfect, so copier have continued to just strip the DRM off the provided media instead of rigging weird setups to copy from a monitor cable.

Which copiers could do anyway, as HDCP decoders have existed forever. This crack was the master key...before that, you had to buy a 'licensed' piece of hardware that could strip HDCP, which is fairly easy to get, although you have to order from overseas. With this crack, now, you can simply record the encrypted signal and decode it, I guess. (Maybe not, though.)

But no copier did that, or will start doing that. They'll just remove the BlueRay or cable encryption instead, like they've been doing.

In short, HDCP was 'second-level' DRM, which required, as a base assumption, that no one would be able to decode DRM before it get outputted, so HDCP was an attempt to protect the output. As people can decode the DRM before output, it's, um, utterly pointless to crack.

Even if copiers were copying from there, none of that has anything to do with 99.9999% of pirates, who download copied movies,and thus could give a flying fuck where the copy came from. Any HDCP connections will display a pirated video as well anything else.

Re:Hooray for freedom

[erroneus]

You know, that's not necessarily true. Some people, like me for example, just want to be able to connect devices through my home stereo equipment. I am the unfortunate owner of a NewEgg.com-sold Yamaha AV receiver that sports HDMI 1.0 in and out. I am not trying to be a pirate. I just want to connect my stuff through my amplifier.

This is great news for me because this will enable the creation of inexpensive [read: Unlicensed] conversion devices that will enable me to make use of my AV receiver as intended.

I really don't appreciate that copyright interests have decision-making ability to determine how I can connect my home AV system. They did it with Macrovision which disabled my ability to connect my DVD player through my VCR. (I had a cheap TV with only channel 3/4 as the input method and my VCR was using that... the VCR had RCA audio and video in, though, and I could use that to connect my very first-ever DVD player to my TV via the VCR... but no... I "might" copy a DVD to a VHS tape, so they decided to break it.) They tried to do the same thing with "broadcast flag" legislation to force all devices in the U.S. to respect the broadcast flag and not record programs from over the air. (What ever became of that? Did it fade away or return silently?)

I am a copyright violator. I'm not denying that. But my first experience with HDCP was by trying to connect my XBox360 to my TV through my AV amp which is, in my opinion, a perfectly legitimate use... before that time, as with my first experience with Macrovision, I didn't even know what HDCP was! HDCP is part of a paranoid market's desire to control how and where content is accessed. It shouldn't be their right to dictate this. They shouldn't even be able to prevent me from copying things as "fair use" is a legally acceptable reason for doing so... and yet they are allowed to attempt to block it.

I don't like it when legitimate purposes and uses are blocked because someone might use those methods for illegitimate purposes and uses.

Man

[The+MAZZTer]

I can't wait for THIS number to be turned into a song!

So can someone answer this:

[ihatewinXP]

How will this actually become practical?

From my understanding this breaks the HDMI cable protection, more than anything re-opening 'the analog hole' except with full digital goodness if someone hacks the firmware on a player they can then use the signal freely. Expect many more downloads from 'the usual sources' of HD content....

Will be interesting to see how the industry reacts to this. As all these machines today have upgradeable firmwares and internet connection that wont be able to totally close this break in the hardware spec itself but may cause problems for those seeking to exploit this leak. As we know these companies are more than used to harassing customers for their own interests.

I for one welcome the new freedoms that come with this. Too many devices out now based on the standard for the industry to change overnight - the cat is out of the proverbial bag.

Re:So can someone answer this:

[jeffmeden]

There are plenty of picture-perfect copies of digital media out there already, that's the bitterly ironic thing about DRM as it sits today; the people just trying to play by the rules are getting stuck buying more expensive, less compatible equipment while the pirates use software techniques to get whatever content they want, however they want it, with relative ease.

If HDCP didn't exist, there would still be legal battles over what kind of hardware was legal to sell (like bluray copiers, "open" DVRs, etc). If it were to go away tomorrow, the possible upside would be more software tools available to do things like media backups, software DVR of "protected" content, and more choices when it comes to what kind of TV/monitor you can use with a media source like a bluray player or cable box. Again, ironically, I wouldn't expect genuine piracy to be helped at all by this, and by and large people buying gear off the shelf at Best Buy will never know what happened.

Re:So can someone answer this:

[Coopjust]

From what I understand,the leak makes revocation useless:

"The master key allows you to recover every other key in the system and lets you decrypt [HDCP video content], impersonate a device, or create new displays and start selling HDCP compatible devices."

While [Intel and content providers] are spending millions on HDCP, he says, they will be denied the benefits of research that can help fix the technology. Ferguson predicts that a year from now, someone will post a HDCP master key on the Internet, and the money spent on the system will be wasted.

Upgrading the firmware of players to disable HDMI altogether isn't possible at this point. I'm not sure of the exact process, but since you can make new displays, you can create a device that just makes up a random one if it doesn't handshake in five seconds. Also, you can impersonate any existing device- and blocking every existing monitor on the market isn't feasible either.

Re:So can someone answer this:

[Vertana]

If you hooked your HTPC to your non-HDCP compliant display, you could possibly modify your device driver to decode the HDCP encryption and be able to view content at full 1080p on your non-HDCP compliant display. Alternatively, someone might be able to implement it in hardware and provide a cheap device to lay in between your device and non-HDCP display to decode the stream on the fly. All of this... just so people can watch content at full HD on the monitor they legally paid for.

yup

[Pojut]

Further proof that DRM is, for all intents and purposes, completely useless other than pissing off "honest" consumers.

Re:Isn't this like AACS

[jdong]

No, this is actually the master key that you can use to generate vendor keys -- changing this key would break compatibility with existing HDCP equipment!

Content Freedom?

[wilsone8]

Why is I when I read "content freedom", I have a feeling you mean your ability to copy movies from torrent and avoid having to pay anyone for the huge investment and hard work they put into making movies. Sure, that's not what everyone will use it for, but it seems like most will. That's not something to cheer about in my book, but to each his own.

Re:Content Freedom?

[Cyberax]

How come movie industry hasn't died after the invention of VHS tapes?

Re:Content Freedom?

[ledow]

Because, as in all things, most people are honest.

If I want a movie, I buy it. That might mean buying it second-hand, or buying it from a friend, but I don't do the shady deals in pubs with strangers. Most people are like me, and most people actually pay for stuff. VCR's and DVD-R's are, of course, used for piracy - because they are recording devices. But if you didn't have those, people have camcorders, or webcams, or any one of a million and one recording devices.

The recording device, or the technology built into any recorded media, does not stop anything, at all, ever, except genuine, honest customers doing something quite reasonable. Anyone who wants an illegal copy can get one in any one of a million different ways. Hell, the early DVD rippers basically screenshotted the screen of a DVD player so many times a second and recorded the audio. It's not hard at all, because of the "analog hole". But the only people who bother to go to that amount of effort are established pirates and those who genuinely believe they are doing something quite reasonable and should be allowed to do it.

Despite popular opinion, that's NOT the majority of people.

Re:Content Freedom?

[size1one]

A 2-pass 1080p x264 rip+encode takes much longer than the runtime of the movie, unless you have a very nice computer. You could rent any movie you wanted from a video store. but those things are irrelevant, the movie industry hasn't died. It's making as much money as ever.

Re:Clever idea to slashdot the site with the key..

Here you go:

HDCP MASTER KEY (MIRROR THIS TEXT!)

This is a forty times forty element matrix of fifty-six bit
hexadecimal numbers.

To generate a source key, take a forty-bit number that (in
binary) consists of twenty ones and twenty zeroes; this is
the source KSV. Add together those twenty rows of the matrix
that correspond to the ones in the KSV (with the lowest bit
in the KSV corresponding to the first row), taking all elements
modulo two to the power of fifty-six; this is the source
private key.

To generate a sink key, do the same, but with the transposed
matrix.

6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9
82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6
1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39
b3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e
2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378
672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d
07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc32c7e63
1d6b501ae0f003 f5a8fcecb28092 854349337aa99e 9c669367e08bf1 d9c23474e09f70

3c901d46bada9a 40981ffcfa376f a4b686ca8fb039 63f2ce16b91863 1bade89cc52ca2
4552921af8efd2 fe8ac96a02a6f9 9248b8894b23bd 17535dbff93d56 94bdc32a095df2
cd247c6d30286e d2212f9d8ce80a dc55bdc2a6962c bcabf9b5fcbe6f c2cfc78f5fdafa
80e32223b9feab f1fa23f5b0bf0d ab6bf4b5b698ae d960315753d36f 424701e5a944ed
10f61245ebe788 f57a17fc53a314 00e22e88911d9e 76575e18c7956e c1ef4eee022e38
f5459f177591d9 08748f861098ef 287d2c63bd809e e6a28a6f5d000c 7ae5964a663c1b
0f15f7167f56c6 d6c05b2bbe8800 544a49be026410 d9f3f08602517f 74878dc02827f7
d72ef3ea24b7c8 717c7afc0b55a5 0be2a582516d08 202ded173a5428 9b71e35e45943f

9e7cd2c8789c99 1b590a91f1cffd 903dca7c36d298 52ad58ddcc1861 56dd3acba0d9c5
c76254c1be9ed1 06ecb6ae8ff373 cfcc1afcbc80a4 30eba7ac19308c d6e20ae760c986
c0d1e59db1075f 8933d5d8284b92 9280d9a3faa716 8386984f92bfd6 be56cd7c4bfa59
16593d2aa598a6 d62534326a40ee 0c1f1919936667 acbaf0eefdd395 36dbfdbf9e1439
0bd7c7e683d280 54759e16cfd9ea cac9029104bd51 436d1dca1371d3 ca2f808654cdb2
7d6923e47f97b5 70e256b741910c 7dd466ed5fff2e 26bec4a28e8cc4 5754ea7219d4eb
75270aa4d3cc8d e0ae1d1897b7f4 4fe5663e8cb342 05a80e4a1a950d 66b4eb6ed4c99e
3d7e9d469c6165 81677af04a2e15 ada4be60bc348d dfdfbbad739248 98ad5986f3ca1f

971d02ada31b46 2adab96f7b15da 9855f01b9b7b94 6cef0f65663fbf eb328e8a3c6c5d
e29f0f0b1ef2bf e4a30b29047d31 52250e7ae3a4ac fe3efc3b8c2df1 8c997d15d6078b
49da8b4611ff9f b1e061bc9be995 31fd68c4ad6dc6 fd8974f0c506dd 90421c1cd2b26c
53eec84c91ed17 5159ba3711173b 25e318ddceea6a 98a14125755955 2bb97fd341cea2
3f8404769a0a8e bce5c7a45fb5d4 9608307b43f785 2a98e5856afe75 b4dbead4815cac
d1118af62c964a 3142667a5b0d14 6c6f90933acd3d 6b14a0052e2be4 1b1811fda0f554
12300aa7f10405 1919ca0bff56ea d3e2f3aad5250c 4aeeea5101d2ec 377fc499c07057
6cb1a90cdb7b11 3c839d47a4b814 25c5ac14b5ec28 4ef18646d5b9c2 95a98cc51ebd3b

310e98028e24de 092ffc76b79f44 0740a1ca2d4737 b9f38966257c99 a75afc7454abe4
a6dd815be8ccbf ec2cac2df0c675 41f7636aa4080f 30e87b712520fd d5dfdc6d3266ac
ee28f5479f836f 0bf8ee2112173f 43ae802fa8d52d 4e0dffd36c1eac 3cbda974bb7585
fb60a4700470e3 d9f6b6083ef13d 4a5840f02d0130 6c20ef5e35e2bf dad2f85c745b5b
61c5ddc65d3fc9 7f6ec395d4ae22 2b8906fb3996e2 e4110f59eb92ac 1cb212b44128bb
545afda80a4fd1 b1ffea547eab6b fac3d9166afce8 3fe35fe17586f2 9d082667026a4c
17ffaf1cb50145 24f27b316acfff b6bb758ec4ad60 995e8726359ef7 c44952cb424035
5ec53461dbd248 40a1586f04aee7 49ea3fa4474e52 c13e8f52c51562 30a1a70162cfb8

ccbada27b91c33 33661064d05759 3388bb6315b036 0380a6b43851fb 0228dadb44ad3d
b732565bc37841 993c0d383cfaae 0bea49476758ac accc69dbfcde8b f416ab0474f022
2b7dbcc3002502 20dc4e67289e50 0068424fde9515 64806d59eb0c18 9cf08fb2abc362
8d0ee78a6cace9 b6781bd504d105 af65fab8ee6252 64a8f8dd8e2d14 cb9d3354e06b5b
53082840d3c011 8e08

Monetization != bulletproof protection

[Bruce+Perens]

Monetize your content all you want. Prosecute illegal distribution. Just let me play it with my own device and software.

Re:Monetization != bulletproof protection

[jedidiah]

The MAFIAA/RIAA doesn't prosecute illegal distribution.

They use grossly inappropriate laws intended for professional pirates on housewives.

They bully people with barratry suits.

The seem to ignore the real commercial pirates that might actually be "stealing" paying customers from the industry.

Instead they engage in the sort of thing they tell you to avoid the first day of law school (suing non-solvent parties).

Re:Proof?

[guruevi]

1. HDCP MASTER KEY (MIRROR THIS TEXT!)
2.
3. This is a forty times forty element matrix of fifty-six bit
4. hexadecimal numbers.
5.
6. To generate a source key, take a forty-bit number that (in
7. binary) consists of twenty ones and twenty zeroes; this is
8. the source KSV. Add together those twenty rows of the matrix
9. that correspond to the ones in the KSV (with the lowest bit
10. in the KSV corresponding to the first row), taking all elements
11. modulo two to the power of fifty-six; this is the source
12. private key.
13.
14. To generate a sink key, do the same, but with the transposed
15. matrix.
16.
17.
18. 6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9
19. 82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6
20. 1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39
21. b3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e
22. 2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378
23. 672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d
24. 07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc32c7e63
25. 1d6b501ae0f003 f5a8fcecb28092 854349337aa99e 9c669367e08bf1 d9c23474e09f70
26.
27. 3c901d46bada9a 40981ffcfa376f a4b686ca8fb039 63f2ce16b91863 1bade89cc52ca2
28. 4552921af8efd2 fe8ac96a02a6f9 9248b8894b23bd 17535dbff93d56 94bdc32a095df2
29. cd247c6d30286e d2212f9d8ce80a dc55bdc2a6962c bcabf9b5fcbe6f c2cfc78f5fdafa
30. 80e32223b9feab f1fa23f5b0bf0d ab6bf4b5b698ae d960315753d36f 424701e5a944ed
31. 10f61245ebe788 f57a17fc53a314 00e22e88911d9e 76575e18c7956e c1ef4eee022e38
32. f5459f177591d9 08748f861098ef 287d2c63bd809e e6a28a6f5d000c 7ae5964a663c1b
33. 0f15f7167f56c6 d6c05b2bbe8800 544a49be026410 d9f3f08602517f 74878dc02827f7
34. d72ef3ea24b7c8 717c7afc0b55a5 0be2a582516d08 202ded173a5428 9b71e35e45943f
35.
36. 9e7cd2c8789c99 1b590a91f1cffd 903dca7c36d298 52ad58ddcc1861 56dd3acba0d9c5
37. c76254c1be9ed1 06ecb6ae8ff373 cfcc1afcbc80a4 30eba7ac19308c d6e20ae760c986
38. c0d1e59db1075f 8933d5d8284b92 9280d9a3faa716 8386984f92bfd6 be56cd7c4bfa59
39. 16593d2aa598a6 d62534326a40ee 0c1f1919936667 acbaf0eefdd395 36dbfdbf9e1439
40. 0bd7c7e683d280 54759e16cfd9ea cac9029104bd51 436d1dca1371d3 ca2f808654cdb2
41. 7d6923e47f97b5 70e256b741910c 7dd466ed5fff2e 26bec4a28e8cc4 5754ea7219d4eb
42. 75270aa4d3cc8d e0ae1d1897b7f4 4fe5663e8cb342 05a80e4a1a950d 66b4eb6ed4c99e
43. 3d7e9d469c6165 81677af04a2e15 ada4be60bc348d dfdfbbad739248 98ad5986f3ca1f
44.
45. 971d02ad

Re:Who revealed it

Nobody had to give it out. The encryption is weak, and it has been known for a long time that it would be possible to derive the master key given data from a sufficient number of devices. I'm surprised it took this long for someone to actually do it.

The viewpoint from two worlds

[Bruce+Perens]

I paid for my home with my share of Pixar's IPO. And I'm an Open Source evangelist. So, I'm in both worlds where this is concerned.

What I think is fair is for infringing redistribution of copyrighted content to be prosecuted as necessary. You really don't have the right to give all of the internet a copy of that Hannah Montana song. But when I have paid or done whatever is appropriate to gain the right to view that media on my LG TV, I should have the right to view it on my Linux system too.

So, basically I am for content creators having the right to monetize their work and against having an electronic cop in my TV room. And I'm against having Free Software locked out of being a player.

I hope the key is real and that it's really this simple. I am not equipped to test it today but I'm sure someone here is.

Re:The viewpoint from two worlds

[guruevi]

It gets worse actually, with HDCP you cannot use signal splitters or other devices like scalers or converters that are frequently used in professional projection and scientific setups. If you do, you will get snow (not immediately, just sometime down the road when somebody has loaded HDCP protected content) on the whole display (not just the content) making those things useless. If you use a splitter for example, you have to go out of your way and buy another device ($80) to sit on the primary channel to make sure it can't negotiate the HDCP encryption. But HD content will still play even if you don't have an HDCP-compatible setup (as there is no content I know off yet that forcefully locks people out of their Chinese/Wal-Mart TV/Blu-Ray el-cheapo knockoff setup), it's just that if you do have an HDCP-compatible setup (and you paid good money for eg. Dual-DVI KVM, splitter, displays and projectors with high-res 120Hz signals for scientific research), it will malfunction.

Hell, yes, hooray for freedom!

[KingSkippus]

Because it's always good to make it easier to break the law and steal movies.

No, because it makes it easier for you to use your content that you paid for with your hard-earned cash the way you want to instead of how some third party who doesn't have your best interest at heart (and who only wants to get their greedy fingers on the aforementioned hard-earned cash, whether they've earned it or not) would like to make you pay for it over and over for making personal copies, displaying on alternate devices, etc.

The ability to infringe copyright is simply a side effect. Yes, some people may use it for that purpose. I won't.

When they invented the car, are you the type that sarcastically would have said, "Because it's always good to make it easier to to get away after robbing a bank. What other law-breaking things can we invent? Maybe someone should add sound to our good ol' silent films so that people can break the law by singing copyrighted songs."

Re:Complete fail.

[ledow]

Like all encryption systems - if you learn enough about the keys, you can crack them and recover the original keys. In this case, just 40 devices with HDCP and a lot of mathematics is virtually guaranteed to recover the master key.

Don't use encryption to secure a digital product. It *will* fail because, at some point, you have to give people a key to access that product - thus they have access to the decrypted stream and to a number which is reliant on the private key. Encryption does NOT take account of protecting against an authorised user with a valid decryption key, or numbers of those users working in a concerted effort to crack your encryption. It's a misuse of the technology and any company that claims the opposite (e.g. all DRM companies) are lying to you.

Read beyond the summary.

[goodmanj]

In particular, read
    http://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection
and
    http://en.wikipedia.org/wiki/Blom's_scheme

Some key (heh) facts:
* This key is not stored in high-def devices themselves, nor does any manufacturer possess it. This is the key used to *make* individual manufacturers' keys.
* The generated manufacturers' keys are set up in a way that device A and B can communicate secretly without knowing each others' keys.
* Because of the way this system works, if enough individual manufacturers' keys are known, one can figure out the master key. In this case, "enough" is 40.

Important point: it's not like some random tech at Sony got fired and decided to blow the whole thing wide open. If it's a leak, it's a leak from just one or two specific keyholders at Intel, who developed the system. But it doesn't have to be: any random person with 40 different Blu-Ray players and a whole lot of cleverness could potentially figure this out.

Re:Read beyond the summary.

[goodmanj]

As far as I can tell, yes. Which is almost mind-bogglingly stupid. Keep in mind that it's not enough to just have 40 HDCP devices, you also have to crack them all, which involves either some really clever known-plaintext attacks or disassembling the firmware on each device. But if you can do it once, you can do it 40 times, so the only way to avoid having the master key leak is to never release that 40th manufacturer's key.

Re:there is no more excuse to steal movies

[pyite]

only excuse you may have is that you're outside the USA and want US content

Or if I want to use it under my terms and my choice of file format. On my choice of device. Using my choice of "unsupported" operating system.

It's people like you who let us get into this sort of situation in the first place.

Re:Proof?

[xtracto]

Cryptome has an interesting reading on the weakness of the key

Re:Isn't this like AACS

[the_other_chewey]

If i look at the pastbin post this is just a complex way to publish 40 keys, not ONE master key

It's the master key matrix - not an HDCP key by itself, but THE key to generate all valid HDCP keys.

Re:Who revealed it

[Iphtashu+Fitz]

Actually the master key doesn't exist on all devices. The master key is theoretically kept private and managed by the consortium that oversees HDCP. When a new vendor comes along then the HDCP consortium generates a sub-key from the master key and assigns it to that vendor. The vendor then uses that sub-key to create "sub-sub-keys" for each device they manufacture.

If a device key is compromised then the vendor can revoke it and issue a new sub-sub-key for the device. The HDCP consortium could also revoke the sub-key for the vendor, thereby invalidating all the vendor devices, if necessary.

The problem with the HDCP encryption is that if you have enough of those device keys (50 or so according to reports) then with a bit of grunt work you can reverse-engineer the HDCP consortium master key. That's apparently what happened in this case.

HDCP really has no legit reason to exist

[Sycraft-fu]

As you say, there are two separate issues, the issue of respecting copyright and the issue of doing what you want with your devices. Well HDCP does nothing to stop copyright infringement. The pirates just nab a copy earlier in the chain, just rip the disc. Sometimes they do it later in the chain, just record a movie in a theater. Either way the fact that they can't nab a signal from the wire doesn't matter at all, they don't even try.

What this does do is prevent legit uses. I really want to build a HD DVR for my living room. I don't want the one the cable company sells. Not only do you pay a monthly charge, but I don't care for its features or its tiny drive. I want to build my own. The capture card I want is already on the market, the Blackmagic Intensity. Expensive, but worth it. ...

Except HDCP stops all that from working.

So I could go and just download the content online, any and every thing I could want is out there, free for the taking. I cannot legitimately just record it off my expensive ($80/month currently) cable TV connection.

I'm very fed up with copy protection these days because this is what is happening. It isn't protecting anything, it is hurting normal users. It is so overbearing that it interferes with normal usage, and still it does nothing to stop infringement.

Another thing, along those lines, is I can't play Blu-ray movies on my PC. I have a BD-RW drive, 1920x1200 monitor and HDMI soundcard out to a massive home theater system. Seems like the tech is there. However because of the way my system works, the display output is mirrored, one copy via DVI to the screen, the other via HDMI to the soundcard, since it need a video signal to get clock from to send its sound. All devices HDCP enabled, but Blu-ray disallows playback in the event of a mirrored screen.

They've done a great job of protecting me from myself, but nothing to stop me from downloading a program and ripping and uploading their movies, if I so chose.

Re:Proof?

[imakemusic]

377. ???
378. Loss of profits.

Blu Ray: Now Ready for the Living Room?

[Blue+Stone]

It has other uses too: dissuading casual pirates from ever jumping ship and buying into the medium.

A friend of mine couldn't play a couple of Blu Ray discs he'd bought because of various compatibilty issues to do with updated keys or whatever. It convinced me that Blu Ray just wasn't ready for the living room. Why would I want to give these fools my money when it results in a crapshoot? No Blu Ray player for me, no discs either. I decided to spend my money on something that's not so flaky.

Re:Clever idea to slashdot the site with the key..

[El_Muerte_TDS]

Too large for a T-Shirt

Re:Clever idea to slashdot the site with the key..

[YourExperiment]

Not for most Slashdot readers!

Re:Who revealed it

[atamido]

Why did they bother to use weak encryption? Is it not trivial to make longer formulas etc. ?

There are two possible answers.

1. They didn't get smart enough people to design the system (see DVD CSS).

2. The complexity of the key system was limited so as to allow small/cheap/embedded devices to implement it with limited processing power and speed.

I'd say option 2 is more likely, but wouldn't be surprised with option 1.