Why DVD Encryption Crack was a Cinch

Devastator writes " Wired has a good article how how the DVD encryption was cracked. The DVD industry is scared speechless about the news." Its actually an interesting little summary of the situation. I wonder what it means for the DVD industry.

Good Example...

[Kid+Zero]

A chain is only as strong as its weakest link. This is a good example.

But then again, I do believe this will spur the Industry to do a better job, which will inspire more creative hacking, which will inspire better security... Benefits for all.

Ramifications in Other Industries

[Wyvern13]

The DVD encryption crap is simply yet another example of the Cathedral / Bazaar scenario which continues to manifest itself throughout the industry. The fact of the matter is that while majot corporation stuggle to keep up with the open-source community currently, this is not the way the industry was, say, five years ago. A form of economic or societal Darwinism has emerged in the computing industry, by which major corporations and the coding public work at furious rates just to stay even with each other. The DVD crack is one of the more and more common cases where the Linux community has outstretched "Big Business".

Re:Ramifications in Other Industries

His terminology is off but he is essentially correct. Whether or not it's the Linux code monkey community, or the Window code monkey community or the various cracker cabals.

The fact remains that corporations with limited resources are trying to go head to head with a planetful programmers with too much free time.

Re:Ramifications in Other Industries

[Foogle]

How would one have bazaar'ed this sort of thing? OpenSourced the encryption algorithm so that people could examine it?

Well that would've been nice, but the algorithm wasn't the problem -- it was the implementation of it. And of course, if the implementation was OpenSourced, then we wouldn't have to crack the key, because we'd have seen it already, embedded into the CSS routines.

The original poster was just spouting buzzwords, trying to get a stupid moderator to give him +1

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:Ramifications in Other Industries

The fact remains that corporations with limited resources are trying to go head to head with a planetful programmers with too much free time.

You hit the point sideways. DVD's are not a company vs. planet full of programmers. It's a single company that designed a product and released it before time. Blame Toshiba. They could (should) have waiting on the other manufacturerers to comment on their specs before they rushed to market with a known flawed (non)standard. A top exec at Sony still claims that Sony and Phillips are still considering dropping support for DVD's and creating a new working standard for storing digital video (with the same physical characteristics).

Re:Ramifications in Other Industries

another example of the Cathedral / Bazaar scenario

Not really. Most electronics companies wanted a carefully designed video standard. They knew whatever mistakes they made, would be felt for decades. Toshiba basically said FU, and started shipping DVD products. It isn't a development method arguement. It's a quick-and-dirty product rushed to market versus a carefully designed product. Even if the Bazaar method of development was used (e.g. Toshiba released an open spec and asked for help), no one could have made a working standing in the amount of time the marketing droids allocated.

Re:Ramifications in Other Industries

[Foogle]

Don't presume to tell me what I do and do not know -- That won't make it true. Yes, I do know quite a bit about cryptography. What I don't know much about is CSS. From the article I read, I was under the impression that it was a block cipher much like DES or Blowfish and that the way the hackers hacked it was because the original coders left the original key out in the open. Is that not the case?


-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:Ramifications in Other Industries

[Evangelion]

"Linux community"

How is this at all related to Linux, let alone the Linux Community?

It's a crack. Cracks happen all the time, regardless of the OS you're on. This has nothing to do with the Cathedral and/or the Bazzar. Really, how are software cracks and open source development related? Other than the latter making the former unessecary?

I'm confused by your comment....

Re:Ramifications in Other Industries

[dirty]

I'm curious, are you just spouting out buzz words, or did you actually sit down and think about what you were saying? This has NOTHING at all to do with "the Cathedral / Bazaar scenario". It's about a careless company and someone cracking a weak encryption scheme. It has nothing to do with open source, linux, whatever else you might want to call it. It's a crack. Sheesh.

Re:Ramifications in Other Industries

You know nothing of cryptography, nor of css, nor of its weaknesses. Why is DES _still_ secure even when you can download DES source code? Ditto for kerberos? Why can you get the source code to most of the next contenders following DES, if it would hurt their ability to be secure? Clue bat, divulging source to any encryption algorithm can't do anything to it, but make it more secure. And yes, the algorithm of css was the _problem_, not the implementation. The algorithm is is subject to divide and conquer. No algorithm that is subject to this can be said to be an encryption algorithm. No, just because the algorithm is open sourced, doesn't mean they have to post the keys that they use for it. For example, not all keys that are used by DES must be posted to the net in the clear for DES to work. In fact it may surprise you that people generally don't post their keys to the net.

Re:Ramifications in Other Industries

"Quick and dirty"? How long have the countries outside the USA been able to play (and copy) the VCD standard while we have been left clutching our crap VCRs? VCD was DOA in the states because the moron entertainment industry did not support it here. Toshiba *finally* released a standard after a gruelling 5 year wait for digital video standard simply because the movie conglomerates were so content with videotape and it's inherent limitations; generation to generation signal loss and added noise floor. Look how they killed DAT with serial copy management system! They hate perfect copies! If the major studios had their way, I'd pay royalties every time I hummed a tuned in my car. Fuck them, the release of 5.1 digital mastered Star Wars Episode1 DVD's have shown that if they don't play they're going to let some other team win. Let it be the team I'm on.

Re:Ramifications in Other Industries

Why, it sounds like Beta and VHS all over again. Only this time VHS will lose! =)

Re:Ramifications in Other Industries

Why did people go to the trouble of cracking CSS? To pirate DVDs? No, so that a free software player could be made. Why would your average Windows user want or care for such a thing? Yes, it's certainly relevant to people writing software and releasing the source code.

5 Bytes?

[Amphigory]

5 Bytes? And they call this secure? 5 Bytes is 40 bits, which means there are 2^40 possible keys. Although I don't know how much CPU is required to test a key, I tend to think a good computer could probably sniff them all out in a matter of days.

On another note... I wouldn't like to be Xing/Real Networks right now. I think the MPIA could make a really good case for them being libel for a massive amount of money due to their negligence.

Re:5 Bytes?

[jshepher]

Since it is encryption based, my guess they used 5
bytes (40 bits) because of export restrictions. It
has been proven that 40bit keys can be broken
quickly using today's computers. It was only a
matter of time until this happened.

Re:5 Bytes?

Say they cut off production. They would be open to class-action lawsuits from the people who bought players in good faith.

There's also nothing they can do to fix the situation. There are millions of players out there which use specific keys, some of which have been cracked. They can't release DVD's without those cracks, otherwise those players will become useless.

I don't think that we can really be sure of this. I can't believe that Disney or Viacom or whoever are dumb enough to issue licences which guarantee that they will release in these formats.

After all if another software industry can get away with the EULA, the movie industry must be able to wriggle out of this.

Re:5 Bytes?

I can't think of any reason at all why the Studios would allow any further IP they own to go out on the DVD format until it is fixed.

Right, just as they're soooo reluctant to let that same IP out on the ultra secure VHS, right?

Enjoy your VCRs, guys. We'll have them a bit longer if the crackers keep it up.

Hmm, yeah, they'll probably stop this sort of activity any second now. As long as there is data protection, there will be crackers.
Curiosity is human nature...

Re:5 Bytes?

[mlc]

an unrealistically high rate of, say, 10^4 (ten thousand) keys a second

I don't think that's unrealistically high at all. In fact, my Pentium II-333 is cracking 872 kilokeys in a second for distributed.net. Assuming that 40bit keys are easier to crack than 64bit keys and someone has slightly faster hardware than I do, they could easily reach a million keys in a second, likely more. Given that one could easily crack 10^6 keys in a second, it'd take only 10^6 seconds using your figures, which is only about 11 days. If we could reach 10^7 keys/second (not completely unreasonable, IMHO), it'd take only 10^5 seconds, or slightly more than a day.

Re:5 Bytes?

[jafac]

LIABLE

Spelling errors are one thing, but in this case, libel is also a legal term, meaning something completely different.

I wish I had a nickel for every time someone said "Information wants to be free".

Re:5 Bytes?

[lamour]

40 bits is a completely insane size

40 bit encryption only serves one purpose any more...it leads people into falsely believing their data is secure.

Re:5 Bytes?

[drudd]

Can't think of any reason? Howabout the billions of dollars they've invested in this format.

You don't throw away billions in R&D, marketing and production, simply because you're afraid that a small minority of that product will be lost to piracy.

Say they cut off production. They would be open to class-action lawsuits from the people who bought players in good faith.

There's also nothing they can do to fix the situation. There are millions of players out there which use specific keys, some of which have been cracked. They can't release DVD's without those cracks, otherwise those players will become useless.

Essentially the industry will make a lot of noise, and possibly line the pockets of their favorite legislators, but other than that, there's not much they can do about the situation.

Doug

Re:5 Bytes?

[Chops-Frozen-Water]

>5 Bytes? And they call this secure?
They were probably limited by the speed of decryption as to how complex/secure they could make the algorithm. DVD Video is coded twice if it's encrypted, and the MPEG2 video decoding isn't cheap (most PCs use dedicated hardware), so wasting time on complex decryption algorithms was probably out of the question.
--

Re:5 Bytes?

[Shimmer]

5 Bytes is 40 bits, which means there are 2^40 possible keys. ... I tend to think a good computer could probably sniff them all out in a matter of days.

Um, I don't think so. 2^40 is a little more than 10^12 (one trillion). Even testing at an unrealistically high rate of, say, 10^4 (ten thousand) keys a second would still take 10^8 (one hundred million) seconds, which is more than three years.

-- Brian

Re:5 Bytes?

[Ozwald]

There's a few things I just don't quite understand:

First, why encrypt it? What is stopping someone from doing a disk image copy from DVD to DVD (assuming the writer supports the size) or playing the DVD and recording it onto an older VCR?

Second, wouldn't encrypting the data then saving only specific vendor keys on the disk make it impossible for someone else to design and build a DVD player? They would only be able to play movies after a certain date manufacture date and would be up to their eyeballs in nondisclosures.

Even then, the only reason this is important to us is that finally open source software can now finally play DVDs. This encryption has been nothing more than an inconvenience to us simply because a handful of people are greedy. I say good riddance.

Re:5 Bytes?

First, why encrypt it? What is stopping someone from doing a disk image copy from DVD to DVD (assuming the writer supports the size) or playing the DVD and recording it onto an older VCR?

The purpose of the encryption is to keep people from decrypting the data and sending it over the web as MPEGs. You can copy the DVDs, but then they are much harder to send over the Internet (the guy at the other end needs a DVD burner).

Re:5 Bytes?

[Cramer]

First off, that stupid, moronic, idiotic law only applies to encryption and has nothing at all to do with software or hardware for decryption. Otherwise, the d.net clients would be illegal to download outside the US.

Second, that stupid, moronic, idiotic law doesn't apply to non-US citizens outside the US. If it wasn't developed by a US citizen and/or on US soil, then it doesn't apply.

Personally, I think they choose 40bit crypto for two reasons: they wanted it to be broken, and they didn't want a computationally intensive system. The more complex they make the crypto, the more complex the hardware/software will be to deal with it. Hardware based decoding wouldn't be much of an issue, however, software based systems could be a severe hinderance.

Re:5 Bytes?

My machine alone does about 2.2 million keys/s. Now we all know about www.distributed.net, right? With that said, I'd say it would take about a day.

Re:5 Bytes?

The encryption wasn't put in to keep DVDs off the web. When the DVD format was designed very few people outside academia knew of the internet, and AFAIK there was no WWW yet.

With CSS enabled disks, you can't even read much of the disk if you've not unlocked it -- you get read errors. The encryption is put on the disk to keep video pirates from reading DVDs and stamping their own.

It failed.

I have two "Hong Kong" DVDs right here (Matrix and 12 Monkeys) which have no CSS (I can mount either DVD and read the VOB files fine) no macrovision (I could copy them to VHS if I so desired), and no region code. I picked these two from a list of hundereds of "Hong Kong" DVDs. And, these disks pre-date the CSS crack at the least by several months.

Re:5 Bytes?

[Bill+Currie]

And, these disks pre-date the CSS crack at the least by several months.

That only means that these people somehow had access to CSS decryption and kept quiet about it, very much like security holes in proprietary (and, less often, open) software.

The question is, now that CSS is cracked for everyone and not just an `elite' few, what's the industry going to do? I suspect thay can't actually do anything that will allow them to `win'. For good of for ill, the various `recording' companies are losing control. In the long run, it's probably a good thing.

Re:5 Bytes?

[rew]

40 bits is a completely insane size

As people are used to algorithms that can do one encryption in about a microsecond, brute-forcing 40 bits becomes feasable. However, if your algorithm is inherently slow, and takes for example one second (on a current computer) to perform, then it would take about 34k years to break.

Now if computers continue to get faster at 1000 times every 20 years, that 40bit key to that encryption algorithm can be cracked by 34 computers in one year, 20 years from now.

That's "reasonable security".

One or two bits is rediculous. 40 bits isn't that bad, but it depends on the algorithm. Try a 40bit RSA key. That can be broken in seconds.

40 bits DES Is "tricky", and we can design an encryption that is pretty strong with 40 bits. There is nothing inherently wrong with 40 bits.

Roger.

Re:5 Bytes?

Actually... It takes 5 hours to crack 40-bit DES using a standard PC.

What a standard PC is defined like is a big mystery to me, but I guess it must be something like a P200...

Re:5 Bytes?

It will depend on the alglorithm used... just compare DES / RC5...

Re:5 Bytes?

[Thagg]

> They were probably limited by the speed of > decryption as to how complex/secure they could > make the algorithm. DVD Video is coded twice if > it's encrypted, and the MPEG2 video decoding > isn't cheap (most PCs use dedicated hardware), > so wasting time on complex decryption algorithms > was probably out of the question The length of the key has nothing to do with the time it takes to do decryption, for many ciphers. For RC4, in particular, the key can be up to 256 bytes, or 4096 bits, with no change in the speed. There has to be a different reason.

40 bits is a completely insane size; it can be cracked by anybody with a little time on their hands.

Unfortunately for the DVD companies, this cannot be fixed without recalling the millions of machines that are out there.

thad

Re:5 Bytes?

[AndyGuy]

Also the music industry has been releasing unsecure IP for years and is still making large profits.

The whole encyrption thing was just to make it a bit harder for home copying (pros could always simply copy the whole DVD).

Re:5 Bytes?

The DVD companies may be scrambling to implement a fix. I can't think of any reason at all why the Studios would allow any further IP they own to go out on the DVD format until it is fixed.

Enjoy your VCRs, guys. We'll have them a bit longer if the crackers keep it up.

Big surprise? Not really

[El+Volio]

Another "wow, I'm *totally* shocked.. NOT!" story. You mean somebody was sloppy in how they implemented their encryption? And that led to exploiting a design flaw? WOW... :)

In all seriousness, I have no problem with copy-protecting DVD's. All the new-age zealotry regarding IP aside, as it stands moviemakers and DVD producers have the right to profit from their efforts. If they stop profiting, they stop making movies, and poof! no more "Matrix"-quality films.

OTOH, kudos to the hackers (in the traditional sense) who broke it. This is a rare case of white-hat hacking being beneficial. The original designers should probably be held liable somehow, and future efforts in this regard will be MUCH more careful.

Re:Big surprise? Not really

[FLuke27]

Hollywood has been buying legislators off to get things like the Digital Millinium Copyright Act passed to pull an end-run around the Court. The act makes hacking out so-called "copy protection" a felony.

I suppose it's not enough that violating a copyright is illegal. That's the problem I have with these ideas... don't stop the method if it doesn't always = crime; stop the crime. They seem to be trying to make the laws idiot-proof... the idiots being the RIAA etc., who are too stupid to be able to protect the copyrights via due process etc.

Re:Big surprise? Not really

I'm not surprised in the slighest. In fact I actually warned people on the DVD (and SDMI for that matter) committee (unofficially) that this would happen and my advice to them was not to waste their time doing it in the first place. But by this time it was already well underway.

I'm posting this AC (I don't normally) to protect those involved.

Re:Big surprise? Not really

[platypus]

Trust me, they're not going to rest until they can get back to the original model - people paying every time they watch a movie (and, if they can pull that off, every time they listen to a song).

Yeah, they'll try, but I hope for them they'll see the light somewhere in the future.
I see this as a kind of market. Corporations trying to make as much money of the customer as they can, resulting in a black market of warez/mp3z/moviez.
Most people buy their favourite linux-distro (even the original one, not cheapbytes) instead of downloading it. Why? They feel buying it is rectified by the value.
In my opinion most people _are_ willing to pay for what they get, but they are not willing to pay bucks which are the tenfold of the value they get.
The battle of hollywood and the big music labels is lost, they have nothing left to fight.
Everything the could do is damned to fail, they can't use copyprotection cause they don't control the hardware, they can't check the whole internet for warez cause even geocities or tripod can't get their own servers clean, this is impossible.
(ie. just rename bla.mpd in bla.doc and their cute scanners will fail miserably).
Increasing bandwith will end the possibility of making a lot of money because you own the distribution and marketing channels, and that's what it all reduces to, IMO.

Re:Big surprise? Not really

[homebru]

Fifty years ago, when television started to become affordable for middle-class Americans, it was loudly denounced as the "killer of the movie industry". Who would pay money to go to a theater when they could stay home and watch for free.

So, to protect themselves, the movie industry imposed a rule that no movie could be shown on tv until seven years after its first theater appearance.

This lasted into the sixties, when the tv networks discovered how to make "made especially for tv" movies which would never be seen in theaters.

Point is, the movie industry has been in business for quite a while and will continue for quite a while longer. They have survived more technical inovations than most /. readers can remember.

They won't be put out of business by the DVD hack. Somehow, they will use it and build on it and come out better off than ever.

If you can figure out how they will do it, get a business practice patent on your idea and donate the immense profits to the Free Software Foundation.

Re:Big surprise? Not really

[C.Lee]

>If they stop profiting, they stop making movies, and poof! no more >"Matrix"-quality films.

Which is a good thing since "The Matrix" is a really shitty movie. Let's be honest here, The Matrix is basically nothing but a bad rip-off of TRON and/or the Terminator movies. If you want to this kind of stuff done well/right, look at the Manga and Anime series from Japan.

Re:Big surprise? Not really

[Foogle]

Future efforts? They would have to create a DVD-2 format, that used a different key or different cipher. All the old players wouldn't work with the new format, and that includes DVD-decoder cards that aren't flash-upgradable. Fortunately software-based DVD will probably not suffer much from this sort of turnover.

Anyway, with a 40-bit key, it would've been cracked eventually.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:Big surprise? Not really

There's nothing new-age about freedom. IP is an example of a consistutional exception to a constitution right (free speech). [actually, that's chronologically wrong but legally accurate]. Many people, such as myself, don't like itm because we consider freedom more important than money, and we know that all the best art comes from people who feel the same. In short, I consider copyright protection to be morally bankrupt and obsolete. -Dave Turner, AC of Convinience

Re:Big surprise? Not really

[Cramer]

That's the good (and bad) thing about the Supreme Court... Congres can pass whatever laws they want to, but it's up to the courts to enforce them. Once it reaches the Supreme Court -- they look at each other, shake their heads, say "I don't think so" -- and they declare the law unconstitutional, then the game is over. What's Congres going to do, pass the same law again?

Re:Big surprise? Not really

[stevew]

First - I'm going to impart a little bit of information to the multitudes concerning CSS on DVD.

I know the above because I worked for a semiconductor company that was considering doing a DVD decoder chip. The company reviewed the requirements for getting the CSS codes. Some of the relevant details from the contract. You have to essentially brain-wipe your engineers if they leave the company(not an exageration either.) If the consortium requires a change in the implementation you must get it to silicon in 6 months(not easy for fabless companies.) The folks supplying content can hold your company liable for violating/exposing the CSS (Xing is going to have LOTS of trouble here me thinks..) Summary - you sign away your company to the consortium. Note - all of this is from year old memory...

The contract was SO draconian that major parts of it were invalid under CA law.

Now with that said - if someone comes along and reverse-engineers your encryption scheme so they can play DVD devices without belonging to the consortium and subjecting themselves to the awful contractual agreements...this would be a GOOD thing! Building a player for instance that used the OS version of the decryption algorithm wouldn't be violating anyones' copyright. This would only be adding competition to the consortium and help drive prices down... why is this a bad thing?

Having laws that allow clean-room style reverse-engineering are draconian in their own right and I oppose them for the above reasons. What if Apple had won their look-and-feel lawsuit years ago -whoops, no X Windows as an example.

enuff said.

Re:Big surprise? Not really

> All the new-age zealotry regarding IP aside, as it stands moviemakers and DVD producers have the right to profit from their efforts Isn't that like saying, "all the counter-arguments to my argument aside, my argument has no counter-argument"?

Re:Big surprise? Not really

>>If they stop profiting, they stop making movies, and poof! no more "Matrix"-quality films.


Is that a promise?

Re:Big surprise? Not really

[K8Fan]

In all seriousness, I have no problem with copy-protecting DVD's. All the new-age zealotry regarding IP aside, as it stands moviemakers and DVD producers have the right to profit from their efforts. If they stop profiting, they stop making movies, and poof! no more "Matrix"-quality films.

Not true. Movie studios have always profited from making films, and have always spent whatever they felt necessary to do so.

I think we can all agree that home video has been the best thing to ever happen to the movie industry. What you might not remember is that they fought home video tooth and nail. Various movie studio executives insisted that their films would never be released to home video. Disney and Universal sued Sony for inventing the home VCR! They claimed that the very existence of home taping would destroy their studios and empty theaters. You might think this is an exageration, but just ask anyone who was involved in home video in the very early 1980s.

In spite of their best idiotic efforts, the consumer electronics industry won out and practically forced huge piles of money into the hands of the studio bosses. These idiots, had they had their way, would have smothered home video in it's cradle.

Most /. readers are too young to remember the bad old days, when seeing anything other than a current release meant waiting for it on regular TV or maybe talking an art house into showing it on the next schedule. Trust me, it sucked.

But one thing about Hollywood...once they start making money (even when they are forced to do so) they get insanely greedy. They start to expect it, and they want to make sure they squeeze every penny possible out of the suckers (us). That's how idiotic plans like DIVX get launched...and why they keep pushing Pay-Per-View. Trust me, they're not going to rest until they can get back to the original model - people paying every time they watch a movie (and, if they can pull that off, every time they listen to a song).

...and the media conglomerates are exerting all the pressure they can to make consumers believe this seems reasonable. The Supreme Court in the Sony case ruled that home taping was a privacy issue, that what a person did in the privacy of their own home with a VCR was their own business. Hollywood has been buying legislators off to get things like the Digital Millinium Copyright Act passed to pull an end-run around the Court. The act makes hacking out so-called "copy protection" a felony.

Re:Big surprise? Not really

(Hypothetical:) If the people with large political clout believe the law which was ruled unconstitutional is important enough, they will push for a constitutional admendment which embodies the spirit of the bad law.

Copyright Protection

[Evil+Greeb]

As mentioned on Ross Anderson's Webpage here, breaking copyright protection can always be done.

This case is lamentable because it was defeated so easily, in a way that shouldn't have been allowed to happen.

Encryption isn't all its cracked up to be.

arent DVD recorders already avaiable???

[scarbelly]

"I would expect it could also delay the advent of recordable DVD, because it'll give people a medium to write these hacked video files."

too late?

toshiba reply etc

[Porky+Pig]

'We will fight against the illegal software,
blah blah blah ...'. This is soooo pathetic!
The fact is that very small percentage of the
users would be doing 'illegal copying', but those
surely would go to the furthest possible extent
to break through all the locks. The entertainment
industry is both paranoid and stupid.

Now I've been reading of digital watermarks on
DVD-Audio, which, in fact, are not entirely
transparent and somewhat degrade the quality of
sound. Don't you think the future of DVD-Audio
is sort of written on a wall?

Re:toshiba reply etc

[WNight]

It seems to me that while watermarking could be fairly resistant to unintentional audio manipulation, or uninformed attempts to destroy it, it should fall quite easily to a compotent attack.

It seems that watermarking should be a security-by-obscurity method, where if you knew the protocol by which the original was modified, you should be able to find where that code is stored in the source media, and remove, or scramble it.

By knowing where the data is stored, smaller changes should suffice to mask it then if you had to add whtie noise to the whole file in order to hope to kill the watermark.

Also, helping this, is that for any watermarking scheme to be effective, there has to be an easily available way to tell if a file is watermarked. For instance, in photoshop, loading a marked file produces a (c) symbol after the filename, and will display creator info. If you had to mail this file to the company to get an answer back, it would be so cumbersome that nobody would use it. This means that the watermark readers have to be visible, if only in binary form, to watch them work.

All systems that are watermarked and checked on client computers are as good as broken whenever someone compotent wants to try. Being that watermarking is the hiding of a secret key in a document, and that secret key can't be too secret, because you can watch it be generated (it is your computer, and you can use a debugger) you can also remove it, by applying the inverse of that secret key to the watermarked file.

This is complicated a bit by the fact that digital music watermarking could be done in secret, and with a key that we wouldn't know. As long as Sony music could send a copy of the MP3 to the marking company and have the key checked, it would satisfy their needs. And we're also prevented from using known-plaintext attacks unless someone gets an unmarked version of the song from pre-production, just before the watermarking.

But even this should be vulnerable. Even if we can't remove the watermark by applying the inverse, we could, if we knew how it was done, mask out just the relevant bits, and scramble the key beyond reading in a much more subtle way than by applying a strong white noise to the whole file.

The very fact that watermarks have to be robust also means that they can be found, if their format can be discovered, which makes them security by obscurity.

If watermarking was done in such a way that you could check if Company A owned the file by constructing a watermark for Company A, for that file, and then looking for it, it would be easier to hide. But, watermarking needs to be read without knowing the result, to see which company's mark is used, not simply to state if a known mark is there or not.

If the mark could not be read without knowing it, then more subtle ways of hiding the mark could be used that depended on the specific mark. (ie, if the first bit is 0, do this, else, if this, do that...) But, the mark must always be readable in a standard way. This means it has to be fairly easy to find. Sort of like using SYNC bytes on storage media to let you know where the data begins.

Once you know the format of the sync data, and can use that to find the specific areas that the watermark would change, even if you can't determine what the data was before being changed, you could write over it with random data, along with the sync data you used to find it, the hopefully rendering the watermark unreadable.

Any problems with this theory?

Re:toshiba reply etc

[Zurk]

ya. you can watermark with frequency information i.e. 1 bit for a whole range of unique frequencies spread over several dozen physical bits in the file. This makes is pretty tough to remove the watermark especially if several watermarks are hidden in the file...its also tougher to encode the watermark and/or verify it however..think of it as several dozen plastic straws painted the same colour as the surrounding hay in a haystack..pretty difficult to find and remove.

Re:toshiba reply etc

> 'We will fight against the illegal software,
> blah blah blah ...'. This is soooo pathetic!
> The fact is that very small percentage of the
> users would be doing 'illegal copying', but
> those surely would go to the furthest possible
> extent to break through all the locks. The
> entertainment industry is both paranoid and
> stupid.

I really propose we discover some way to exploit that fact. They seem to be professionals in exploitation, maybe the only way to deal with these slimeballs. The CTEA, DMCA, all that legislative crap... Is further explaination that these people are not interested in fair business practices... They want a every law to be one-sided (Their side)

Re:toshiba reply etc

[Wohali]

Now I've been reading of digital watermarks on DVD-Audio, which, in fact, are not entirely transparent and somewhat degrade the quality of sound. Don't you think the future of DVD-Audio is sort of written on a wall?

Not necessarily. Look at mp3 - a clearly inferior standard (to full 16bit, 44.1kHz 2-channel stereo CD audio) has taken off because people are willing to sacrifice some audio quality for a small file size. MiniDisc is now also taking off under much the same auspices - psychoacoustic processing reduces the amount of information stored, so the physical medium can be smaller.

What's a more interesting question, and is approaching completely off-topic, is whether or not all musicians will embrace 5.1 audio for their production. 2-channel audio is quite well entrenched, and the optimization of a stereo system in a room is MUCH easier than setting up a room for good 5.1 audio. The end result is that it's a hell of a lot easier to make 2-channel audio sound great...and with the typical DUMB consumer out there, the advantages of DVD-Audio aren't yet obvious.

Getting back on track, digital watermarking is being proven out which does not affect the quality of the audio. A brilliant audio engineer and electronic musician, Larry Fast (of Synergy and Peter Gabriel fame) has wholeheartedly endorsed this technology - and mentions on his site that he wants to use it for attribution ("Hey, I wrote this song!") rather than for copy protection. This, more than anything, may set a trend -- not as a means by which copying is prohibited, but to serve as an identifier of the original source of a given audio recording. I expect to see this everywhere in 10 years; think of it as a GIF comment for audio.

Learning from Microsoft

[finkployd]

After using such a weak encryption method in the DVD format, the Japanese company responded by attacking the people responsible for breaking it and threatening lawsuits (good luck, since the "crackers" responsible remain anonymous).
Kind of reminds one of the revent security hole in Hotmail, where instead of admiting any responsibility, Microsoft attacked the horrible people who discovered the problem.

I think the concept of blaming the people who break security and pointing all the fingers at them is on it's way out, I believe the people who create the encryption and security methods should be held more accountable for weak security. Come on, without these "crackers" who break into things, we would still be XORing bytes and considering that the ultimate security.

Finkployd

Re:Learning from Microsoft

[aqua]

True enough -- vendor response to security problems has historically been pitiful. Though in this case, I have to wonder whether it would have been desirable -- had CSS not been broken, but instead quietly reported and fixed, DVD would still be closed, the vendors would still be dragging their coattails through high-nosed proprietary BS, and work would have continued on breaking the new revision. That's assuming it was fixable, since lots of DVDs and players have shipped, and any adjustments would have to sustain backwards compatibility.

The security research ethic as taught in universities is that you tell the vendor and give them time to ship a fix before a vulnerability becomes common knowledge, but if the vendor doesn't produce a fix (as they often don't), full-disclosure is among the available options.

Which comes to the other point, namely that the movie industry liked DVD largely because it was (a) somewhat more desirable for consumers while costing less to manufacture, and (b) closed, and therefore subject to more control over how it moved -- like how most players don't allow you to skip over the usual copy-this-and-die FBI warning at the beginning, and some don't allow skipping of the various logos at the beginning. By and large, the computer community had no interest in letting it remain closed (we've been trying to reverse-engineer it all this time, remember), and has never based itself on the potential profit to be made by already greedy conglomerates.

And, based on the coverage sofar, the security on CSS was a poor engineering job -- as tends to happen to closed security systems. 40 bit keys don't work anymore, and in general, anyone who designs a security system without adequate consideration of the factors deserves what happens.

One possibility is that the music industry will try to distance itself from DVD, but I doubt it, unless they have some unannounced alternative up their sleeves (DVD2? Same thing plus a firmware "upgrade" to the players?), the alternative is VHS, which is much easier to copy than DVD, though harder to make a new master in a counterfeit manufactury.

I'd speculate that in 1-3y bandwidth will have gotten to where VOMs can be moved around the way MP3s are now, and it will continue to have a negligible effect on industry earnings, and we'll hear tons of whining from the movie industry. Then Microsoft will put out Microsoft Video System, which will itself get cracked in a few days, and then there will be sardonic laughter. insuff des

Re:Learning from Microsoft

[jafac]

It's called an "Ad Hominem" attack. Go after the person who's presenting the logical argument against you, instead of attacking the logical argument (because you can't beat it, because you're likely wrong).

When people start resorting to Ad Hominem attacks, it's generally a sign that they're wrong (of course, this statement, in of itself, is an Ad Hominem attack - that's the problem with this logic, it recurses don't it?)

I wish I had a nickel for every time someone said "Information wants to be free".

Re:Learning from Microsoft

[Evil+Greeb]

If there weren't any crackers breaking (into) things, XORing bytes would still provide enough security!

Its how you use the knowledge that counts. If you discover a security hole, then you could either:

• do something to exploit it
• ignore it
• inform the appropriate people, so that it gets fixed

If you ignore it, then you're in effect helping the 'bad guys', who will inevitably discover this vulnerability and exploit it, when in fact there may have been a chance to get it fixed.

If you exploit it, you could either keep the discovery to yourself, make it public so that every cr/hacker-wannabe can use it for their own interests, or make it public to put pressure onto a body to fix it (as in the MS hotmail case). In the first two cases, you're being the bad guy, in the second case, your motivation is good, but your implementation is flawed: this should only be tried as a last resort.

If you report it, and it gets fixed, then kudos all round.

Encryption isn't all its cracked up to be.

Re:Learning from Microsoft

[Nyarly]

If you report it, and it gets fixed, then kudos all round.

That'd be great, but the publicity of the thing is that you report it and They ignore you. This is Microsoft's second favorite game, after inflating mediocre products. IIRC, Back Orifice was created in response to a brushoff from MS.

Granted, the flip side is that when the glitch gets fixed, no one hears about it, since the company in question is desperate to keep that sort of information quiet.

Finally though, what would the fix have been in this case? Not to continue the license to XingDVD or RealNetworks? Their key would still be plaintext and useful for guessing new keys.

Furthermore, what could the fix be now? Scrap this DVD standard and replace it with a new one? A resurgance of DIVX(fie!)? You're dealing with an existing hardware market that is just beginning to take off that you would be completely destroying if you scrap the existing security. Any new security system would have to be a superset of the old one, which mean it would be no more secure.

Re:Learning from Microsoft

[TheCarp]

Well you know...
these companies just have to learn
"When you point your finger, 3 more point back
at you"

Its silly, its simple...god damnit...its right.

Re:Learning from Microsoft

[GeorgeMcBay]

To be anal about it, XORing doesn't really have anything to do with the security of one-time pads. You could use the pad data as wrap-around byte offsets to the real data just as well as using XORs. XORs are just convienient because they are self reversing.

Re:Not gonna happen in a million years

Of course you're ignoring the fact that we had CD audio media for many years before CD-R drives became commonly available and affordable. The infrastructure was committed to CD audio long before it became trivial to steal and duplicate the content.

DVD is still new. I personally don't know of anybody who has a DVD player. This stuff could kill it as a mainstream format.

Ever heard of 12" laser videodisks?

Re:not much time left...

[TheCarp]

1) True but...US law has a way of becomming
the law in other countries. Remember, we are
the last Super Bully

2) Unconstitutional? when has that stopped them
before?
Hell there is legislation being considered (its
passed the house and in the senate) to make
a certain drug illegal. Technically...it would
make the posession or sale of Red Meat illegal
in the US (since it contains it in small quantity)

(yea I know they wont enforce it in that manner
but...its just to illistrate the silliness of it..
technically...your brain is already illegal
to posess due to other chemicals it makes)

We do care, that it is not immoral

[marcus]

> So now that some folks have figured out how to STEAL DvD data, what next?

I, and many others, figured out how to STEAL dvds a long time ago. All you do is walk up to your local video store with a sledgehammer, break the glass, walk in and grab an armfull, and then run.

What these guys have done is taken the first step that will allow me to play dvds on my box.

I am happy. I am not stupid. I won't be wasting my valuable time copying and distributing dvds. It's MUCH easier and less expensive if you include the cost of your personal time to just go to the store and buy another disk rather than buy blanks, copy something onto them, find customers that will be willing to buy at a discounted price, sell, make sure that I'm not going to get stung by the law enforcers, etc. etc. etc.

To put it simply, pirating dvds will not be profitable for a long, long time.

The "old fashioned" method I described above is much more profitable than disk copying and a much greater risk to, and currently a greater drag on, the profits of the "dvd industry".

One reason why Windows-Only is a Bad Idea

The only reason this was cracked is that the
technology was made available only to Windows
users.

The smartest people on the planet do not use
Windows, so you combine high intelligence with
a strong motive to crack DVD...

If they had made Linux-based DVD players it would
never have been cracked.

Mark

Re:link to the utility?

Here's the link. http://www.nico-soft.de/DVD1/home1.html I'm going to pick up a DVD-ROM this weekend to try it. Should be neat.

It's already being done

Remember MKUltra? The top secret project in which the gov't was able to brainwash people into committing violent acts? I'm sure you've seen it at work today, what w/ all the school shootings and such. As for those who survive, they make it into college and M$ pays them a visit (w/ bags of yummy cash).

When will they learn...

[Wah]

"In the future, the laboratories will be more actively conducting strict surveillance and take counter measures against illegal, inappropriate software and hardware in the market. Moreover, we believe that, based on the recent legislation, legal measures and steps will be taken by copyright holders against such violation of intellectual properties," Mikura wrote.

If you can't solve a problem technologically, do it with legislation. Since encrypting DVDs didn't work it looks like they'll move to the next step, prosecuting the hell out of everyone they catch. Which will most likely be a bunch of kids trading the latest releases. Nothing like harassing kids for good PR.

Sorry, but the Internet makes the control of digital media IMPOSSIBLE. This is a fact, if you want to make big money with digital media you have to understand this fact and move from there. No major media companies have yet acknowledged this and they will fight it until they die or give in. Goes to show you, you can't teach an old dog how to use the Internet.

Re:When will they learn...

[netwiz]

Well, this also goes along with a pet theory of mine. All these big media companies are money-grubbing greed-driven capitalists. At some point they're going to have to get used to slimmer margins, as what they're trying to do is make up for expense in volume, and that requires you to drop your price. Look at hard drives. The individual margin for a disk from say, Seagate (EIDE, not SCSI), is around 2-5%. They make up the cost by selling zillions of drives. The margins on a DVD are around 90%. they dont' really care if the DVD doesn't sell, as the studio is usually ahead by the end of the theater run; any money that comes in from rentals and home-video purchases is pretty much pure profit.

Re:So do slashdot folks care that this is immoral?

[vyesue]

can't really work in the real world? I disagree. as a matter of fact, the more times things like this happen -- the more information that starts off as billion dollar top secret encrypted info and then becomes nothing more than a little bit of code embedded in a widely distributed application -- the more its going to become obvious that free information can work very well.

your medical records, my civil court records, their credit records, the movie industry's precious DVD keys... all this information is going to become publicly available, and there's really no way to stop it - the best we can hope to do is figure out how to live best with the fact that information is very hard to contain.

Re:So do slashdot folks care that this is immoral?

[K8Fan]

The "immorality" of copying DVDs is right up there with the "immorality" of copying a magazine article. The truth is that the invention of the Xerox machine did not destroy the publishing business. Even though is is possible to copy all the interesting articles in a magazine for less than the cost of an issue, the magazine business is rolling along better than ever. Why? Is it possible that the people running the movie studios are insanely greedy?

The entire home video industry is gravy for the movie industry. Worst case, they'll have to go back to making their money off the the theatrical showing of their films instead of counting making as much again off the home video rights.

Re:DIVX was right

[cburley]

But isn't DIVX at least as dependent on some kind of copy-protection scheme as DVD?

Seems to me that if you can defeat the DIVX scheme, you then get even cheaper movies that you don't have to pay to view at all, compared to DVD!

(I don't use DVD or DIVX, by the way.)

Forced Format Switch for Security(CD -> DVD Audio)

If it [is] going [be a problem to produce DVDs now], nobody would be producing audio or data CDs. We have had CD-R drives for what, 6 years now?

I have to wonder if that's part of the reason for DVD Audio-- to make the public switch from CD to DVD for music. I'm sure the recording industry would much rather have a format with security like DVD's rather than the weak "security" of CDs.

This reminds me-- I've got to get a CD-R drive soon. I suppose you all know what I'm going to use it for. All I can say is, if the industry doesn't take steps to protect what's theirs (their intellectual property), they'll get exactly what they deserve.

Don't call the movie studios and record labels "victims" of some "communist pirate pig-dogs." (Well, I suppose people who copy this stuff are "communist pirate pig-dogs," but that's not the point.) If the industry doesn't properly protect itself, it deserves to lose everything. I have no sympathy at all for them.

Think of it like this: you leave your front door unlocked everyday while you're away at work, and one day, a thief breaks in and steals everything. Will your neighbours feel sorry for you? Should they?

Re:How does it work, really?

[Nyarly]

That might just be reasonable iff there was a huge market share held by a> any one player or b> any one disc press house. Then MAYBE they could pull that kind of nonsense and say "We have DVD2K!" and make it backwards compatible with the other side of the market's product. I suspect that a monopolistic player company would have an easier time of it.

Then they could redo the security of it, and expect results. Some extra features wouldn't hurt, but overall, all they'd really need to do is make the play. In the most ideal situation a partnership of two huge companies would be required: one to produce DVD2k players with backwards compatibility, and the other to make DVD2K discs out of all the new content they could lay hands on.

However, I don't think we are anywhere near that kind of situation. The cost-of-duplication argument aside (because it's silly; I heard that one when CD-R was just starting), to circumvent the clusterfuck they've invented would destroy the DVD market as it exists now. And it isn't firmly enough embedded for a changover.

DVD encryption is so stupid!!!!

I mean, come on. Do the math. The Matrix on DVD costs $25 at Tower, $19 at AbbyRoad, $17.45 at DVD Empire, and $20 at BigStar. (Verify this at http://shopping.yahoo.com/shop?cf=1&d=v&id=1086960 )

The 5.2 GB DVD RAM disk costs $25. (http://queen.pricewatch.com/search/search.idq?ne= 16139&l=16093&qc=%22DVD%22*+AND+%22MEDIA %22*&CiCodePage=Windows-)

It costs more to copy the thing than to buy the DVD. Sure, you can make VCD's out of it, but then you throw out a huge portion of the features in a DVD. And whatcha gonna do when games come out on DVD and they're all 5 gigs in size (thanks to all the movies, textures, maps, etc.) and the cost of copying them is easily half the price of the game? Trust me, DVD is in no immediate danger of being consumed by piracy, as long as the DVD-RAM media and players/writers are all so expensive, as they will be for quite a long time. Now DVD based music, on the other hand........... ====== I'm posting as an AC but you can contact me as Steve Chaney at gunhed@earthlink.net

Re:DVD encryption is so stupid!!!!

[Foogle]

Yeah, you could've said the same thing about CDRs in the early 90's. Now a blank CD costs under $1. Why shouldn't the industry expect DVD-RAM to go down in price?

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:Matrix?

[DodgyGeezer]

Do you feel good now that you've pointlessly flamed somedbody - and sounded condescending and like a complete snob in the process? Quite pathetic aren't you?

You might not have liked it, or thought it was a quality film, but don't bash others who did. Everybody enjoys different things. One of my favourite films this year was "Eyes Wide Shut", but that got really hammered some people. So what?

Express your opinion, but it's not necessary to put somebody else down in the process. I happen to think that it was a quality film. I also think that Hong Kong turns out far more crappy action films than good.

How can breaking trade secret be "illegal"?

From the article:

"The circulation through the Internet of the illegal and inappropriate software is against the stream of copyright protection.

The vicious hiss of a toothless kitten.

How can breaking a trade secret be illegal? Keeping trade secrets is risky by nature. Ya want security and suability? Patent your design! But then the design becomes a matter of public record. If companies choose not to protect their inventions, then they have no right to bitch when details are leaked. Besides, the DVD consortium was sloppy. Look at the formula for coke and pepsi. They're still secret after 100 years. But if someone posts it to the 'net and everyone starts producing their own cola. Coca-Cola has ZERO legal recourse.

Re:How can breaking trade secret be "illegal"?

Under the Digital Millennium Copyright Act,
"creating or distributing technology" that can be
used to circumvent copy protection (of digital
works only, mind you!) is a "copyright violation,"
subject to a $2500/copy fine, plus jail time.

This was pushed for by Hollywood. Think about
that next time someone claims that this took them
by surprise.

Re:How can breaking trade secret be "illegal"?

[Malo]

Ah, I'm so depressed about this entire issue. I thought the EFF would have whaled on this horrible bill, but they didn't. I didn't see much negative written about it at all. Yet, I see it being used to keep things secret.

"From the article:

""The circulation through the Internet of the illegal and inappropriate software is against the stream of copyright protection."

Thank you Clinton, Thank you DMCA, and Thank you Congress. Considering that it starts to take effect as of 1/1/2000. I expect the lawsuits to be hurled at Livid, and anyone who's even sniffed the source code around 1/3/2000.

The only saving grace of this entire mess?

From the text of the DMCA.

"Reverse Engineering Exception. Section 1201(f) allows software developers to circumvent technological protection measures of a lawfully obtained computer program in order to identify the elements necessary to achieve interoperability of an independently created computer program with other programs. A person may reverse engineer the lawfully acquired program only where the elements necessary to achieve interoperability are not readily available and reverse engineering is otherwise permitted under the copyright law.7 Furthermore, a person may develop and employ technological means to circumvent and make available to others the information or means for the purpose of achieving interoperability"

It means that while every DVD maker can try to sue to stop things like this, it means that as long as the project is attempting to add functionality (insert Play DVD's under Linux here), they are cool. Unless they've amended the act, again.

If anything? I'd be worried more about WIPO. http://www.wipo.org/eng/. DMCA is merely the first step in more laws intended to modify American Legistlation to be more friendly towards WIPO in general. Honestly? I can't say it's a bad thing, because some of the laws need to be amended, but in this hostile climate of anti-everyone, and anti-anything-that's-bad. I'm sure a great deal of shitty law will be passed.

When in doubt? Write your congressman, write your senator. See if they even have a clue on this issue.

Re:How can breaking trade secret be "illegal"?

[Darby]

Question. This thing actually passed?!?
"creating or distributing technology" that can be used to circumvent copy protection
Let's see. A compiler, a debugger, a disassembler,a text editor, a DVD Burner............
Do you remember what they used to crack the protection on Lotus 123 all those years ago?
That's right. A hole punch. Snip bad sector gone.
It looks like everything is illegal now.
---CONFLICT!!---

Re:How can breaking trade secret be "illegal"?

It's like RMS's story "The Road to Tycho" in which computer use was heavily restricted and you required a special license to use a debugger. If you used it unauthorized, the SPA and Microsoft shocktroopers would come get you.

Re:How can breaking trade secret be "illegal"?

[Darby]

Wow.

I'll have to read that.
---CONFLICT!!---

5:1 for music unimpressive to my ears ...

[__aadkms7016]

At AES last year I went to a Dobly demo room, where they remixed different types of music for 5:1. Musically, I can't say it added anything to the experience for me.

Now, for movies and video games its different, placement around the space has meaning in the context of the story, but there's a long tradition of musicians all being in one place -- on a stage -- and people sitting in front of them, which is a good match for stereo placement.

Re:5:1 for music unimpressive to my ears ...

I'm not that old, but my parents still have a car that plays quadrophonic sound from 8-tracks. It's pretty cool!

Re:5:1 for music unimpressive to my ears ...

[freq]

Im not really impressed with anything over 2 channels of audio for any environment.

It just reeks of novelty... (anyone remember quadraphonic sound???) just a way to get people with too much money to buy more speakers...

to me multi-channel audio doesn't even fit well into the context of a movie. a movie takes place on a 2 dimensional field. sound from anywhere besides the front is distracting, and seldom used for any meaningful effect.

its hard enough setting up a decent listening environment for 2 channels! and besides the pan knobs on my mixer only go from L to R :)

Country of origin?

[TheCarp]

Ok I have 2 notes here as more than a couple
of people have said that "Dissassembly isn't
illegal"

A) The Crackers were NOT in the US. Therefore
they are not under US law. This argument thus
means nothing.

B) Sony is not a US company (they are Japanese)
thus only their offices in the US are under US
law. Again...this statement means nothing.

C) The statment itself is also useless, since
the Crackers were not in Japan. So even if it is
illegal under Japanese law, it may not be illegal
where they are.

D) The statment was probably written by someone in
some PR department. Regardless of legality, they
want to make these actions SOUND illegal and "Bad"

E) People in PR departments may not be experts in
copyright law...international or not.

Anyone have a copy of the source?

Anyone have a copy of the source? The original msg has been removed. :|

Some kind person tried putting it in a /. article, but it apparently didnt survive.

Wanna e-mail it to me so I can plop it on a nice little box for all to see?
paulmezz AT mail DOT rit DOT edu

(I actually am not an AC, I just forgot my password and i'm at work)

thx
MentlFlos

Re: NOT IMMORAL - there is just no Linux support

The primary reason it was hacked is that there
was no way to view DVD's on Linux...

What is immoral about wanting to play DVD's on
your computer??

If people copy the raw data, that is immoral...
just like copying copyrighted MP3's is immoral.

Re:So do slashdot folks care that this is immoral?

[Ranger+Rick]

> Do any of you out there even CARE? Or like I
> figure, none of you understand how you get paid
> (many of you are students ANYWAY!) and how lost
> profits affect you.

Well, I assume the archival law still applies here (you can make a backup copy for storage). Not only that, but I know of a real-world, legitimate use for this...

My friend has a lot of DVDs, and he travels often for work, but he can't yet afford a portable DVD-playing device (be it DVD-ROM or one of those spiffy mini players). He asked me if there was something to extract them, because he has a laptop (without a DVD-ROM), and wanted to know if there was a way to convert them to VCDs so he can watch them on the road.

This has been said on Slashdot many times in other contexts, but... just because it's been cracked doesn't mean it was done maliciously. There *are* real-world, legitimate uses for this (DVD-playing for Linux? Archived VCDs?), just as there are illegitimate uses.

Granted, maybe more people will use it for Evil than will use it for Good (TM), we have yet to see.

Let's blame the Republicans

They're the fuching morons who are trying to prevent the export of encryption because of "foreign" threats (yeah, right, the real threats are the idiots already past our borders). The (h/cr)ackers responsible for this shouldn't be blamed since they've enlightened us with the knowledge that what we do can easily backfire on us.

The article is gone !!

[matsh]

http://www.wired.com/news/technology/0,1282,32263, 00.html

They have removed it, yes?

Re:The article is gone !!

[Guy+Harris]

They have removed it, yes?

No.

Re:The article is gone !!

[matsh]

Sorry, it does not show up in Netscape 4.7 (NT).

Re:The article is gone !!

[Guy+Harris]

Sorry, it does not show up in Netscape 4.7 (NT).

Perhaps it didn't show up for you in Netscape 4.7 (NT), but it showed up for me in Netscape 4.7 (NT).

He's right

Please moderate this up.

Wonder what will happen to Xing and/or Real...

[prop-hed]

Networks when the MPAA gets there guidos working on this. Makes you think...I don't wish any "ill" towards either company, but it wouldn't surprise me if either of them "disappeared". Youse knows what I mean?

DOH !!

and it was a subsidiary of RealNetworks that failed to encrypt thier key.
hahahahahahah

Re:DVD-R

[jilles]

DVD-r is already too late. My harddrive is already 17 GB (which is actually quite modest these days), which is the maximum size definedby the DVD standard, though dvd-r is probably way below that. So I don't think the relief a dvd-r provides above normal cd-r will last long.

So I hope there will be something more advanced soon.

Re:DVD Encryption? Good riddance

[lw54]

Ummm... Have you tried copying a DVD to VHS?

Re:DVD is Dead Anyway.

However, since you don't "own" the content you "have" on all that media you insist on posessing, the license to view/listen to the content on the media, while somewhat non-revokable, does not grant you ownership of the content.

Yep, you've "got" it alright. But with attitudes like yours, not a lot more will be stored on media you can keep indefinitely.

What about re-encoding?

[tietokone-olmi]

Storing the raw DVD video/audio data is foolish, yes. But the DVD video is of such high quality that it is feasible to downgrade it to, say, 400x300 or 512x384 pixels in truecolor and MPEG-1 it at a reasonable bitrate. That'll still result in higher quality video than what has been previously available to the w4r3z-keepers.

Re:What about re-encoding?

[tietokone-olmi]

Yes, MPEG2 is more efficient. But the efficiency results mainly in more bang for the bit, i.e. a better looking picture at more frames per sec at the same bitrate.

What I was getting at is that if one were to take the MPEG2 stream apart and encode the decoded frames (and a good compromise of the sound tracks, of course) into a lower-quality MPEG1 stream (as in, lower resolution and less FPS at a lower bitrate), the whole ordeal would result in a MPEG1 system layer stream that would still have better quality than the same video data from any other source because there's no analogue step in between.

Of course it won't be as good looking etc as the original MPEG2 stream, but it'll be storable on a small number of CD-R discs. And quite a bit less resource hungry to play back.

And supervhs is an analogue format and thus not suitable for long-term storage or convenient replaying in a computer :-)

Re:What about re-encoding?

[Dusty]

IIRC, DVD video encoding is a variant of MPEG-2, i.e. it uses time based compression between frames as well as compression of the frames themselves. So it should return a better compression ratio than MPEG-1. That coupled with the fact that DVD movies are probably stored at a resolution of 576 pixels high by 720 pixels wide, would mean that an MPEG-1 encoded picture at 400x300 would take up roughly the same space. A good guality MPEG-2 video feed usually takes 8mbits/s, so a two hour film would fill 7200 mega bytes. Hence the requirement to save it on a DVD disk in the first place. So I don't think re-encoding it at a lower
resolution using MPEG-1 will be practical.

After all if your happy with 400x300 why not use a super VHS video to tape the output of your DVD player.

Re:What about re-encoding?

[Troed]

So I don't think re-encoding it at a lower resolution using MPEG-1 will be practical.

Approx 4-5 dvd-rips made digitally from DVDs to VCDs are released each day.

Re:not much time left...

[gorilla]

Actually, it's more historically true to say the opposite.

The rest of the world signed the Berne convention on copyright in the 1887-1920 period. The US held out until 1976.

Re:Security through obscurity doesn't work!

[jms]

Security through obscurity is more like hiding a copy of your front door key under the little gnome statue in your rock garden, then hoping that no one thinks to look there. Of course, that's the first place a professional thief is going to look.

The key's only 40 bits anyway.

[Wakko+Warner]

It's not like that would have taken very long at all to crack. Hell, it only took a few months to crack 56-bit DES, 40 bits would be a cinch on today's hardware. Let it run overnight and you've got yourself a fistful of cracked, valid CSS keys.

Bottom line: It would've been cracked anyway eventually. Xing just hastened the process.

- A.P.
--

"One World, one Web, one Program" - Microsoft promotional ad

Re:The key's only 40 bits anyway.

[sumner]

It's not like that would have taken very long at all to crack. Hell, it only took a few months to crack 56-bit DES, 40 bits would be a cinch on today's hardware. Let it run overnight and you've got yourself a fistful of cracked, valid CSS keys.

In general it isn't nearly that easy; in particular, you need some known plaintext in the encrypted file to be able to check and see if you've succeeded in decrypting it.

e.g. I encrypt "Secret Message" with my key. You know the message starts with "Secret". You can keep decrypting with different keys until you find one that starts with "Secret" then read the second half. (In practice, you may need a bit more plaintext than that to ensure a unique match) If I encrypt a random number--e.g. an encryption key--you can decrypt it all you want with different keys, but you won't know when you've succeeded.

The end result for DVD would probably have been a two-stage search; first try decrypting the DVD with random keys until you get the movie (which could take a long time, unless you can automate the "this is a valid movie" step), then brute force the encrypted key until you match the key that you have working.

Sumner

Re:The key's only 40 bits anyway.

[gorilla]

Actually, the last DES cracking contest (DES-III) was cracked in under 24 hours

Re:The key's only 40 bits anyway.

[platypus]

They know the format the decrypted file should have, the patterns of a sensefull video stream should be recongnizable, so I assume this is easier to break than a text in an unknown (but existing) language.

Btw. the second possibility is actually used for cracking (analog) pay-tv on the fly.

Re:The key's only 40 bits anyway.

[hasse]

The point here is that they got one of the 400 keys from the Xing player, used that to decrypt the data and then knew stuff like how the header of a dvd movie looks like. After that it's brute force.

Re:Net Impact on Movie Industry: Zero

I hope that software doesn't continue to boat to the point where it costs pennies for 10gb of storage...

I'd rather see more efficient compression algorithms...

Well, who knows... maybe Windows 2010 will take 10gb of hard drive space...

Re:Net Impact on Movie Industry: Zero

[KyleCordes]

Your argument is valid, today.

But the pace of smaller, faster, cheaper, better has show no sign of slowing. Disk space in $/Gig falls by a factor of 2 approximately every year. DVD-ROM readers will undoubtably go from 4X (or whatever) to 30X+, like CD-ROM did.

Will you arguments still be valid when it is cheap and fast (a few minutes) to copy a DVD on to a (small part of a 200 gig) hard drive?

Re:How does it work, really?

[Mignon]

Studios releasing player-specific media might not be so far-fetched, in that theater chains are already affiliated with studios, I think.

I wonder if a movie studio would ever do something like what you suggested. I don't remember if Sony was in the music business back during the Beta/VHS wars, but would they have released a heavily promoted video on VHS and Beta simultaneously? (Would they have ever released it on VHS?

(A little historical cross-industry comparison, for those so inclined.) In 19th century New York City, among other places, taverns were owned by breweries. One ploy was to give away salty snacks and sandwiches at lunchtime; workers would then buy lots of beer to wash it down. Nowadays most places still give away pretzels for the same reason. [Maybe we should start referring to free pretzels, along with free speech and free beer...]

Re:blaming those who break security

[Greyfox]

That's why we have locks on our cars. If a car manufacturer made a car with no locks, insurance on that vehicle would skyrocket because it would quickly become the most stolen car in America. Less people would be inclined to buy the car because of the insurance rates. The manufacturer would in fact be punished for their weak security. Which still isn't to say stealing them's right.

But then, assuming the distributors of keys for DVD players had criminal intentions is rather silly too. Personally, I like the fact that I can now play the discs on my Linux system (Which does not have Windows on it) and may actually end up buying a player now. This also enables other aspects of "Fair Use" which phrase Hollywood would like to stamp out in exchage for "Pay Per View."

Frankly I find the greed of Hollywood and the RIAA to be disgusting and would like to give economic preference to independent artists who do aren't in bed with that lot. Is there a web site with links to music and films (Old or upcoming) which aren't associated with those groups?

Re:So do slashdot folks care that this is immoral?

"free everything" idealism works so long as /everyone/ does it for /everything/. The transition from the opposite state is the difficult bit.

Re:Bad reporting on part of Wired

[drudd]

Exactly! If I want to use my PC (my only DVD-player) to watch my admittedly modest DVD collection, I must boot 98.

DVD playing is one of the last few items left which is saving my 98 partition from final destruction.

Doug

Re:I just hope they don't stop making DVD's

[Nylathotep]

That may be true, but whats the point? People have DVDs because of the quality of picture and sound.. If you just crunch those down for transmission what have you gained? Even on a cable modem, it takes forever to get a movie off a warez site. Let alone finding the warez site with what you want in the first place...

Its easier (and cheaper, since time IS money) to go to blockbuster and rent the flick. And to those movies that are on the net but not released on tape yet, again, why bother? Do you really want to waste your time on a camcorder from the back of the theatre reproduction?

Linux drivers would have postponed the shock...

[runswithd6s]

Think about it. If the manufacturers would have provided DVD drivers as loadable kernel modules for the Linux community, there would be far less attention given to the decryption of the DVD's CSS encryption scheme. We simply want to play movies from an excellent media (in comparison to what is currently available...VHS or huge MPEG files) on the Operating System of our choice.

Of course, someone will always pick up the challenge from statements like, "The Copyrights are guaranteed because we've encrypted the data on the disks," and ,"no one will break the cypher." Some recreational hacker or perhaps the evil black market dealer.

Who cares?!! We just want to watch our movies...

Net Impact on Blockbuster: 100

[Wah]

A few years down the road at least. Fatter pipes are coming, bigger drives are here. Even with my setup I can dedicate 5 gigs pretty easy, start a download and wait a day, voila Blockbuster go boom (no, I'm not on a school LAN).

The movie industry is in serious need of a housecleaning anyway. Whoa, look 3 new crappy movies, yippee!! (repeat every week). Personally I think this is poetic justice for the music/movie industries, they screw consumers when production costs go down and prices stay the same (but promotion costs seem to keep going up, maybe to offset the quality of the product..), we screw them when price and reproduction costs both move to zero. Serves them right for making me watch COMMERCIALS when I PAY to see a movie.

They will still have the box office and sales (a permanent physical backup for critical info is always a good idea) but I see no place for the present day rental system in the next millenium.

Re:Net Impact on Blockbuster: 100

[Evangelion]

2. I can buy a CD-R disk for around $20 bucks.

Don't you mean 'I can buy 20 CD-R disks', or 'I can buy 4 CD-RW disks', or 'I can buy a DVD-R(AM) disk' ?

If you're seriously paying that for a single CD-R disk, I have some bad news for you...

Re:Net Impact on Blockbuster: 100

[MindStalker]

But for now
1. I can buy a DVD movie for around $15 bucks.
2. I can buy a CD-R disk for around $20 bucks.
3. Said disk might become a coaster.
4. Said disk is better used as a backup medium.
($20/4.5GB) more expensive than tape.. but its random access.
5. I can spend the entire afternoon burning said disk.
6. I can spend a few minutes buying/renting said disk.
7. I don't belive you can play said disk directly from your HD.. meaning you have to burn them first. .. Though this may not be true for Linux as you can mount an .iso... or whatever its called in DVD land.

Re:Net Impact on Blockbuster: 100

[MindStalker]

HEHEHE meant to say DVD-R... I try and pay atmost 1.50 for a cd-r disk.. and even that I consider expensive

Re:Net Impact on Blockbuster: 100

You think the college guys who put movies and video game roms on their school LAN actually buy the stuff? No, they rent it from Blockbuster, copy it, and take it back. Especially PSX discs.

Re:DVD Consumer Rights - Copying is a GOOD Thing!

[jsewell]

I mean Disney's marketing of the same movies in different packaging, etc is brilliant and shows that it's even possible to sell people the same movies they already OWN!!

How much of this re-buying the same movie is just becuase the munchkins wore out by constant re-watching (or spilled grape juice on) their video of the Little Mermaid? You know kids and fragile electronics don't mix.

I was going to say you won't see this re-buying happening when everything is DVD which doesn't wear out, but then it occured to me that DVD's are easier to wreck than videotape. I have already ruined my DVD of the Matrix, and that was even before I even watched it! (dumbass me didn't have the disc centered in my tray and the disc got caught and scratched on the edge...)

Kids are gonna be MURDER on DVDs. There would have to be some kind of kid-proof cartridge for these things if they ever catch on.

So your basic point is absolutely correct, the way to combat piracy is to inovate, and market, and make people NOT WANT to buy the pirate copy. As to whether hollywood and big business are up to that challenge is an exercise for the reader...

Re:Kill the smart people

Yeah, I'm a Mac programmer. You got a problem with that?

Naw. That's your problem, not mine.

Re:So do slashdot folks care that this is immoral?

[spot]

it is completely moral to crack the code & publish the results.

it is illegal but completely moral to use the crack to copy DVDs.

there is no "right to profit", but there are right ways to profit. hollywood is in no danger, they are just too greedy and shortsighted to see how they can make money without copyright (ie, in a free market).

information is free.
the only question is:

Re:So do slashdot folks care that this is immoral?

[Score+Whore]

CSS prevents me from making digital copies to another for of media that I can use (cd, hdd, tape.) And macrovision prevents me from recording it without signal filtering hardware.

-sw

Re:DVD is Dead Anyway.

[Icculus]

DIVX. It died because people didn't want to have to ask somebody else permission to watch a movie they'd already (in their opinion) bought.

I agree with you here, but I have a feeling that as bandwidth becomes more plentiful and more content is put online, people may start shifting away from the need to have that box or shiny disc in their hand to represent what they spent their money on. I personally never buy movies. I don't see the value in having this pretty box containing a movie I may watch twice ever. Better to spend the money and take the wife to see it on the big screen once. If I absolutely had to spend $1.50 or $2 to watch it once online later, that seems OK. Better than spending $15 - $20 on a tape (or $20 - $30 on DVD).

This is sort of how the current cable pay-per-view model works. Image and sound is superior to VHS and it really doesn't cost any more than renting. I think DIVX was shooting for this sort of model but with superior sound/picture quality as an advantage. They just didn't market very well and got a little greedy with the pricing. :)

DIVX did suck though. It seemed more like they were duping people into thinking they were actually buying the movie. Oh well... RIP DIVX. May your successor be less lame.

XingDVD is software

It seems to me encrypting the key used by a software player would have been close to pointless anyway. If you have a copy of the software, you have the key used to decrypt the key that's on the DVD.

Re:link to the utility?

go here for the linux instructions/code.

Question...I'm confused.

[slackergod]

Perhaps I don't understand correctly,
but if DVD is a method of storing data,
couldn't the data simply be copied from one
DVD to another (given appropriate hardware)?
It seems to me the only time the decryption
would be needed is when one was actually
_playing_ the video.
If not, could someone explain? It this key
locking the DVD drive at a hardware level?
If the keys are only needed for decryption into a mpeg stream, how does this crack have any impact at all on pirateing DVD? A digital copy is the same as the original, and a key shouldn't enter into it. What gives?

-Slackergod

perl is like a pit bull: it may be ugly,
but it's damn good at what it does.

Re:Question...I'm confused.

[TeChYMaN]

ATTENTION TO THIS POOR COMMENT!
You cannot, from what I understand, copy DVD to DVD, not only because DVD-RAM does not have enough storage capacity, but because the DVD Drive(s) themselves do not allow it. The easier way would be to rip it and MPEG4-ify it. See my previous comment Here, this may clear things up.

Re:Net Impact on Movie Industry: Zero

Toshiba et al could have easily told the movie industry, "No, you're not going to get encryption or regional lockouts. Because it doesn't matter. Our manufacturing process costs less than one-fifth of the one you're using now. Once your shareholders find out there's a process that will cut your costs and increase profits and product quality, they'll rake you over the coals until you adopt it."

The problem is that the movie industry will then start crying and whining and creating mountains of bad PR about this open format because it will allow their "life-blood" (as the RIAA put it) to be sucked out of them by the pirates. It doesn't even matter if costs them 5 to produce 5000 DVDs which they then sell at $25 each. If they're not comfortable with the format, they will throw negative PR at it. Remember all the mud-slinging Hilary Rosen (from the RIAA) did about MP3?

Either that, or they will complain and whine and lobby the U.S. Congress to legislate some form of compulsory copy-protection (for DAT).

You're talking about people with billions of dollars in the bank. They didn't get that rich by giving things away.

yep, it works great...

[mosch]

assuming of course you found a way to circumvent the macrovision circuits. my SV-09 is not only a killer DVD player, it doesn't output Macrovision and it ignores regional codes. I just wanted to be able to watch foreign movies without buying multiple DVD players, and I wanted to avoid the picture degradation inherent with macrovision.

Commercial pirates aren't affected by much of anything so I think the movie industry should realize that most of us BUY our movies even when we can download them. I want to support the artists involved in the production of my entertainment. They earned the money.

Re:blaming those who break security

[settonull]

Occasionally, I just feel the need to scream. Cant do that at work, so I'll post something
Heh, I feel this way a lot.

You are so right. Damn it annoys me that _I_ get blamed if I try to steal a car. Just what are those car manufacturers thinking by not putting in better car alarms? Its all their fault.

Interesting point, but I don't think it is the correct analogy.

The true hackers are the ones that discover the problem, not those that exploit it all over. It is not that you shouldn't get blamed for trying to steal a car, however you shouldn't be blamed for pointing out that the car company built a car that lets anyone in if they tap just right on the door. The car manufacturer _should_ be held to a certain level of competence, and in the US is.

>just keep deluding yourself with the belief that hackers are heroes
ok, and you can continue deluding yourself thinking that for every person that makes public a security problem, there isn't 100 bad guys already exploiting the problem.

Whats the quote? "If ignorance is bliss, I hope I'm never happy."

DVD crypto had to be under 56 bit or no US export!

First of all, it's a 40bit encryption. That's too less anyway.

If DVD encryption was over 56 bits the players and authoring software would be illegal to export from the US (where most movies come from) due to anal US regulations on crypto. I suppose this is one of the few good results of these regs.

Now hollywood can't even "fix" DVD protections sinde all future discs MUST stay backward compatible with all pre-existing players. Forcing all consumers to upgrade is not an option.

Re:Net Impact on Movie Industry: Zero

[Talla]

- DVDs are cheaper to produce than video tapes.

This would be true, if there were no menus, no chapters, no extras and static encryption rate. Unfortunately, mastering a DVD is very expensive. The costs can reach >$100k before a single disc is produced.

new project for distributed.net ?

[Darxus]

"Johansen and his partners were able to guess more than 170 working keys by trial and error before finally just giving up to go do something else."

Sounds like an excellent new project for distributed.net... they've been doing distributed brute force encryption cracking for how long, with how much computing power ?
230 left to go....

Re:new project for distributed.net ?

[Bolero]

IF Distributed.net got into this it would take them at most all of an hour to finish off the rest of the 230 keys and that is with a ton of effort being duplicated across Distributed.net.

No, they are better off continuing to test out RC5-64 for free..... =)

Re:Now DVD is open. And Movie industry can't stop

I wonder if the entertainment industry will lose a lot of money if (when?) they reject DVD...

Or will Joe Blow (hypothetical name) who just invested in a lot of DVD producing equipment to lease to Hollywood distributors lose a lot of money?

This isn't like CD Audio, where there was almost a decade of content out in the market before CD-R drives became common and affordable.

Piracy is from thier own Duplicators

[just+someone]

The major problem is that they are going after the wrong source, the people who sell the DVD duplication equipment. They make it seem like it's us, but that's just the publicity engine.

The people with the duplication equipment are the ones that can create thousands of DVD's. They can make Pirate DVD's of rencent movies.

Many times, these duplicators are doing duplication for the major movie studios.

The movie industry should have just made sure that only they had access to the duplication equipment. Instead, they went cheap. They let anyone with a duplicator bid for the duplication contract.

Think how many "Pirate" CPU's would exist if Intel contracted out the production of all of it's CPU's to other companies for production (and they charged $1000 for a celeron).

You are far too optimistic!!

That'd be great, but the publicity of the thing is that you report it and They ignore you.

If you are lucky, they ignore you. If you are not lucky, they take legal action against you for discovering their bug.

I've seen it happen. Publicity and/or anonymity are necessary to project yourself!

They were warned about this years ago!

[Archeopteryx]

Back when I was on the DIVX project at Zenith, (and yes, I know DIVX was *evil*) DIVX was the encryption method that was competing with the current method. The flaws of the current method were well-known to the crypto people at DIVX/Circuit City, and when they went out to sell DIVX to the "content providers", they let them know exactly what those weaknesses were. I don't fault them for not choosing DIVX, but I do fault them for putting any reliance on a known weak system.

Re:They were warned about this years ago!

[Archeopteryx]

No argument. I don't own one.

Re:They were warned about this years ago!

I pity anyone who actually bought the Zenith P.O.S. DIVX players too. They had lousy image quality in both DVD and DIVX modes, and were badly made too.

can't you allready copy dvds?

or is that for software, not movies? regardless, i bet the company feels rather stupid right now eh

Re:blaming those who break security

[AndroSyn]

But then again somebody may torch the house, but would you leave the door unlocked for them to do it? Or have the door jammed shut with a chair? With gasoline sitting next to the door too? When you knew damn well there was an ex-convict who just got out after serving a sentence of 25 years for arson living down the street.

I know I'd have the deadbolt on the door. Would you?

"Everyone be cool or nobody gets to ride in the Bonneville"

Re:So do slashdot folks care that this is immoral?

[Erik+Fish]

For one thing, the industry can't afford to "try another format". For another, the computer software industry isn't losing ANY money -- try reading the sales figures instead of the SPA propaganda.

The oft lamented "potential" loss of sales can't be proven (otherwise the software companies would be able to get insurance for these losses). The industry groups whine on and on about the "billions" in "losses" while the industry shows greater profits every year -- including the years that CD-RW drives dropped to and below $300.

Real/Xing's week of pooch screwing

[Croaker]

Heh... first the jukebox debacle, then they are implicated in leaving the gates unlocked and letting the unwashed hoards pillage the sacred city of DVD... not a good PR week for these guys.

Makes it seem like the folks over there aren't really on the ball.

Re:So do slashdot folks care that this is immoral?

[Ded+Bob]

Telling others about the weakness is not immoral. Maybe illegal with all those laws banning security cracking out there, but it is not immoral.

As for what this could be used for in a moral way, would be:

1) Allow viewing of DVD's on alternative OS's (i.e., FreeBSD).

2) Allow viewing of DVD's from different regions. If I want to buy (quite moral) a DVD from a different country, why should I not be allowed to play it in my DVD player or computer (both of which I purchased legally and morally)? Some movies may not even be available in the U.S.. Any moral reason I should not be able to view them?

immoral as any, but sad that the industry will now try another format.

I doubt the industry will try another format. Too many recalls would have to be done to fix the millions--I only know there were over a million players in December 1998--of players out there in the world.

Re:So do slashdot folks care that this is immoral?

You are onnly being naive. ANYONE with a TV output card can output the picture to his TV and record it on VHS and case closed. What your arew saying has no base. These people actually helped the industry by alerting them to the problem. As for reverse engineering all i have to say is: ANYTHING that can be ENGINEERED CAN ALSO BE REVERSE ENGINERED. Pretty simple concept.....

let me get this straight...

[Booker]

If I go out and pay $15-$20 for a DVD, and use this so I can actually watch it on my system, that's "immoral?"

If I watch this disk under an operating system other than Windows - that's "immoral?"

If I demonstrate, with examples, to the public how an encryption scheme is weak - that's "immoral?"

You have some interesting ideas about morality. If you're worried about moral decline, I think there are better issues on which to focus.

tapes are rather fragile too, however

[tuffy]

Just recently we had a problem of our VCR eating a tape and spending a couple of days without while it was fixed (fortunately the VCR was under warrenty). The tape didn't survive.

Certainly scratches are a big problem for optical media, but I think it's no less a problem than fragile tapes that have been wound/rewound several dozen times by the time your VCR gets them. And when DVDs are treated properly, the picture quality will be identical to the first viewing.

In a perfect world, we wouldn't have to put up with rental media at all. Simply get movies with digital quality on demand, watch once, and get on with our lives (probably with better cared-for DVD-type media for the movies we want to own).

I feel your rental pain, but think also that your DVD player was unaffected even by a crapped-out poorly cared-for disc. That's worth something too.

Re:tapes are rather fragile too, however

[Cramer]

The scratch problem is too true (with digital data, audio is a different story.) The tighter the data is packed onto the disk, the easier it will be to destroy it with a speck of dust. Hard drives are (and always have been) this sensitive. When your "CD"s get anywhere near that data density, merely breathing on it could render it a coaster.

Video tapes, on the other hand, can take some _serious_ abuse. You can wrinkle the tape, scratch some of the oxide off, stretch it, and even cut sections of the tape out (i.e. "splice") and it'll still play back with little distortion and certainly without "skipping" or crashing. Basically, if it's not been rendered a pile of smoldering plastic, it's probablly still playable :-)

However, video tapes have a finite lifetime. They are magnetic media and as such slowly bleed their magnetic charge away (this is why you shouldn't punch your low density floppies to be high density floppies, btw -- not that floppies have a shelf life anyway.) Additionally, the action of playing the tape is slightly distructive. The tape has to be under precise tention during playback to work right. This tention stretches the tape -- esp. if the VCR needs service. (This is what causes the distortion at the top of the frame during playback.)

Disclaimer: I used to service VCRs back before they became disposable. I've seen/heard audio CDs playback without distortion despite them having been half disolved. (be careful where you spill your liquor.)

Human eyes/ears are flaw in any protection scheme.

Because eventually sound must be audiable to the ears and moving pictures must be visible to the eyes. This is the weak point in any copy protection scheme. Must drive hollywood execs nuts! Nyaaaa!! Nee-ner-nee-ner-neeeeeeee-ner!! Muahahahahah!!!! Tee-hee!!!!

Lets hear it for stopping the export of encryption

Thanks to these laws, no one in any foregn country can have any encryption too strong for the NSA to crack. I mean, as an example, these two guys, with their abilities were from Europe. We've stopped the encryption technology from leaving our shore, even if it has crippled busisness. What do you mean Eurpoe not between Texas and Oklahoma.....

Re:Consequences for DVD?

[etherwalker]

I gather from the article that each DVD-player licensee has their own key. Every DVD title then has it's own discreet key for unlocking its contents. The DVD also has some sort of table where the DVD-specific key is encrypted using each one of the licensee keys.

Once one of the licensee keys was found, it was possible to perform a plaintext attack against all of the other licensee keys. If just one licensee key was broken, DVD encryption could still stand because new DVDs could remove that one licensee from their table. But since the encryption was so weak, all of the other licensee keys are exposed now too, and any change to the system would break every DVD player in existance. Let's hope the DVD consortium doesn't feel the need to go that far.

Re:Can data ever be considered safe?

There is always debate about this sort of thing, but the consensus is that once the attacker has control of the entire system (running an app on a machine he controls or having the hard/software under his control) the system can no longer be considered secure, because you no longer control it. The attacker does and can throw all his resources at it. Step through every instruction and follow all the hw logic if he is determined enough. You can't protect against that. Period.

No big deal

So what if the key has been cracked? Does anyone think it makes a blind bit of difference to commercial pirates whether the stream is encrypted or not? I mean, either way the disk copies and plays. What cracking the decryption really means is that the ludicrous regional encoding no longer stops a disc purchased in the US from playing in Europe.

Re:No big deal

[TeChYMaN]

Redundant as you may wish, Yeah, if you own a big old production plant.

Re:No big deal

[TeChYMaN]

Alas, My dear coward. You cannot copy DVD to DVD. The hardware will not let you, poor soul filled with cowardace! Let your cowardace free, and grab an account!

Re:No big deal

As the "coward" you are referring to, yes you can copy DVD to DVD if you own a replication plant as some as the commercial pirates already have. It makes no difference to them if the bits on the disc are encrypted or not since they are making perfect digital copy. The pirate discs will work either way. Even if they intended to release pirate VideoCD transfers, it's pretty easy to do this by recording the original (breaking the macrovision) onto a betamax and encode it from there. Therefore, there is little reason for thinking that encryption will affect how much the format is pirated. The only other people who could conceivably copy DVDs are those blessse with humungous rewritable devices, capable of storing the 9gb or so that the average DVD contains nowadays. The economics of this sort of copying simply aren't worth it and won't be for a long time. No recordable media is cheap enough to make a copy of a movie for less than the original. Even assuming that we can buy DVD blanks in a few years for our DVD-RW drives, these would make perfect digital copies whether the content is encrypted or not making the issue of encryption pretty pointless.

Re:Forced Format Switch for Security(CD -> DVD Aud

[settonull]

This reminds me -- I've got to get a CD-R drive soon. I suppose you all know what I'm going to use it for. All I can say is, if the industry doesn't take steps to protect what's theirs (their intellectual property), they'll get exactly what they deserve.

This is so totally the wrong attitude. The studios will never be able to totally protect their IP with technology. Look at the cold war, or the last 10 years (at least) of software publishing, you can't beet technology with technology. As it becomes more and more obvious that it is impossible to long-term protect your IP, I think we are going to see a few shifts in the way society thinks.

Think of it like this: you leave your front door unlocked everyday while you're away at work, and one day, a thief breaks in and steals everything. Will your neighbours feel sorry for you? Should they?

I would sure hope they would feel sorry for me. I shouldn't have to lock my doors everyday to be safe, and in many places in the world I still don't.

don't let society change you for the worst, change society for the better.

Re:So do slashdot folks care that this is immoral?

[dr]

I could go after your ad hominem attack

I'm impressed. I haven't seen anyone use argument fallacies since I was in university some 3 years ago.

Re:So what happens when we can't export DVDs..

..because of the high encryption they use?

"they" don't use anything, "they" are just discs full of data. the question is, can players be exported from the US?

Re:So naive, so very very naive

If you are interested in the topic, check out _Fast Forward - Hollywood, the Japanese, and the VCR Wars_ by James Lardner.

A good read.

Re:Heeheehee

Having a non-smoking section in a resturant is like having a non-shitting section in a movie theatre.

Re:Does anybody know about DVD encryption?

1. Yes, it seems to be some stupid LFSR scheme, and despite the supposed 40-bit strength, because of the way the encryption was used (encrypting the same disk key with different player keys) once a single player key was found there was a simple known-plaintext attack which only required 2^16 attempts per key to find all of the other player keys. Dumb, dumb, absolutely amazingly dumb.

2. Yes. A number of commercial disks were released unencrypted.

blaming those who break security

[Subwolf]

I read this sort of thing all the time. Occasionally, I just feel the need to scream. Cant do that at work, so I'll post something

(snip)--: I believe the people who create the encryption and security methods should be held more accountable for weak security.

You are so right. Damn it annoys me that _I_ get blamed if I try to steal a car. Just what are those car manufacturers thinking by not putting in better car alarms? Its all their fault.

Tell me, what is so wrong about 'XORing bytes and considering that the ultimate security'? Better security wouldn't be needed if people wouldn't try to 'crack' software.

When somebody torches your house, ruins your family, gets you fired from your job and tosses you in a homeless shelter, and you _DONT_ press charges, simpy saying "Thank you for showing me how stupid I was for not having a security system that could keep you away from my house.", get back on here and let me know. Until then, just keep deluding yourself with the belief that hackers are heroes.

Re:blaming those who break security

[billybob+jr]

No one is doing anything to other people's DVD discs. If I decided to crack my own DVD disc to get at the data unencrypted, who have I stolen from?

Re:blaming those who break security

[finkployd]

I understand your point and agree to an extent. However, I was putting forward an opinion from a different point of view. Of course you blame the person who breaks into your house, but you also have to look at the security in place. After all, if it's possible to unlock your house with a well placed credit card, then you would be a little ticked at the person who made the lock (or made the house and decided to use a cheap lock).

My point is, when we rely on people for security (ie hotmail) or companies rely on a copy protection scheme, there is a certin amount of responsilility on on the supplier's part. This all too common "we have a secure system, if it was broken into, it's completly the fault of the hacker" attitude is not going to work much longer.

"well, if your system is supposed to be secure, how did people break it? You must not be very good if a group of kids who cannot stop using the ShIfT key when typing can break it."

Yes, better security wouldn't be needed if people didn't break into things, and cops wouldn't be needed if people never killed and robbed each other. However, we don't live in that world.

Finkployd

Re:blaming those who break security

How can you be so ignorant?

If I find a way to break into someone's car and steal his stereo but I don't... then am I a criminal? No. If I have the knowledge to pick your lock at home and steal your TV and brand new DVD player. Am I a criminal? No. What you are envisioning amounts to an Orwellian utopia, before you know it you'll be posting in doublespeak.

If I tell the owner about the faulty lock in his car, then he can prevent his car from being stolen by a real criminal.

Hackers are not criminals simply because they have the knowledge of how to infiltrate someones computer.
Hackers are criminals IF and ONLY if they use their skills in a criminal way.

In your utopian world where there is no ill intent and no crime, perhaps no one would try to crack software. But in this not-so-perfect world, there are people who will.

So before you label all hackers as criminals and degenerates, realize that there are shades of grey in the real world, and some hackers are bad and some are good.

Re:blaming those who break security

[Subwolf]

How can you be so ignorant?
It took me 22 years to get the way I am. But dont worry, I plan to be twice as ignorant by my 44th birthday.

So before you label...(snip)

You obviously have misunderstood my last post... I was not trying to focus on whether or not hackers are criminals. I was focusing on the insanely retarded line saying that the companies that get hacked should be held more responsible for their lack of security.

Lets try a different comparison, shall we? Women who dress in revealing clothing are _asking_ to get raped. It is their fault for not wearing more conservative clothing.

When anybody does something illegal, _they_ are responsible. End of discussion.

Re:blaming those who break security

[Subwolf]

True hackers...find...not exploit...etc(snip)

Your right. Companies should infact give little bonus checks to people that point out security holes, or issues or whatever. It would invite more people to check for them and help the company in the long run. However, how people (hackers) go about checking for those security issues is the issue. Trying to pick the lock on your own car is a LOT different than picking the lock on your neighbors car. Just as breaking into your own NT machine is different than breaking into a company's machine.

Your intentions, imo, should not make a difference in the trial, only the sentencing.

Re:blaming those who break security

[Mr.+Slippery]

To compare car theft, arson, assult, and destruction of property with making unauthorized copies makes you look extremely foolish.

Cracking copy protection is an intellectual exercise that in and of itself has no ethical connotations - if anything, by increasing human knowledge (it is, after all, the solution of a mathematical problem) it could be considered ethically positive.

Using the solution to actually produce unauthorized copies can be ethically good (making backups for your own use), bad (massive pirating), or indifferent (making a mix tape for your friend).

The corporate state will keep trying to patch copyright law, but it's far too late. We need new systems to "promote the progress of science and useful arts," because current copyright and patent law just don't cut it in the face of modern tech.

(P.S. Let me point out that it is "copyright, as in the right to copy, not "copywright" or "copywrite" as has been often seen here on Slashdot. Thank you, enjoy the show.)

Re:blaming those who break security

[dabrig]

"If ignorance is bliss the wipe the smile off my face"

Re:blaming those who break security

[syates21]

"Using the solution to actually produce unauthorized copies can be ethically good (making backups for your own use), bad (massive pirating), or indifferent (making a mix tape for your friend). "

Hmm this is interesting. So, what you're saying is that whether copying and distributing authorized copies is bad depends on how many people you distribute it to.

Would you mind enlightening the rest of us about the "magic number" of people that you can distribute pirated copies to and still have it be "indifferent."

Maybe if I just steal enough money from the cash register for my own personal use, and not for lots of people, a judge will decide it was ethically "indifferent."

The human power to rationalize is something to behold.

Re:DIVX was right

> You all who "pioneered" DVD by buying early DVD players can, ummm, park those puppies in the
> closet next to your Uncle's 8-Track player.

You don't get out much, do you? Or watch much television.

For if you did even a bit of either: you'd know that DVD has taken off phenomenally in recent
weeks. In fact: ever since DIVX died. I think it unlikely that even the studios would risk mucking
with it now.

Hell, even Circuit City and Disney are pushing DVD big-time recently. And they were two of DIVX's
biggest backers. They've already switched mid-stream once. You really think they can afford
to do so again?

Face it: DIVX is a short footnote in history. A *very* short footnote.

You're missing one element

[Mawbid]

People should know that there was a security flaw, even if they only hear about it after it's been fixed. You could even say that it's *more* important to spread the word about a company's feeble security measures than it is to plug the hole because it decreases the chances that people will trust the company in the future and if this happens a lot, people shouldn't trust the comany. If reports about the hole only come out after it's fixed, then there aren't any sensational news items and there isn't any public outcry against and mockery of the company involved. This means that a compny that may well deserve to look bad avoids much of the fallout.
That is, you could say that if it hadn't been shown over and over again that laughable security practices never really hurt the company responsible even when they are exposed.
--

Comp USA has plenty of software on shelf ...

[timothy]

Amphigory's question is a good one!

There is a presumption in the post to which he responded that in fact CD-Rs have made a significant dent in software profits. I see two reasons that make me doubt they have, with the possible exception of MS operating systems.

1) Software makers make the big money by selling software to businesses, including universities. Businesses (esp. ones that are over 4 or 5 people big) can't afford piracy, long term. Does it go on? Sure, but CD-R only makes this process easier, it isn't the start of it. Businesses like support, and docs ...

2)People like documentation and accountability. That the accountability may be illusory for most users, the documentation is not. And it's considerably more inconvenient to make high-quality copies of documentation to accompany software. Folks will no doubt continue to exchange software, but the software industry will continue to sell boxed software for the advantages it offers. Note how well even boxed Linux distib.s sell! That's software which is free -- so someone could download it without even the risk / discomfort of illegality.

Re:Comp USA has plenty of software on shelf ...

[DGregory]

1) What about games? How many businesses use games? I would say very few. How many games get pirated... I would say a LOT. Poke around on some warez sites and see all the games they claim you can download. If there is a game you want, and you manage to find it, will you fork over $50 for the box? I don't think so. If your friend buys a game on CD and you can make a copy of it, will you pay the money for the real version? Most people who do that wouldn't.

2) And what kind of documentation comes with Windows, Office, etc anyways? Very shitty documentation. Any normal user has to buy an expensive book, so what is the use of the 50 page book that comes with Windows/Office/Frontpage (to name a few off the top of my head) - firewood. If you could get a copy of Office on CD from your buddy, you'd save $400 for the media, and pay $50 for a book that you'd have to buy anyways.

I'm not saying any of this is legal or ethical, I'm just saying it happens all the time, and if it was impossible for people to do this copying, you bet the companies would be making more money.

Re:Net Impact on Movie Industry: Zero

[BHS_Turf]

What can you run off of DVD drives except for movies?

What are you talking about you can get the most valuable piece of software ever cobbled together on DVD -- The MSDN Library!

Why DVD piracy doesn't matter

[bgarland]

DVD piracy is a non-issue for several reasons...

1) DVD's are HUGE.

DVD-9 (single sided, dual layer) holds approximately 8GB of data. These are the most popular discs. Do you really thing that someone is going to download 4-8 GB of data to watch a movie? What about the storage cost on disks? Yeah, hard drives are getting cheaper but as far as I know you can't get a 8 gig drive for less than $20 (the cost of a DVD movie).

Some new movies are even coming on DVD-18 (dual sided, dual layered). That's up to 16 gigs!

2) You'd have to play them from your computer's hard drive. There is DVD-RAM available but as far as I know it cannot burn dual layers which most new DVDs need. Also, I doubt that DVD players can read DVD-RAM anyhow (only a select few can read CD-R/W).

3) DVD's are cheap. Hmmm. Lemme see. Should I go buy the real movie at Reel.com for $10-15 or should I waste my time downloading it from the net, storing it on my hard drive, and being limited to playing it on my computer? (forget taking it to a friends house to watch).

Not only are they cheap to buy, but the studios are making money hand over fist with these things. They are much cheaper to produce than VHS tapes, but do they pass the savings on to the consumers? Hell no.

The low cost of DVD's are making CD's look like the ripoff that they are. What would you rather have for $15? A 74 minute CD that is just audio, or a 90+ minute movie, with audio and video, and tons of special features?

I think that if DVD's were cheaper (say $14.99 retail) then everyone would buy more of them, and it would be completely insane to want to buy/download a pirated copy instead of the original. If I were the studios, I'd rather sell 100,000 DVDs at $14.99 a pop, than 30,000 at $24.99 a pop (the current retail for most DVDs).


All in all, I hate copy protection on everything. It always ends up inconveniencing the legitimate users. SCMS for digital audio sucks! Why oh why can't I make perfect digital copies of my MiniDiscs? It's my damn music on them! Thankfully there are SCMS defeaters.

Macrovision for video sucks! Why can't I make copies of my VHS tapes for personal use (like having one copy for the house and another for an RV [hypothetical, I don't have an RV]). When you buy any kind of media you are usually paying for the rights to view the tape for personal exhibition, not for the actual media that you purchase. Therefore you should be able to freely copy the media as you wish as long as you're the one viewing it and you retain ownership of your copies (don't sell them).

But I digress. The industry will never listen. They will keep on using copy protection, knowing full well that it WILL be circumvented eventually, and that it ends up inconveniencing the legitimate users the most.

*sigh*

Ben

Re:Why DVD piracy doesn't matter

[RayChuang]

Ben,

I agree 100%! (^_^)

People forget that we're talking files that are so big that even WITH broadband Internet access it'll take MANY hours just to download.

Besides, discs are quite inexpensive. Places like Reel.com and other online DVD retailers can sell you a DVD movie for very, very cheap, so the incentive to make a pirated copy is NOT there.

I think the simple solution is to just up the encryption level on the CSS to 128 bits. At 128-bit encryption, if you want to break the encryption better think multi-million dollar computer systems just to consider breaking the encryption.

Re:Why DVD piracy doesn't matter

[TeChYMaN]

Here's a few Counterstrikes (for lack of a better word) to your answers of why NOT to copy a DVD


1. COMPRESSION! MPEG-4 Video is great. Sure there are some artifacts, but because of "keyframes" (frames that contain all the data of that frame), They are corrected rather quickly. MP3 Audio works fine for audio (that's with the exception of true audiophiles, keep it at .ac3)

2. You DON'T need to play them from your computer's HDD! 1-2GB Full movies fit on a DVD-RAM just fine.

3. DVDs are Cheap! I AGREE! When you rent them and rip them. It takes a good 25-30 min to rip a movie.

I Don't plan to pirate what I copy. That's just plain wrong. I keep them for my personal use, and if I did want to pirate it, it wouldn't be cost-effective. DVD-RAM Drive: $5000? DVD-RAM Disc: $25. DVD Rental: $5. My Time: Priceless.

MasterCard Narrator:

With MasterCard you can buy anything. But somethings, You can't buy

Re:Why DVD piracy doesn't matter

[Steve+B]

I think the simple solution is to just up the encryption level on the CSS to 128 bits.

Can this be done in a manner backward-compatible with existing CSS, using the existing 40-bit key as part of the 128-bit key (similar to one of the weak-crypto arrangements the NSA attempted to foist on the industry, in which 128-bit algorithms would be used, but only 40 bits of key space would really vary, the rest being added in a way that made them accessible to the NSA)?
/.

Re:Totally irresponsible

[cr0sh]

Actually, I think they should have waited to release the program after low-cost means of copying the resulting file became available. A very likely outcome of this whole thing will be some kind of restrictions or something on DVD recorders (tech or price wise)...

Re:Kill the smart people

[Foogle]

Yes, that's true, it would. So, because it's possible for an encryption system to be flawed, all encryption systems are worthless? What about RSA -- it's been in use (and under scrutiny) for 19 years and no "glaring hole" has been found in it. The only way to break RSA would be to discover an incredibly easy method of factoring larg primes out of enormous numbers. Barring a mathematical discovery of enormous proportions, it's impossible.

There are a number of good encryption schemes out there and, in fact, CSS didn't have any problems with it. It was the fact that the coders left the key unencrypted that was the glaring hole. Don't blame the mathematicians for a coders mistake :)

-----------

"You can't shake the Devil's hand and say you're only kidding."

Consumers have been copying movies since the 80's

[FreeUser]

The film industry really should do an unbiased and intelligent analysis of the impact of emerging technologies on their product, if they want to actually protect their interests in a constructive and effective manner. Some points which should be considered.

- consumers have had the capability of recording and copying movies to their hearts' content since the advent of the VCR. Videophile and audiophiles may not be happy with the quality, but as far as the average consumer is concerned the quality is "close enough" to perfect. Despite this, movie makers have been selling and renting movies like hotcakes. Being able to copy DVDs will not change this at all

- commercial pirates, for whome the "infinite perfect copy" does make a difference, could already do this by using $5,000 DVD-Rs or buying their own DVD production equipment. One analog copy, reconverted to digital format, and they could produce an infinite supply of nearly perfect DVD copies for sale on the black market. This is a problem, but one which the cracking of the pathetically week css algorithm will not significantly affect.

- high-end consumers do not like having their technology "messed with." The destruction of DAT is an example of consumers refusing to buy into crippled technology. Likewise, DVD playback which is limited to Windows, or by region, is not only an invitation to hack, but worse, creates unnecessary bad relations between the seller and the consumer.

- finally, unlike the RIAA member companies, movie studios are not parasitical entities acting as a paid go-between between artists and their customers. They provide the capital, resources, and equipment for shooting films and play a very necessary role of the art form. Contrast this to the music industry, whose contribution to the art form, beyond providing a distribution channel they happen to enjoy a monopoly on, and perhaps a place to record and master (which any technically savvy musician can do in their own home), is negligable at best and quite often destructive. This suggests that the movie studios aren't nearly as vulnerable to artists switching to an internet medium and cutting them out of the loop as the RIAA member companies are, and have a lot less to fear from open internet standards and distribution channels than their record company counterparts.

Even with copyable DVDs the film industry has little to fear. The target they should be most worried about -- the professional "industrial strength" pirates -- is the group least affected by these developments. The fear that the grassroots mp3 warez phenominon will happen with DVDs is unwarrented, not only because of bandwidth and storage limitations, but also because of a difference in consumer habits, and a fundamental difference in the relationship of the affected artists and consumers with the movie studios vs. the music industry.

Math class

10^12 / 1400kkey/sec / 60sec / 60min / 24 hr ~=8 days

Re:How does it work, really?

Sony doesn't need Warner Bros. Sony makes films and players.

Re:Why not bribe a licensee? (need a big bribe)

The technique that the CSS group used to keep the keys secret is they make the employees sign for
the keys personally (not the company) so in the event that 'sh*t' happens, the employee could be
held personally responsible...

I feel sorry for the programmer who signed his/her life over for the key that got broken since no
doubt, his/her life is probably about to become a living hell because of this "crack"... I imagine
it would have taken a pretty big bribe to convince someone to inflict this kind of self-punishment...

My $.02 worth...

But DVD makers CAN'T FIX their bugs.

If I tell the owner about the faulty lock in his car, then he can prevent his car from being stolen by a real criminal.

Hackers are not criminals simply because they have the knowledge of how to infiltrate someones computer.

But the DVD makers CAN'T FIX their faulty protection scheme once a crack is revealed to the world. There are millions of DVD players already out there and future DVD discs MUST BE ABLE to play on ALL EXISTING DVD PLAYERS or you'll have consumer riots on you haves sufficient to lay waste to whole companies bottom line. The consumer video market isn't the PC merket. You can't just say "upgrade or don't run new stuff". That kind of shit won't fly with consumers.

Re:But DVD makers CAN'T FIX their bugs.

I know it's not exactly the same thing, but that very method has worked for the entire hardware/software industry since it was born... =)
And the consumers happily upgrade their very expensive systems to run the latest software (read: games and the occasional crappy OS).

Here here, brother!

Serves them right for making me watch COMMERCIALS when I PAY to see a movie.

I hate that. And there are commercials at the beginning of videos, too. Problem is, people don't care---the industry forces commercials down people's throats and they like it. "Let's hurry to the theatre, I don't want to miss the free previews."

But the way I see it, this won't be any bigger deal than VHS. I mean, people can copy tapes, no? But they don't because it's dumb, boring and essentially pointless. Now, if you could copy Playstation II games...

Consumers have been copying movies since the 80's

[FreeUser]

The film industry really should do an unbiased and intelligent analysis of the impact of emerging technologies on their product, if they want to actually protect their interests in a constructive and effective manner. Some points which should be considered.

- consumers have had the capability of recording and copying movies to their hearts' content since the advent of the VCR. Videophile and audiophiles may not be happy with the quality, but as far as the average consumer is concerned the quality is "close enough" to perfect. Despite this, movie makers have been selling and renting movies like hotcakes. Being able to copy DVDs will not change this at all

- commercial pirates, for whome the "infinite perfect copy" does make a difference, could already do this by using $5,000 DVD-Rs or buying their own DVD production equipment. One analog copy, reconverted to digital format, and they could produce an infinite supply of nearly perfect DVD copies for sale on the black market. This is a problem, but one which the cracking of the pathetically week css algorithm will not significantly affect.

- high-end consumers do not like having their technology "messed with." The destruction of DAT is an example of consumers refusing to buy into crippled technology. Likewise, DVD playback which is limited to Windows, or by region, is not only an invitation to hack, but worse, creates unnecessary bad relations between the seller and the consumer.

- finally, unlike the RIAA member companies, movie studios are not parasitical entities acting as a paid go-between between artists and their customers. They provide the capital, resources, and equipment for shooting films and play a very necessary role as part of the art form. Contrast this to the music industry, whose contribution to the art form, beyond providing a distribution channel they happen to enjoy a monopoly on, and perhaps a place to record and master (which any technically savvy musician can do in their own home), is negligable at best and quite often destructive. This suggests that the movie studios aren't nearly as vulnerable to artists switching to an internet medium and cutting them out of the loop as the RIAA member companies are, and have a lot less to fear from open internet standards and distribution channels than their record company counterparts.

Even with copyable DVDs the film industry has little to fear. The target they should be most worried about -- the professional "industrial strength" pirates -- is the group least affected by these developments. The fear that the grassroots mp3 warez phenominon will happen with DVDs is unwarrented, not only because of bandwidth and storage limitations, but also because of a difference in consumer habits, and a fundamental difference in the relationship of the affected artists and consumers with the movie studios vs. the music industry.

Movie Industry will need to tackle this soon.

[Zimm]

Yes the technology to rip off DVD's wholesale will come. The way I see it, DVD's as far as customer acceptance goes, is still young. This leads me to believe that the industry will see abandoning the technology as a viable solution to DVD theft. I wouldn't be at all suprised if the number of movies that come out on DVDs slowly falls off and there is an introduction of a new replacement technology. Now is the time to do it, before DVD's become mainstream.

Re:Movie Industry will need to tackle this soon.

[Danse]

I think it's probably too late. The way they've already hyped DVD, it would generate some serious hostility towards the studios. You think people will just forget that the studios told them how great DVD was so that they would go out and buy a 500 dollar player, and then dropped them because they changed their mind? Lawsuits would probably fly if that happens.

Re:Movie Industry will need to tackle this soon.

[Potloodsmurfer]

i think you might be right. and the lesson to be learned here is for cracker-groups to wait with publishing their little program until the technology is to mainstream to get canceled.

I love the smoke and mirros

The fact always remains. If the computer can read the disc, the computer can copy the disk. If the file is encrypted, it can be decrypted with the key. If the key is stored permanently in the computer, then it can be extracted. if XingDVD *had* necrypted their decryption key, so what? Then the key for THAT encryption would have to be there.. sheesh..

Re:DIVX was right

Makes sense to me. Now there's a bit more of an incentive for DIVX, in the eyes of the distributors.

If Hollywood says "no more" to the DVD drive manufacturers, you can bet there will be, um... firmware updates made in formerly unprotected drives.

You all who "pioneered" DVD by buying early DVD players can, ummm, park those puppies in the closet next to your Uncle's 8-Track player.

The studios will likely *make* money due to this

[Don+Negro]

Why?

As it's been well-explained above, the economic realities of the situation make consumer pirating in lieu of purchase unfeasible. Equally, it does little to aid commercial DVD pirates.

However, it opens access by a technologically savvy, notoriously stubborn group of people with a higher-than-normal percentage of disposable income (Us. The Linux community.) to their product.

Unfortunately, they will likely do something very reactionary and stupid, and will sell more DVDs regardless.

Don Negro

Re:Forced Format Switch for Security(CD -> DVD Aud

[um...+Lucas]

Think of it like this: you leave your front door unlocked everyday while you're away at work, and one day, a thief breaks in and steals everything. Will your neighbours feel sorry for you? Should they?

So... why not tell me where you live then? It wouldn't be my fault for breaking in if, say, you were stupid enough to have windows in your house, would it? I mean, everyone knows that glass shatters incredibly easily, and therefore anyone with glass windows is just asking for it, right?

The industry followed what they thought was their best option. They used 40-bit crypto so as to not have to have a US edition and international edition. What would the point be to using 128 bit crypto when you can still pump the DVD's output into a video capture card? You don't get all the neato things (multiple aspect ratios, etc...) but the point is the movie has been copied.

And no matter what, no one is going to be able to market a DVD recorder with a key cracker in it, so the 40-bit crypto pretty much stop 95% of the copies that could be made otherwise.

Re:How does DVD encryption work?

http://www.eyrie.demon.co.uk/derek/dvd/css/index.h tml

You can also browse through the LiVid archives:

http://livid.on.openprojects.net/pipermail/livid-d ev

Re:Hurray!

[Foogle]

Yeah - The old DVDs.

Don't worry, pretty soon they're be a new DVD format, with new keys, and probably a new cipher, put together by a new company. And they won't forget to encrypt the key this time.

Maybe that will be cracked too... who knows. But this really wasn't a matter of closed standards or obfuscation. It was encrypted using a private key mechanism. Even if you had the specs for the decryption routine (which the hackers had) you'd still need the key.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Absolute Stupidity

[TheCarp]

My thoughts on this...

I. I don't understand how this scheme works?
(or was suposed to). If I have a DVD...I make
a binary copy of it...throw it on another DVD
(or if im on a real OS...connect it to a loopback
device)...what stops me from using this copy in
my DVD player...afterall...ALL of the data should
be identical.
Decrypting an exact duplicate of original data
should work just like the original.

II. There really is no way this could have been
secure. Copy protection can't work. It shouldn't be hard to do a copy by reading and capturing
directly from video memory. Then a nice un-encrypted copy.

III. I have to wonder what algorythm they used.
Was it something that could be easily attacked?
a simple capture from memory could get the
unencrypted movie...and lead to a known-plaintext
attack.

The simple problem is this...they want their
data to be safe...only "Authorized" (ie people
who paid for it) people see it. However, its
possible for those people to control the hardware
that does the encoding. (and the software to some
extent)

Basically...copying would happen one way or
another. Its not stoppable. encryption is really
good for transport of data from "end to end"
to and to keep out unauthorized people in between.

Re:Not gonna happen in a million years

yeah.
i have a dvd player _and_ a laserdisc player.

Re:Coca-Cola secret formula

You mean "guanara" as the caffeine-like substance in Ballz soda -- or do you mean "guano" as in poopee?

40 bit... and netscape is 56...

"In the future, the laboratories will be more actively conducting strict surveillance and take counter measures against illegal, inappropriate software and hardware in the market. Moreover, we believe that, based on the recent legislation, legal measures and steps will be taken by copyright holders against such violation of intellectual properties,"
'The laboratories' will be 'conducting strict surveilance?' So a private company thinks they can monitor _my_ computer. Pull that in America, corporate-boy, and I'll be able to retire for life off your salary, and spend your pension fund on hats.
An ounce of prevention is a pound of cure. Coming up with a 40-bit encryption method, and then billing it as 'unbreakable', isn't just stupid, it's deceptive. The engineers who came up with this scheme should be ridiculed, and the bosses whose instructions they followed should be fired.
This code would have been broken, even if a key wasn't 'accidentally' unencoded. The fact that decryption keys were being -guessed- at once a working key was found is proof of that. At least it was done by a relatively nonmalicious group, instead of someone who kept it a secret and made millions in pirate DVDs next year.
And why on earth were there 170(!?!?!?) working keys. That seems a remarkable oversight.

Re:Magic Bullet

[jafac]

Dongle? naw. Just implant a chip on the disk itself, in the unused portion by the spindle (and a counterweight on the opposite side of the spindle). The chip contains the key, and is hard-coded per disk - the chip can use the same technology as these smartcards. A different disk won't have the same key. The additional production costs should be minimal.

I wish I had a nickel for every time someone said "Information wants to be free".

'They didn't encrypt the key' doesn't make sense

[c+o+r+e]

Okay, we're being asked to believe that the Xing encryption key was compromised because it was not stored encrypted. This is asinine. If they had stored the key encrypted, that means that the decryption key for that would be somewhere in the clear. This would only be simplistic obfuscation that should be easily subverted. -core

Wherefore encrypted decryption keys?

[Spire]

The Wired article states that the DVD copy protection was easily cracked because Xing had inadvertently neglected to encrypt its decryption key.

I may be completely mistaken about this (in which case, please don't hesitate to set me straight), but I just don't see why it's so important to encrypt the decryption key in the first place.

I mean, at some point during the DVD player software's execution, the decryption key is going to have to be decrypted anyway (so that it can be applied to the ciphertext). A hacker need only load the player into a debugger and trace it up to this critical point, and then simply capture the naked decryption key from memory as soon as it surfaces.

Thus, encrypting the decryption key serves as only a minor annoyance, making it only incrementally more difficult for a competent hacker to retrieve the key. Such "protection by obfuscation" is widely known to be one of the worst ways to "encrypt" or otherwise protect one's data.

In this light, how much more difficult would it have been to "hack" any of the other software DVD players out there, by simply debugging them and waiting for the player to decrypt (and expose) its own decryption key for all to see? I'd wager: not much more difficult at all.

Re:Wherefore encrypted decryption keys?

[Score+Whore]

Yup. Anything that can be done in software can be completely reverse engineered and understood. It doesn't matter how sneaky, misleading and underhanded the application is meant to be about protecting it's secrets. You just can't stop people who want the information.

-sw

They are all discovered.

First off, you don't need player keys anymore. The alg is so weak that you can guess the tile keys as long as you have >64megs of ram for a massive table. This takes about 20sec on PIII450. Once you've done that you can generate all the other possible keys on the disk. I'm sitting on the output from an analysis of over 100 dvds. Amazingly, there are only 4 keys common to all of them, I think perhaps we have some misunderstanding of how CSS works.

Re:They are all discovered.

Let me guess, the numbers are: {0x762, {0x2c,0xb2,0xc1,0x09,0xee}} {0x730, {0x2c,0xb2,0xc1,0x09,0xee}} {0x36b, {0x51,0x67,0x67,0xc5,0xe0}} {0x2f3, {0x51,0x67,0x67,0xc5,0xe0}} ? Yeah, old news, sorry. Also, notice that two are the same, so really, there are just 2 keys.

Re:DVD Encryption? Good riddance

[Enoch+Root]

Didn't know that... Interesting.

Still, I think my point stands... The industry was certainly not hurt by everyone and their brother copying VHS cassettes. It's insane to say they're losing so much money because of piracy.

Did you ever hear of someone running an "illegally copied VHS ring"? I sure didn't. Yet up until now (as you point out), copying a VHS movie was standard.

And once you own it, you should damn well be able to copy it, sides.

"Knowledge = Power = Energy = Mass"

Re:From the Article

I haven't taken a look at the program, so this might be wrong, but... It isn't really covered the same as a tape deck, cd-burner, or VCR are. It's a piece of software that allows you to take data off of an encrypted DVD, breaking the copyright. It isn't needed for burning info to a DVD, recording to a tape, etc., it's only used for breaking the copyright. However, arn't people allowed to make cross-platform copies of movies, CDs, etc? I seem to remember something in US where it was deemed legal to make a copy of a CD on a tape, to listen to it in the car.

Re:Great insight; one question

[ewhac]

Yes, but when you're talking about counterfeiting in commercially significant quantities, the encryption scheme doesn't enter into it. All the encryption scheme accomplishes is to prevent people from turning the MPEG datastream into plaintext. But a high-volume counterfeiter doesn't duplicate at that level; they duplicate the raw bits coming off the read head.

The DVD player in your living room has no way of knowing whether the disc you're playing was legitimately stamped by the studio, or whether it's a precise bit-for-bit copy stamped in Malasia. So it's fairly easy to demonstrate the encryption scheme fails at its stated purpose.

So what's the encryption really there for?

Schwab

Re:How does DVD encryption work?

[Score+Whore]

Without the unlock key (which was the first step necessary to get around to breaking CSS) DVD-ROM drives will not deliver data from encrypted movies.

So at a minimum you still need to activate the unlock system in the DVD-ROM before you can make a disk-disk copy. But that came before the DeCSS showed up anyway.

-sw

Re:Security through obscurity doesn't work!

Security through obscurity most certainly does work!

Did you know that the lock on the doors of your house and your car are pretty darn easy to break? Did you know that that info is "obscured" through the process of bonding locksmiths?

It works, too. That and a vigorous police force, neighbors who look out for each other, etc. It's called "a community" for those of you who don't venture out away from your keyboard-n-monitor very often.

Take your time to figure it out. You've got a few more years before you need to move out of that dorm room.

This is the very point.

I want to play DVD movies that I buy. But I couldn't until CSS was broken. I think it is supremely obnoxious that I couldn't even buy a DVD player and DVD media and use it on my computer!

Why be so cocky when regarding your customers? Aren't you already making me watch commercials at the theatre and at the beginning of tapes/DVD that I actually pay for?

They Should Replace Failed Media

[David+Jensen]

Disney only licenses the product. If the media fails, I still have the license, so they should replace the media, right? Some SW companies were very good about that, but I haven't tried lately.

Re:Heeheehee

having never taken a shit in the movies i wouldnt know

Re:Net Impact on Movie Industry: Zero

[barleyguy]

Actually, DVD writers are NOT expensive. I bought a Toshiba 2x DVD-RAM/DVD-R writer for under $500. That's pretty cheap, especially since I saved myself the purchase of a tape drive.

It only does 2.6/5.2 Gig, but with only 2x compression, you could get a 4.7gig movie on it.

One thing, though - blank DVD's are more expensive (in small quantities) than DVD movies. A blank DVD is about 25-35 dollars, whereas most movies are less than 25 dollars. So it's not really cost effective, at the moment, to copy DVD's. Now converting them to VCD format and putting them on an 87 cent blank CD would be feasible, with a slight loss in quality.

Re:link to the utility?

[Nichen]

Aye, I have a copy of DeCSS, even made a short clip of Pi into mpeg1 last night to check out the quality. Word of warning, it takes a LONG time to rip a movie, and at least on my dvd drive (I have a Creative Labs 5x drive) the dvd and drive were both rather hot after the ripping. Make sure you have a lot of hard drive space too ;)

As to where to get it? Look around on the net, I found it in about 5 minutes using good ol' search engines.

Re:Why not bribe a licensee? (need a big bribe)

[Ivootje]

Of he wouldn't do it this way, putting that key unencrypted on the disc.

But secretly writing it down as a zipcode or a phonenumber in his Palmpilot, which will be read by Agent X in restaurant Y.

Etc. etc.

Re:Net Impact on Movie Industry: Zero

[GoofyBoy]

>movie industry really has nothing to worry about >from unauthorized copying.

What they do have to do is make a reasonble effort to protect their property. Its like not even having a lock on a door, no matter how weak the lock is. This would be effective in courts of law.

>Writable DVDs will only slightly change the playfield

Actually, one of the links in the article has a how-to on converting a DVD to a reduced quality VCD (which can be produced using Writeable CDRoms)

>the hardware companies haven't figured out that >they're in the driver's seat.

I think that software companies are more in control. What can you run off of DVD drives except for movies? Not too many programs/applications out there.

Re:prophecy vs. reality

hehe you missed one - "people will never need more than 640Kb of RAM"... now who said that....?

This can't be good for DVD movie lovers

I think it was a little premature to have the CSS encryption cracked. The movie industries will likely be a lot more reluctant to release a movie on DVD. Just when I thought DVD was finally taking off, something like this happens and puts us two steps back. I have to wonder if Star Wars will ever be released on DVD now.

Re:Heeheehee (veering even more off topic)

[DanaL]

Umm...I usually go to those rooms called 'Bathrooms', but perhaps they build theatres differently up here in Canada :)

Re:So do slashdot folks care that this is immoral?

[osboy]

I pronounce my judgments thus:

1) Cracking DVD encryption key: Not Immoral. (c'mon folks, it's computer science, not crime)

2) Copying DVD movies for personal use, trading with friends, etc.: a Little Immoral (Immoral but still within my personal comfort zone. :)

3) Sale of pirated material for personal gain: Damnably Immoral!

Furthermore, the motion picture industry should not worry about me, nor others like me, because:

My home theater setup is better-sounding than my computer speakers. My television is larger than my computer monitor. My sofa is more comfortable than my office chair, and does not require mastery of yoga to fit me and my wife on. I enjoy the DVD format for it's sound quality and for the picture quality. I also always buy movies that I really like. I have tons of movies on VHS that I've copied, but i never watch them. The ones I watch most often are ones I've bought, because I can't afford a professional dubbing deck, and the quality of the recording is better on the store-bought ones. When a kick-ass new movie comes out, I want to see it on a huge screen in a movie theater. When something I REALLY want to see comes out, like The Matrix (huzzah!) or Episode I (Argh!), I ESPECAILLY want to see it in a theater FIRST. Besides, since I don't have numerous spare 9 GB drives lying around, and I don't have a T3 to my house, acquiring these pirated movies would be a pain in the ass. So I can pay $24.95 at retail for a movie I really like, and watch it on my home theater, or I can pay, what, 10 buck less for a pirated one, and watch it on my computer. Er, I think I'll take the $24.95, and the self-rightoeous moral superiority. :)

Re:Net Impact on Movie Industry: Zero

[Merk]

I think you're forgetting something. The timeframe. VCR tapes have been around for how long? 20 years? In that 20 years, the "size" of 1 gigabyte will chage tremendously.

I remember when I first downloaded Linux it was about a hundred megs and I was using a 2400 bps connection. I just let it run for 12+ hours.

How long before someone with a fast connection decides it's worth 12 hours to download the 6 gig Matrix DVD?

The cost of DVD writers is only a short term barrier too. Sure, they're expensive now, but do you really think that in 10 years, it will be expensive to get 10 Gig of removeable storage?

In less than 10 years, the hard drive my computer uses has undergone a 100 fold increase in size. The bandwith of my internet connection has undergone a nearly 1000 fold increase in size. But during that time my VCR hasn't changed, and DVDs were supposed to last that long too.

Scheiss Netscape!

[FreeUser]

ARGH!!!

Sorry for the double post -- netscape crashed mid-submit. Still not sure why that would commit it twice, though -- once with a correction and once without...

"Creating or distributing" I don't see "using".

Under the Digital Millennium Copyright Act, "creating or distributing technology" that can be used to circumvent copy protection (of digital works only, mind you!) is a "copyright violation," subject to a $2500/copy fine, plus jail time.

I didn't create DeCSS. I'm not distributing it to anyone. I only downloaded it and am using it for archival purposes only. All nice and legal according to above legal snippet.

What's more is that I downloaded the software from Norway where the "Digital Millennium Copyright Act" means what again?

Re:"Creating or distributing" I don't see "using".

It means trade barriers, the refusal of content producers to export to your country, in some extreme historical cases war.

Re:I just hope they don't stop making DVD's

[Jeremy+Erwin]

DVDs are encrypted to both stop piracy, and to protect Hollywood's incremental release dates.

A film is usually released in its country of origin first. Some months later, other countries may see it. This is done to save on film printing costs. The DVD zone system--which forms a large component of DVD "encryption" is designed to ensure that a people in Australia don't order a US-imprinted DVD instead of viewing the film in theaters.
Of course, this system ends up shafting the foriegn film buff. Many Japanese films simply don't make it into the US market/zone, and thus are inaccessible to the most import savvy viewers. Of course, one could always buy a Japanese-encoded DVD player, but that's rather expensive.
One oddity with the zone system is that China forms its own zone. Of course, China is home to many a pirate, but this also allows the government of the PRC to essentially control film imports more effectively.
The whole incremental release system will be obsoleted by digital distribution systems, anyway. Bravo for the crackers!

Re:prophecy vs. reality

Well, Bill Gates said "640K ought to be enough for anybody." That other quote, who knows who said that...
Avoid using quotes unless you are quoting.

Re:So do slashdot folks care that this is immoral?

[Mr.+Slippery]

I suggest you click on The Hunger Site and try giving something for free. Then come back and tell us how much it affected your morgtage or car loan or whatever.

That which is supported by advertising is not free.

Massive corporations want you to buy their stuff. They spend money on advertising. The cost of advertizing is included in the cost you pay for their product. When you buy a can of Coca-Cola, part of what you pay goes to Coke's advertising budget; Coke buys advertising on UPN; UPN makes another season of Voyager. So you don't get to ogle Seven Of Nine(TM)[1]'s tits for free[2], no no no; you pay for it with every can of Coke, every Gateway computer, every new Toyota, whatever you see advertised.

There's also the fact that you are paying by allowing these companies to attempt to influence your buying decisions, but that's a more subtle topic.

([1] Yes, "TM", according to the Star Trek website. Bleh.

[2] No disrespect intended to Jeri Ryan. Much disrespect intended to whoever decided her character should dress like that.)

Re:DVD Consumer Rights - AMEN !!!

FINALLY someone who understands. For the record i have a small sister(12 right now). I am 26. I own ALL (and i DO MEAN ALL) the Disney cartoons on VHS.I have been collecting them since i was 11 years old. And ya know what ? I started collecting the DVD's now. YES the movies i allready OWN i buy as DVD's. Why should i be restricted to copy my DVD on VHS ? Why should i not be able to buy a DVD movie in heathrow's (UK)duty free shop and not be able to play at home in .ca ? That is why copying will never stop and that is EXACTLY why as more "hard" protections come out more and more movies/software/music will be copied. People don't like to be controlled by the industrie's best interest. They always have THEIR best interest in mind. Not SONY's or DISNEY's or anyone else's. When you put too much restriction on someone that someone will naturally react.It's a simple fact of human nature and nature in overall. Newton's third law of physics if anyone is interested. The more pressure companies put on the consumers the more the consumers will react.

Re:DVD Consumer Rights - Copying is a GOOD Thing!

I support that. I come from an Asian country and we had just 2-5 BIG music cos that put out tapes. They also had lobbied the govt. to keep taxes high on blank tapes so it did not make sense to copy. Then along came a new music co and he undercut everybody with such "inexpensive" original tapes that it made no sense to copy them. e.g. original tape price 20 blank tape (after tax) price 18-20. guess what - he is a millionaire 200 times over and the other music cos HAD TO LOWER THEIR PRICES!!!!!!!

Linux DVD Movie Player

[shivas]

So can we have a DVD MOvie player for Linux which can use these hacked keys to decrypt the content?

Re:Net Impact on Movie Industry: Zero

[My_Favorite_Anonymou]

No matter how cheap it is, it won't be cheaper than vhs tape. Are you trying to tell me that the 200gig harddrive you are describing is going to be cheaper than compatable 40 2-hour vedio tape (assume 1 movie=5 gig) that cost 40 bucks? And nobody pivates movie with vhs that's already out on video, you can only buy shaky-cam theatrical release.

I agree zero impact in U.S. Hong Kong movie industry is suffer a big deal aleady though. 50% of the time people by good advertisement campaign, or promotion. This is one thing pivate can never provide.

(btw, who can justify a 50-dollar Russ Meyer video, I'm going to buy the pirate from ebay. I don't care what you say.)

Re:XORing bytes _is_ the ultimate security

[ToastyKen]

Nuke 'em from orbit. It's the only way to be sure.
:)

Re:Net Impact on Movie Industry: Zero

[color+of+static]

I think the reason they worry about the piracy issue with DVD over VCR is the quality of the copy versus the cost to make that copy. With VCRs you get generational defects, and even master copies ware out. Once you get your master copy of a DVD you can make perfect copies every time.

Now I really think the entertainment industry is run by lawyers who don't understand the issue here. If I'm a pirate, I'll just bit copy the media (DVD in this case), and press disks. If I don't have the keys I can then just copy the encrupted data and the copy protection. If I do have the keys I can change the content before copying, but pirates don't want that.

Before anyone works on digital IP rights issues they should be forced to read, and understand, the record player example in Godel Escher Bach. Then if they start claiming they have the ultimate meta record player we know for a fact they are idiots.

DVD 2 VCD or MPG

[BrookHarty]

I have been converting a few of my DVD's to VCDs for the past 2 months.
I can only watch VCD's on my laptop. Home theater system is DVD/VHS. (DVD player plays VCDs also...)
Only problem is it takes 2 days to rip/convert a DVD to VCD. So I own the same movie on 3 formats, VHS,DVD and VCD...

If anyone is interested, check out http://www.dvdsoft.se for ripping/encoding/converting DVDs.
If you want to buy Original VCDS check out http://www.coolvcd.com - They have matrix on VCD!

The movie industry has made money off me......

Re:DIVX was right

[settonull]

But isn't DIVX at least as dependent on some kind of copy-protection scheme as DVD?

Yes it is, and IIRC there was a small device you could build/buy that would allow you to watch a DIVX movie without paying for it. Copy protection is a waste of time either way.

Great insight; one question

[Christopher+B.+Brown]

Your observation that "consumer piracy" is likely to be insignificant is very well noted.

The thing is, the commercially significant piracy that takes place under the DVD regime is likely to be, as it is now, a result of "mass piracy" on the part of folks in the "gray market."

Unfortunately, they will benefit from the cheapness of producing DVDs, and while it may become more expensive to become a "commercial DVD pirate" than it is to become a "commercial VHS pirate," that goes along with the benefits of:

• Cheaper media and labour costs, and when you're doing something illegal, it's doubtless preferable to have fewer low-paid lackeys that could turn on you, and
• Perfect digital copies rather than the present Analog-to-fuzzier-analog VHS results.

If the big sellers of DVDs can maintain rigid control over the manufacturers of DVD mastering units, that might make it hard to "clone" DVDs from masters.

Unfortunately, that's liable to have the same flaws as DAT did. With DAT, there were special codes encoded into tape headers that would let the units forbid copying. That was part of why DAT never took off.

Re:Great insight; one question

[PotatoHead]

Good for Sony. As things slowly become global, people realize that other cultures have a lot to offer. What model DVD did you get?

Re:Great insight; one question

[PotatoHead]

I think that is is there for control. They can vary the content by zone, and they also can have a say in who makes disk players, and what they can and can't do. Think about this: If there were no real encryption, what would prevent the average joe from producing DVD's? The mastering process would be just as it is now for CD's. Expensive at first, but less as demand grows. Also said average joe would be able to distribute their media anywhere...

Re:Great insight; one question

[Repton]

They can vary the content by zone

We have a DVD player bought from Sony... When we bought it, we also got it modified (for about NZ$40) to accept DVDs from any zone.

The modification is Sony approved, and was done by the shop (which was a reputable place).

So much for zone protection...
--
Repton.

Depends on how you look at it.

[dpdx]

M.o.R.E. should have quietly reported the problem to the Xing and whatever the main company that handles DVD technology is and helped them solve it, not just totally fuck them over, as well as the rest of us.

Even if they'd have done that, that old, crackable system is still burned onto millions of discs, and they're all available at your friendly neighborhood content provider, the video store. That's a lot of Disney flicks to steal.

Second, your premise assumes that MoRE should be interested in helping the nice multi-national megaconglomerates [who presumably represent the people]. That doesn't strike me as realistic.

In fact, I'd tend to think that groups such as this exist to subvert the profit of companies they perceive as evil (not that anyone in this community would know anything about that, based on their dealings with the Open Source Software movement). I don't gather from the article that MoRE is setting up to become your one-stop shopping center for bootleg Meg Ryan flicks. They hacked DVD, probably (if I had to guess) mostly for it's own sake.

Turn the argument around for a second, like this:

cDc is totally irresponsible to all of us who would use Windows because they didn't quietly alert Microsoft to the fact that it was so #@$! easy to administer remote control to a Windows box, and now they're forcing Microsoft to release another version of Windows. How dare they!

OK, I know the analogy breaks down somewhat, but the kernel is this: the same mindset from which MoRE came to hack DVD, probably prevents them from acting in the manner you described as correct.
_____

Re:Depends on how you look at it.

[supz]

"Why DVD Encryption Crack was a Cinch" | supz (77173) | Preferences | Top | 362 comments | 2 siblings
Threshold: Save:
The Fine Print: The following comments are owned by whoever posted them. Slashdot is not responsible for what they say.
( Beta is only a state of mind )
Totally irresponsible (Score:1)
by supz (supz@i.love.spam.net) on 02:36 PM -- Wednesday November 03 1999 EST (#260)
(User Info)
The guys from M.o.R.E., that made DeCSS are totally immature and irresponsible. Cracking the DVD encryption is not neccesarily the bad thing,
the bad thing is that they made this program and distributed it. That ruins DVD for everyone. Now the movie industry is going to have to retaliate
and put some alternate protection on DVD's which could even possibly require all of us to purchase new DVD players or something of the sort.

M.o.R.E. should have quietly reported the problem to the Xing and whatever the main company that handles DVD technology is and helped them
solve it, not just totally fuck them over, as well as the rest of us.

DVD technology is a really great deal: you get digital quality video and audio and a bunch of extra scenes on one small CD-sized disc, all for about
the cost of the movie on video. Why ruin a good thing? I must say that it was also stupid and irresponsible for Xing to not encrypt the key, but two
wrongs do not make a right.

Shame on MoRE.
[ Reply to This | Parent ]
>
Re:Totally irresponsible (Score:1)
by cr0sh on 03:22 PM -- Wednesday November 03 1999 EST (#305)
(User Info)
Actually, I think they should have waited to release the program after low-cost means of copying the resulting file became available. A very likely
outcome of this whole thing will be some kind of restrictions or something on DVD recorders (tech or price wise)...
[ Reply to This | Parent ]
Depends on how you look at it. (Score:1)
by dpdx (dpdx@nospam.teleport.com) on 03:56 PM -- Wednesday November 03 1999 EST (#327)
(User Info)
M.o.R.E. should have quietly reported the problem to the Xing and whatever the main company that handles DVD technology is and
helped them solve it, not just totally fuck them over, as well as the rest of us.

Even if they'd have done that, that old, crackable system is still burned onto millions of discs, and they're all available at your friendly neighborhood
content provider, the video store. That's a lot of Disney flicks to steal.

Second, your premise assumes that MoRE should be interested in helping the nice multi-national megaconglomerates [who presumably represent
the people]. That doesn't strike me as realistic.

In fact, I'd tend to think that groups such as this exist to subvert the profit of companies they perceive as evil (not that anyone in this community
would know anything about that, based on their dealings with the Open Source Software movement). I don't gather from the article that MoRE is
setting up to become your one-stop shopping center for bootleg Meg Ryan flicks. They hacked DVD, probably (if I had to guess) mostly for it's
own sake.

Turn the argument around for a second, like this:

cDc is totally irresponsible to all of us who would use Windows because they didn't quietly alert Microsoft to the fact that it was so
#@$! easy to administer remote control to a Windows box, and now they're forcing Microsoft to release another version of Windows.
How dare they!

A security hole in windows could harm people far worse than a security hole in a DVD, so that little analogy breaks down a hole lot.

Re:Depends on how you look at it.

[Darby]

cDc is totally irresponsible to all of us who would use Windows because they didn't quietly alert Microsoft to the fact that it was so #@$! easy

Your analogy breaks down in this case because
cDc did exactly this and Microsoft told them to fsck off.

Not that I disagree with your point, I just wanted to point that out.
---CONFLICT!!---

Re:Not too surprising

[jd]

Agreed. The key length was FAR too small, for something like this. Running more rounds (as in triple DES) would be viable, but 3DES is phenominally slow - far and away too slow to be usable for real-time applications.

It's hard to protect -everything-, since something has to be visible to the hardware for it to be able to start decryption. The outer layer -must- be visible, even if it's in hardware. At which point, all you need do is read the outermost key, and you get to exactly the same point these guys did.

Anything the player can see, you can see. There's nothing magical about a machine, even when it's based on a Japanese design.

The question was never "whether" DVD encryption would be busted, but when. Actually, I'm amazed it took so long.

Sooner or later, manufacturers, movie industry bosses, etc, are going to have to come to the same conclusion computer software houses did years ago. Copy protection -doesn't work-! It's a fundamentally flawed concept. There was only one scheme that even came close to working, and that was confiscated by the MOD in England, and classified. Even then, it was probably fairly easy to break. The whole concept is fundamentally flawed.

Re:Net Impact on Movie Industry: Zero

Sure it's a one-time shot. No problem if all your movie studio makes is blockbusters...

Take a lesson from Hong Kong?

"Hollywood is a victim, and Hong Kong's film industry, once dubbed Hollywood East, has been devastated by piracy. The industry will cut only about 80 movies this year, down from 200 a few years ago, according to Woody Tsung, chief executive of Hong Kong's Motion Picture Industry Association. "Many film projects were aborted because of piracy," says Tsung. "The technology is more and more affordable. The pirates are energetic entrepreneurs." "

Just go run a search on VCD's and Asia. The Asian CINEMA market has been devasted by VCD piracy. The movie going audience is down 40%.

Movies are bootlegged with a camcorder almost IMMEDIATELY on feature release, and many times, even before due to preview audiences. The VCD of the movie is in everyone's hands about a week later.

I don't know about you, but I want Hollywood to rake in enough money to make great movies like The Matrix, Titantic, Saving Private Ryan, Toy Story, etc.

And I want threaters to rake it in so they can continue building better multiplexes with better audio and video (like the near-future move to digital projection technology)

I love Hong Kong movies. Jet Li, Chow Yun Fat, et al, but very often, they have inferior sound, and inferior camera quality, and inferior film stock. Maybe the lack of profits in "Hollywood East" is the problem.

If DVD copying becomes wide-spread and entrenced, one of more things might happen:

1) Hollywood takes a big monetary hit and won't fund movies like Matrix 2 if they don't think they'll recoup in the Video release. (revenues = cinema release + foreign release + home video)

2) DVDs are produced with lower quality. No more directors cuts, behind-the-scenes, multilanguage, no letterbox versions, etc. Just slap the movie on the DVD and ship it like VHS.

3) the number of movies converted to DVD will fall.


However, this might not happen. Asia is different than the US. *Fortunately*, US culture has a more healthy respect for IP and copyright, and a government that enforces it. Western cultures are also better off economically and able to afford the "luxury" of going to the theatre vs staying at home and watching it on a TV.

The problem is, widespread distribution of home theater systems, DVD, Dolby Digital, etc in the future may lead to a more "stay at home" audience, and there, DVD piracy could have a huge impact.

Re:Take a lesson from Hong Kong?

[ewhac]

Clearly, these people are not very clever. It seems fairly clear to me from this "horror story" that the movie theatre model of film distribution has been marginalized by advancing technology.

We observe that people are not willing to go to the theater, but are willing to buy VCDs. Now, would a clever person either:

1. Release to VCD first at, say, a 50% premium over bitlegged VCDs, thereby establishing themselves as the source of the highest quality copies of that movie (and then release to theaters a couple of weeks later, thereby getting all the people who want to see the film in all its high-resolution wide-screen THX glory); or,
2. Whine shrilly about "piracy" and your rapidly-eroding intellectual "property" rights?

The environment is changing. Organisms (and organizations) that do not evolve will end up as an exhibit under glass in a museum. I guarantee you the environment will not change to suit your whims. Start changing the way you think about this stuff; the ulcer you save may be your own.

Schwab

Re:Take a lesson from Hong Kong?

[key+nell]

Most HK film productions are financed by organized crime. In many cases they're the ones selling the pirate VCDs.

Nobody is ruining anything

Re:Take a lesson from Hong Kong?

There is more than just piracy that is causing less movies to be made in Hong Kong (despite what the movie industry might be claiming). First, Hong Kong actually allows you to take recording devices into a theater, hence the reason they come out with VCD's so quickly. Second, the asian market has been very down in the last couple of years, giving less money for inverstors to put into the movie industry. And finally, most of the key Hong Kong actors and directors (read the money makers) have moved to Hollywood. Therefore, investors are more reluctant to dump money into a studio, compounded with the fact that there is currently less money to dump into the studios. PIRACY ALONE DID NOT RUIN HONG KONG STUDIOS, AND NEITHER WILL IT ALONE RUIN HOLLYWOOD.

Re:Take a lesson from Hong Kong?

[Steve+B]

The economics of the situation (legitimate DVD copies of major movies selling for $20-$30) just don't make piracy profitable enough to have a major effect on the bottom line. The only way for pirates to make money in that environment is to organize on a scale that makes them big fat targets for any government that gives a flip about the matter (which is the underlying problem in East Asia).
/.

Re:Take a lesson from Hong Kong?

[CryptdotX]

The American movie industry is starting to do this already. The American studio that made Titanic released a VideoCD version of it available dubbed and subbed in Chinese, on the streets at the same time as the pirate versions. I think that they were successful, although I haven't heard any news about it since.

Re:Take a lesson from Hong Kong?

I just had to say I really like the term "bitlegged". Did you coin this?

Re:Take a lesson from Hong Kong?

[ewhac]

Alas, no. Another Slashdot user did. However, I've been unable to find the original post; it's probably expired.

Schwab

Too bad for them!

[roystgnr]

Oh, no, they used a weak, 40-bit encryption scheme with 200 different keys lying around, and it bit them in the ass, you say? I'm sorry, but if out of 200 different companies there wasn't one who would say "Hey, look, this encryption system is as solid as swiss cheese!" before creating the standard, then they're responsible for what's coming to them.

It's as if someone discovered that every door lock and ignition lock on General Motors' cars could be disabled with a refrigerator magnet. Too bad for GM.

Re:Too bad for them!

[Dante333]

I thought it was with a palm pilot?

Re:Information Wants To Be Free

[jms]

Simply speaking, copy protection schemes just don't work. If you allow access to the data to anyone for any reason, someone is going to find a crack for it. I don't care how good your copy protection scheme is.


There's one exception to this, and that's if the company goes out of business before anyone has the time or interest to hack their copy protection. i.e. DIVX.

Re:Hurray!

The difference between useful encryption (like pgp,ssh,ssl, etc.) and DVD/copy protection type things is that you HAVE the private keys, you just have to look for them (inside your DVD player or software) Copy protection will always suffer from the problem that for the data to be useful, it has to be extracted into a viewer-friendly format, like a raw audio stream. Even if, say a new secure audio format was developed, you could just modify your soundcard driver to save the stream to a file while playing it (same for video, albeit more expensive). Then you could recompress the stream. Even DIVX would be doomed to fail if it didn't kill itself first. Remember ATT's Clipper phones? The LEAF (Law enforcement access field) could be forged by using the output of one phone with another (see Applied Cryptography)

Re:Net Impact on Movie Industry: Zero

[jdwtiv]

>DVDs are cheaper to produce than video tapes.

I've often wondered about this. It seems like it would be cheaper to produce a cd than a cassette tape for the same reasons, yet here we are 10 years or so into the cd revolution and cd's are still more expensive than tapes.

(And if I remember correctly tapes/records were normally pretty close to the same price)

Also reminds me of a speech I saw from a well known games developer. He was very excited about the proliferation of cdrom drives, as cd's were going to save his company a ton of money over shipping floppies. When someone asked if that meant his games would be cheaper, he just smiled from ear to ear... :)

So much wasted effort... *sigh*

[jidar]

It really amazes me how clueless the entire entertainment industry is. Consider the amount of time, money and effort that is going into creating these encryption schemes on digital media, and for what? As several people have already pointed out, you can't stop people from copying! If your media ever has to be 'unencrypted' for someone to view it, then that is the point where it can be duplicated, be it by 'catching' the data as it goes to your monitor and sound card or by using a video camera aimed at your monitor. It is painfully obvious that there is NOTHING and I mean NOTHING that can be done to stop copying of media. People aren't even going to be slowed down. How long is it going to take them to catch on to that? This seems so obvious to me, and yet entire industries are all fighting to do... do what? Make another easily bypassed copy protection scheme... in short, not a damned thing.
All wasted effort.

hrm?

[MenTaLguY]

I was unaware that Bill Clinton and Al Gore were Republicans. Thanks for enlightening me.
Berlin-- http://www.berlin-consortium.org

Nope, I don't care...

[sterno]

I think, we as a society need to get over the notion that people own ideas. The open source movement has begun to demonstrate a great way for people to make a buck without having to own ideas. Rather than writing software, keeping it secret and then selling it to people, the companies have learned to give away the secrets, but make money on support and services.

Personally, my income is hurt by closed source old world ways of distributing software and media. I work in computers doing custom development of software for corporations. The software I right is really only useful in a specific context for a company so piracy doesn't effect the work I do. However, having to pay for operating systems, database software and development tools does effect my bottom line in a big way.

I will admit to the fact that deciding as a society that intellectual property isn't something you can own will hurt a lot of companies who have built their empires on that assumption. But in the long run I believe we will be better off for it. In addition I think their are better ways for these companies to make money.

Rather than producing a CD and depending on the distribution of the music to make money, why not make money off concerts instead. Give away the music to hook people and then do major concert tours. Sell experiences that cannot be duplicated and pressed and mass distributed. Sell things that are unique once of a lifetime events.

I can get a DVD of a movie, but yet I still go and see it in the theatres. Why do I do this? Because it is a unique experience that I cannot reproduce in my home. Their is value in that experience. I have a nice home theater system, but it is never the same, so I shell out my money and see it on the big screen with big sound and a large crowd of people to share the experience with.

Really the whole intellectual property thing is, I think, a sign of inefficiency in the mechanisms of distribution more than it is a legitimate form of business. Books, CD's, Videotapes, DVD's, all have a certain cost in duplication and distribution which must be recovered. With the rise of the digital, and the ability to make infinite perfect copies it seems wholely ridiculous to charge me money for it.

Do I believe that copying a DVD is illegal, yes. Do I believe that it is immoral, no. I believe that to charge more than the cost of distribution for the DVD is immoral.

---

Re:Nope, I don't care...

The "Open Source movement" doesn't have anything to do with intellectual property, because every significant piece of OSS is just a reimplementation of a previous proprietary product. Now, I agree that OSS is a good way to quickly develop a nice piece of software, and there are certainly companies making money supporting it, but that doesn't mean there's no place for IP. Somebody has to invent new things, but what company would invest in R&D if the minute they released something CheapBytes was selling it for $2?

Re:Nope, I don't care...

Now, having said that, I think it's pretty funny that DVD got cracked. Copy protection is a non-solution that inconveniences honest customers.

Re:So do slashdot folks care that this is immoral?

The only time I've gotten copied articles was in an educational setting and I was definetely never solicitied to purchase copied articles. That's why the magazine industry wasn't/isn't hurt by Xerox.

Right to copy for personal use

[speedbump]

Wrong! You do not have a 'right' to copy legally obtained content for your own use; you only have the opinion of the Courts that home copying is immune from prosecution.

Re:Right to copy for personal use

Hey Einstein-

The "opinion" of the court DOES comprise law. If the court won't prosecute you for breaking a law under certain conditions, that renders the law a moot point, because there is no one outside of the courts that has the permission to render judgement on violation of a law. I believe the term (IANAL) is "Statutory Law".

It's good.

It will speed up technological progress again, which has been stalled for the last some years, arguing about region codes.
DVD-R will be sold in millions, next year or in 2 years.
And who would have won then? East Asia again, not Hollywood. And why? Because you have too strong lawyers and too weak coders.
But wait. UP is in Sony's hands. What now?
Was this a trap, they fell in themselves?

As long as we're talking about morality.....

[Ukab+the+Great]

If you want to talk about morality artists getting hurt, why don't you mention the different continent codes that DVD's/players have, courtesy of the DVD people. This little scheme is quite immoral. Basically, if you have a DVD you bought in Europe, it won't work on a DVD player in the U.S., and vice-versa. Or if you bought your player in Australia, you can't play DVD's you bought in china This is *damned* immoral because it bars people in one country from watching some great films produced in countries other than their own. Sure, a lot of films will get ported back and forth between continents, but not all of them, especially in the case of independant film. We see this phennomena with game consoles, where the playstation you bought in america might not run some awesome games you can only find in Japan. Same thing. This immoral practice hurts some very talented artists in other countries who have yet to be discovered. Hopefully the DVD crack will end this.

It means nothing for the DVD industry...

[Bill+the+Cat]

Give the current price of pre-recorded DVDs, the vast majority of people will find it much simpler to buy a legitimate copy of their DVDs, rather than try to obtain a pirate copy.

If the DVD makers decide to be dumb and raise the prices of their movies, well...

Re:Matrix?

[noom]

You forgot to critisize the acting -- Keanu Reaves really sucks. Although I agree with you on all other counts.

And yet, somehow, I still enjoyed the movie a lot. Go figure.

It had to be broken

[Another+MacHack]

The mere fact that software-only DVD players could exist is sufficient to ensure that the scheme was crackable, 40-bits or 2048. Why? Because obviously the software player could decode the stream in order to play it. They key has to be either on the disc, or in the player; there's no way around that. A hardware-assisted solution could have at least hidden the keys in a chip somewhere, but a software one is all out in the open, requiring only patience before it falls.

Who screwed up?

[DanMcS]

The article says the codebreakers reversed the XingDVD player. It was easy because someone didn't encrypt their CSS code. I thought the article was unclear on who exactly it was, but on a second reading it appears that Xing themselves were the culprits. If so, this probably opens them up for a slew of lawsuits from the people who claimed this format was secure.
Anybody else think it's possible they did it on purpose? I mean, you don't screw up an industry standard that bad on _accident_. Could have been a disgruntled employee, maybe, I dunno.

Re:Who screwed up?

[nevets]

Actually, they had proprietary code, so they thought that it was hidden. The article says that the Xing code was reversed engineered. And that their key just wasn't encrypted. So those at Xing probably never thought that their software would be reversed engineered. Idiots, more likely than disgruntled employees.

Steven Rostedt

Re:Net Impact on Movie Industry: Zero

[Cramer]

I'm sure the DVD Forum was well aware this weak as all hell pseudo-crypto was going to be broken in record time. Anyone who knows anything about cryptography knows the CSS system is a joke -- the only way it can be close to secure is by hiding it's simplicty behind an NDA.

There's nothing to suggest the forum cannot (will not) change the keys. After all, it's simply one sector of the disk. No PC DVD-ROM will care what's in that sector any more than any set-top box will. This will break every software player and every DVD decoder card that handles CSS directly. The set-top boxes are questionable...

As I understand it, CSS merely prevents access to the sectors of the DVD; it's not actually munging the data in that sector. If that's the case, then the DVD forum can fill that sector full of random garbage and break every PC DVD-ROM in the world while not bothering the set-top boxes that don't give a rats ass about CSS -- the decoder hardware is closely coupled to the read head. It wouldn't take long before manufacturers would be offering new firmware to remove CSS once and for all. That'd be _GREAT_, therefore, I must be wrong :-(

Of course, for all I know, the DVD-ROM drive itself could be the one doing the scambling. All I know is that the drive is not supposed to give you access to the protected sector(s) without proper CSS handshaking and key exchange.

A dumb question (was Wherefore encrypted ....keys)

[billybob+jr]

If someone had the ability to press a dvd that was a duplicate of another, wouldn't that dvd play just the same as the original?

I just hope they don't stop making DVD's

[cehf2]

It would be very bad for the DVD industry if the Film makers stop producing DVD's. At the moment it is not such a problem as you can not feasibly copy a dvd movie across the internet, as it is about 4gb.

DVD's are so much better than any video could ever be that the film industry has got to keep producing them. besides they are probably cheaper to produce than videos, as it is a relatiuvely simple pressing process.

Re:I just hope they don't stop making DVD's

[jms]

What -- they are going to stop pressing DVDs, (which are much cheaper then VHS cassettes to produce, bring in higher profits, and can only be stored on a recordable medium that costs more then the prerecorded DVD), and continue manufacturing VHS cassettes, which are bulky, more expensive to produce and ship to market, and are easily copyable onto a blank medium that costs 1/3 to 1/5 the cost of the prerecorded tape?

They're just mad because they were promised by the technical people that this encryption system was SO perfect that it would make it impossible for anyone to ever copy any part of a DVD. The pesky problem of "fair use" wouldn't be an issue, because fair use would have become technically impossible.

Unfortunately for them, the rest of the world doesn't seem to share their vision of the future of recordable media.

Re:I just hope they don't stop making DVD's

One could also buy an extra DVD-ROM drive for $100 and assign it a different zone using player software from a complete kit.

Re:I just hope they don't stop making DVD's

[N_R_K]

DVD's are transported across the internet everyday. Right now Movies on DVD are converted into MPEG1 or VCD format everyday. This process is time consuming, but very possible. It takes a 4-6gig DVD and converts it to about 1.2 gig (2 CDR discs) which are distributed daily if you know where to look for them. The point is, stiffling the release of DVD-R or putting additional restrictions on them is pointless, since the piracy they hope to prevent already happens on a large scale.

Re:Silly copy protection schemes

I am not an expert on this tech., and I have been half reading/half skimming all of this today, but if I understand it correctly, the encrypted key on the DVD's was for authentication purposes, not for providing a way to decrypt the the DVD.

Totally irresponsible

[supz]

The guys from M.o.R.E., that made DeCSS are totally immature and irresponsible. Cracking the DVD encryption is not neccesarily the bad thing, the bad thing is that they made this program and distributed it. That ruins DVD for everyone. Now the movie industry is going to have to retaliate and put some alternate protection on DVD's which could even possibly require all of us to purchase new DVD players or something of the sort.

M.o.R.E. should have quietly reported the problem to the Xing and whatever the main company that handles DVD technology is and helped them solve it, not just totally fuck them over, as well as the rest of us.

DVD technology is a really great deal: you get digital quality video and audio and a bunch of extra scenes on one small CD-sized disc, all for about the cost of the movie on video. Why ruin a good thing? I must say that it was also stupid and irresponsible for Xing to not encrypt the key, but two wrongs do not make a right.

Shame on MoRE.

Re:not much time left...

[Greyfox]

1) Yes, but there's not much time left for that either. By 2005 Japan and Europe with both have bigger net presences (And better video and voice integration for data transmission.)

2) It killed the CDA pretty well dead in its tracks.

2.5) I'd like to see it pass, and then everyone can go out, buy a steak at the supermarket and then go to the police and confess to possession of the drug.

Wont last 50 years

DVD's and CD's you buy today will most likely NOT work 50 years from now, this is because the aluminum will loose the encoded pits after a few years. I remember reading that the max lifespan on a cd was around 9 years, though it may have improved. I also remember reading that some company (or more) was developing archival quality cd media, that would not degenerate over time.
Just a few interesting bits for all us info hungry slashdotters =]
AC

Re:Wont last 50 years

> DVD's and CD's you buy today will most likely NOT work 50 years from now, this is because the
> aluminum will loose the encoded pits after a few years.

Why do you think I mentioned the importance of being able to make archival copies, and why it was wrong for CSS to prevent this?

Keep making perfect digital copies every few years in advance of when you suspect the media will fail :)
(of course, your DVD player will probably cease to work before 50 years, and they will no longer be available... fortunately you'll be able to use a patent free software MPEG decoder by then)

Re:Wont last 50 years

[Why2K]

I remember reading that the max lifespan on a cd was around 9 years, though it may have improved.

I don't know about this... I've got music CDs that I bought over ten years ago that still play fine (if I have a sudden urge to listen to all of that great '80s music!).

Re:Wont last 50 years

[matguy]

The life span of the aluminum depens a lot on where you live, coastal climates being the worst. Mobile Fidelity Sound Labs was/is doing a lot of work on this ultimately using gold as the reflective layer. Other pressing sites also may have done some improvements since then, also, if I remember correctly MFSL was having JVC press their disks.

matguy
Net. Admin.

The unencrypted key in Xing's player is irrelevant

[kijiki]

If your computer can use the key to decrypt the stream in software, you can watch it decrypt its own code in Softice or something similar, and get the key. The encyrpted code just made things more difficult. Without some kind of tamper-proof hardware there is NO WAY to do 100% secure digital media distribution.

Everyone NEEDS to be able to backup

Everyone NEEDS to be able to backup. Unless they are going to give me new copies for my scratched or broken ones.

Re:Everyone NEEDS to be able to backup

Does the company that sells you eyeglasses give you free replacements when you scratch the lens?

Re:Everyone NEEDS to be able to backup

No, but you're allowed to make new eyeglasses if you want to.

Re:Net Impact on Movie Industry: Zero

If you do decide to join western culture again you may want to consider spending a bit of time with the Matrix....it is worth it.

Just like DIVX came out and killed DVD already.

Your logic fails for the same reason DIVX failed.

A movie studio is going to make the money if it comes out with a movie that plays on all players.

In order to make DVD2 to work, they need buy in from the current DVD market.

In order to get buy in, they need technical advantages over the old standard.

Real technical advance most likely means a 20-100 gig disk and more resolution.
That technology is 3 years away.

In the meantime, everything goes to DVD.

Not too surprising

[Christopher+B.+Brown]

This exposes two unavoidable vulnerabilities:

• The system was using a published crypto scheme using "mere" 40 bit keys.

  40 bits is fairly breakable, and since key transmission is a critical problem in building crypto systems, and DVD systems often represent embedded systems, they have a few keys vulnerable to brute-force attacks.

  There is no question but that DVD encryption would be quite vulnerable to brute force attacks.

• This story displays that protocol problems represent a major vulnerability.

  It appears that the result of this "exploit" is that the decryption keys for all DVDs have been exposed as a result of them being accidentally published.

  This is the sort of thing that organizations like the NSA reportedly are acutely sensitive to when they are trying to crack systems.

  In order to keep such systems secure, it is absolutely necessary to be extremely careful with how critical data like encryption keys are dealt with. Apparently these keys were released to people upon whom it was not carefully enough impressed that they needed to be "billions-of-dollars-riding-on-this" worth of careful.

Oops.

Re:Not too surprising

[Cramer]

I don't know... the old Atari "hole in the floppy" method, while relying on the software to verify the hole, was a very effective system. The C64 also had a very good system... the floppy drive was a computer all it's own; load code in the drive to read back the protected data in a way that was not normally readable.

Any time software is used to enforce copy protection, the protection is worthless. Only a hardware solution beyond the alteration of an end-user is a solution. This worked perfectly for the Playstation until the advent of the mod-chip.

Re:Not too surprising

[Bradley]

Every player -- including consoles from Sony, Toshiba, and other consumer electronics vendors, as well as software vendors for PCs like WinDVD and ATI DVD -- has its own unique unlock key. Every DVD disc, in turn, has 400 of these 5-byte keys stamped onto the disc. That way, the unlock key from every licensee, be it WinDVD or a Pioneer DV-525 unit, will read the disc.

So does this mean that there can only ever be 400 DVD drive manufacturers? What happens if XYZ Corp starts manufacturing these tomorrow, and I buy one. Can I then not play a DVD that was printed yesterday?

Am I missing something?

Re:Not too surprising

[Bradley]

I don't really think there will ever be more than 400 DVD drive manufacturers.

And nobody will be using this software from the 60s when we have to worry about date rollovers...

Presumably that means that whoever's in charge of the whole process has these keys already autogenerated, and pressed onto each disk?

Re:Not too surprising

The Commodore 1541 floppy drive's CPU was actually more powerful than a Commodore 64, so exotic track formats and low-level encodings and "weak tracks" were also possible - as was custom high-speed copying software that rendered them moot.

Tamper-resistant hardware is damn hard and expensive, and hardly ever worthwhile in mass markets. Happily, this makes Free Software that does these things possible, though vendors only notice the few cheapskates and cheats out there.

Re:Not too surprising

[hasse]

That's right. But I don't really think there will ever be more than 400 DVD drive manufacturers. (It's not like there was 400 manufacturers who signed up from start, and those are the only ones who've got keys. They're assigned keys when they sign up for a license.)

Let's not be judgmental

Everyone wants something for nothing. Some people are consumed by the desire.

Re:Let's not be judgmental

[Black+Parrot]

> Everyone wants something for nothing.

Just an observation on our society's value system:

If you want something for nothing, you're despised as a deadbeat;

If you want a whole lot for almost nothing, you're admired as an entrepreneur.

--
It's October 6th. Where's W2K? Over the horizon again, eh?

Re:So do slashdot folks care that this is immoral?

I thought the point of cracking DVD was so we (Linux users) could watch DVD.

Re:Net Impact on Movie Industry: Zero

[Foos]

An interesting point to note is the fact that when you make a copy of a VHS tape, you lose a certain amount of quality on each copy. So if you have a "fifth-generation" copy of a movie on VHS then there will be a noticeable loss in quality. On the other hand, with DVD there is no loss of quality whatsoever even for a "hundredth-generation" copy since it is all digital. Thus a copy will be exactly the same as the original.

Why not do this?

[JM_the_Great]

First you get the encrypted DVD. Put it in your computer and play it. Get a scan converter and record it to VHS. Play it back and record it to an MPEG, VCD, DVD or whatever. This will work with anything CD's, Encrypted/Copyrighted/watermarked music, anything that can be transilated into an analog signal and back again. You will lose some quality, but, to save a few bucks it might be worth it.

In this sense no matter how strong the encryption is, it can always we worked around. If you record it to a DAT (music) or another high quality Video recorder you woln't lose much quality and you don't even have to crack a encryption scheme.

If software was only this easy to pirate.

Disclaimer: I don't suggest you do any of the things stated above and I'm not responsible for anything that might happen to you beacuse of your use of said ideas.

That's my $(2^4*3+1/7%3*2/100)

No way. Future DVDs MUST be "backwards compatible"

Forcing the millions of DVD player owners to upgrade would be mass suicide by electronics makers and the movie industry. Remember what a horrific and spectacular failure DIVX was? So since all future DVDs must play on existing players, they will now and forever remain copyable by us evil consumers.

Information Wants To Be Free

[adimarco]

Without getting too deeply into the idealism of the subject, they really should have expected this.

Simply speaking, copy protection schemes just don't work. If you allow access to the data to anyone for any reason, someone is going to find a crack for it. I don't care how good your copy protection scheme is. I don't care what kind of information you're trying to protect, or what kind of media it's on, be it CD, DVD, casette, diskette, whatever. Information wants to be free.

They've tried so many tricks and schemes over the years. Remember the "What is the second word on page 153 of the manual" ones? Or what about software that would only let you install it twice.

I still use numbers like 123-1234-1234567 for Micros~1 product keys even when I have the legit numbers. Always good for a chuckle.

The way they accomplished the crack was hilarious 'though. RealNetworks (or whatever subsidiary that was) must be pretty embarassed right now... forgot to encrypt their decryption key. Morons :)

Anthony


^X^X
Segmentation fault (core dumped)

Re:Information Wants To Be Free

[panck]

Information wants to be free.
i couldn't agree more, especially in a system like the internet, which was designed to allow information to move from one point to another as easily as possible.
trying to create a "secure" site or system connected to a medium like the internet is almost like getting in the ocean and trying not to get wet.
Here's a hint to the Motion Picture association and the Recording Industry....don't put your content in a format that can easily be read, unless you want it easily copied.
If you want to make it hard for people to copy, it has to in a format/using a system that makes it difficult for any information to be transferred.

Keep the information flowing, folks.

Re:Information Wants To Be Free

[xanth]

There are two cases that apply to the conjecture that "Information Wants To Be Free".

• The first is the situation where the distributor of the information would like to keep the information secret, while the recipient either has no preference, or would like to publicize the information. This case corresponds to the movie/music/software industry attempting to enforce copy protection. It clearly can never be done with 100% enforcement. At some point, regardless of the encryption scheme and protocol used, the information HAS to be converted to plaintext before the intended recipient can view the information. Thus the decision to keep the information secure is up to the recipient.

• The second case is when both the distributor AND the recipient would like to keep the information secret. In this case, by using a sufficiently well tested and well designed encryption scheme and secure protocol for exchange, the information can be kept secret against all forms of attack.

So the ball is in the recipients court: the distributor has little control, and while security of information in the context of private email and so forth is entirely achievable, in the context of "copy protection" it is, as the borg say, futile.

Re:Information Wants To Be Free

[jafac]

using that license key - you have signed your death warrant. Whenever you go onto the internet, IE secretly sends a GUID containing your license number to a Microsoft database. So when Microsoft rules the world, the Bill Gates' Jackbooted thugs will track you down and send you to the "Intellectual Property Paradise", where you can work as slave labor (waxing Bill Gates' fleet of Ferraris), until you have paid back all the value of the intellectual property you have stolen. Then, you will be executed, automatically, by electricution, scheduled and actuated by a WinCE device they've implanted up your butt.

I wish I had a nickel for every time someone said "Information wants to be free".

Re:Information Wants To Be Free

I think you mean "paid back the retail price." To square up the "value" obtained MS would have to pay all of their customers for rear-end-pain incurred.

Re:Silly copy protection schemes

I expect it works like this: The files on the dvd are encrpted. The key to this encryption is then encrypted 500 different ways (ie: 500 differnet keys) These 500 keys are the keys from which keys are assigned to various players. So.. Xing is given one of these keys. So.. any player has to a) Using it's unlock key, it decrypts the decryptoin key for the actual file. This way, the keys for each individual DVD can be totally differnet, while the players can keep their keys.

Re:5:1 can be good

[just+someone]

The problem is that engineers need to learn how to do good 5.1 mixing. The mixes are designed to for the user to face the center speaker, it's not as non-directional as stereo configurations. Speaker position is programmed into surround sound set-ups to make it seem like the sound is coming from one direction.

There are a few great music tracks on movie dvds. Turn off the TV, and you've got great sound.

The talking heads Stop making sense has two great 5.1 mixes. One puts you in the front row, and the second is the "soundboard" mix, and what I would expect to be on a dvd audio disk. The music surrounds you.

The Aretha franklin scene is blues brothers is another great mix. The background singers are in the surround speakers.

And you can see how the mixes get better as an engineer gets more experience by listening to Fleetwood Mac The Dance DVD. The surrond speakers come alive in the last few songs.

Not a good week for real.com

[uncleFester]

First the privacy snafu, now this. The question, though, is who will get the blame for this.. Xing for failure to encrypt, or Real for not catching it? Who gets their ass tossed out the front door?

*snicker*

So, what to do now? Firmware updates? SuperMassive recall? (unlikely) An excuse to change the spec/format? At the least, all codes will^H^H^Hshould be strengthened, changed, etc.. I guess the overall question is...

How will the average consumer get bent over in this one?

-fester

Windows NT encountered the following error: The operation completed successfully.

Re:Not a good week for real.com

There was already talk of a new round of DVD copy protection, even before this happened. Something involving video watermarking (as in DIVX - though maybe not with as many artifacts) and "bad spots" on the discs (like all those "bad sector" schemes for copy protecting floppy disks). One of the issues was what level of compatibility to "allow" between new and old players and discs.

Re:DVD is Dead Anyway.

[Todd+Knarr]

Yep, you've "got" it alright. But with attitudes like yours, not a lot more will be stored on media you can keep indefinitely.

Perhaps. But my "attitude" is the norm among consumers. License, schmicense. When the average buyer comes home with a movie, they know they don't have the right to duplicate it and sell copies but they own the copy they bought. Tell them "you can't use what you just bought because we changed our minds", and they'll laugh at you. Try to enforce it, and people will ignore you. Make media that doesn't let them ignore you, and it'll sell as well as DIVX.

Re: Have you tried copying a DVD to VHS?

[Another+MacHack]

Sure, that's what "color correctors" are for.

DVD-R

[bbqBrain]

The article raises an interesting point: there could definitely be a move to restrict DVD-R technology in the US following this chain of events. It seems an absolute outrage to me that the potential of DVD-R could go unrealized, at least in the short term.

CD-R is great, but a more and more packages are too big to fit on a single disc. DVD's offer a convenient way around this. There's nothing wrong with the technology--don't punish it and the people who want to use it for legal purposes.

Of course, it wouldn't be the first time the recording industry imposed its will on the American public. As I recall, they almost killed DAT. In fact, it never did catch on much for home use.


-bbqBrain

Re:DVD-R

If they refuse to make dvd-r, someday somebody will make a 100 cd changer than cahnge and buffer cd on the fly. That way you can watch a dvd quality movie in 10 CDs. Of course, nobody will do it because it's too cumbersome. It's a matter of time a cheaper mess medium will appear if there's no dvd-r. I thing those Xgig tape drives are fast enough.


CY

Re:Kill the smart people

[Bolero]

I agree with you for the most part. The only problem I have is your example. Distributed.net is using a different method to break RC5-64 than what the CSS hackers used. They didn't attempt to brute force attack CSS, instead they found a kind of security hole in Xing/Real Network's security

If somebody found a glaring security hole in RC5-64, it too would be brought down.

Like hybrid multiple-recipient PGP

Based upon what I read out of the LiVid mailing list archives on Monday:

• Most disks have their video data encrypted with a random 40-bit key (called a "title key"?). Each disk has a different title key.
• 409 copies of the title key are made, each encrypted with a different manufacturer's key (also 40 bits each). Those encrypted keys are written to the disk.
• A given manufacturer, when they get their DVD license, gets one of those 40-bit manufacturer's keys and a note that says "use key number 12".
• The player looks at the disk, extracts the 12th of those 409 encrypted keys, uses its manufacturer key to decrypt it, giving it the title key. That title key is used to decrypt the video material. It ends up with the same title key as any other player would have gotten on that same disk.
• The manufacturer key would be held in ROM or encrypted in a software player of some sort. To discourage manufacturers from doing that badly, the following threat is put in the license agreement: If someone figures out your manufacturer key, you pay us a lot of money, and in addition we stop including your key in the 409 used on new disks. Now all the newest movies won't play on your player, and you go out of business.

So it's like the usual hybrid PGP scheme with multiple recipients (where a per-message random symmetric key is public-key-encrypted to each of the recipients), except CSS uses symmetric encryption everywhere, and the disks are usually encrypted to the same 409 recipients all of the time, and only a few dozen of the recipient keys are actually known by real users (players), the rest being kept in a vault for new licensees.

The problem was that the encryption was really poor. There are two attacks:

1. For any given disk, brute force the title key. I think this would take a day or two per movie. Then assemble a web database of some sort where you could look up the title keys for your disk.
2. Once you've figured out the title key for a given movie (say, by discovering one of the manufacturer keys, doesn't matter which), look at those other 408 encrypted keys. For each one, brute-force the related manufacturer key. (because of massive flaws in the crypto, this takes about a tenth of a second for each one). Now you have 409 manufacturer keys. You don't care which one is which. Publish them all.

The latter has happened. Hundreds of keys are now public knowledge. Many of them are probably in use by big-name manufacturers (you now have the key of every player that could have played that disk, which is all of the current ones and most of the future ones). And it is practically impossible to change the keys in a useful way. They would have to drop all of the keys in use by the current players from new titles, making them unplayable on current hardware. If even one key remained from the set that are now known, the same attack could be made to get all of the new ones.

Note that if they had planned for this, they could conceivably have put several keys into each player, and the response to having all of the current keys published would be to switch everything to Set 2 (instead of using FooCo's first manufacturing key on the disk, they use FooCo's second key). The current players that had multiple keys would still play new movies, but the published keys would not work. However, learning any one of the new keys (perhaps from a poorly protected software player that had multiple keys too) would allow the whole attack all over again. And brute-forcing a title key would allow the whole attack over again. The net result is that CSS is completely and utterly dead.

There is an extra layer on top of this, the authentication phase, which I don't know much about. From what I can tell it seems to be designed to keep someone from snooping the bus traffic and reading the decrypted video from there. The DVD drive will refuse to read certain sectors from the disk (the encrypted keys) until you've negotiated something with the drive. There may be more to it than that, but the technical issues have been solved for quite a while.. the necessary ioctls are already in the linux kernel.

And, as noted by others, this is independent of the copyright issues on DVD movies. CSS was a scheme to restrict use of the video data, and had the effect of preventing the development of open-source players on Linux and other platforms. Now they can be written (and mostly have been, although doing both audio and video at once is beyond the capacity of most processors).

-Brian

In all seriousness...

[MenTaLguY]

The real problem comes from both sides of the aisle.

I'm quite sure the encryption opponents are quite relieved that anyone who might otherwise oppose them is too busy blaming whatever group he or she is not a part of, be it the Democrats or the Republicans, the Liberals or the Conservatives.

Berlin-- http://www.berlin-consortium.org

Well, what took them so long?

[XNormal]

I don't know about the film industry, but I certainly expected this. I was making bets on it with some friends. When I heard there will be software implementations I gave the DVD format 6 months before it's reverse-engineered. I lost... it took a little longer.

----

Obligitory "I told you so"

[LordHamster]

When I first heard of DVD encryption, I jokingly made bets on how many days it would take someone to crack it. I guessed 10 days. So I was a bit off, but "I told you so." I wonder when these people will realize that all copy-protection schemes can be cracked. What they have to do is provide more than just the movie in thier "official" versions. They should learn some lesson's from Rob Young's famous Linux - Ketchup speech. :)

Re:Net Impact on Movie Industry: Zero

[nickm]

DVDs unfortunately will lose out in the standards war for one basic reason: they're fragile. Everyone knows that if you scratch a CD (and so often we do), it'll skip, rendering part of it unenjoyable. Well, DVDs store information with twelve times the density of a normal CD. Couple that with intense compression, and you end up with two orders of magnitude more damage to a DVD when you scratch it.

The big market for home movies is in rentals. However, my friends and I once rented Tron from Blockbuster to watch on a new DVD player. Something like seven of the twelve acts were garbled beyond viewing ability. The Tron videotape's only problem was that the bastard who rented it prior to us didn't rewind it. The first problem ended up with a wasted evening plan. The latter ended up with merely a waste of ten minutes' rewinding time.

--
I noticed

Re:DVD is Dead Anyway.

[Todd+Knarr]

So why are stores that sell VHS tapes still in business? Yes, people like to rent before they buy. Yes, they like being able to get things they only want to watch once cheaply. But if they find something they want to watch repeatedly they go buy it, and in numbers large enough to keep the video department at Media Play, and stores like Sun Coast, open.

Re:So do slashdot folks care that this is immoral?

It's this "free everything" idealism which can't really work in the real world thats to blame.

Why are you afraid of "free everything"? Free everything is the best thing that could happen to the world. Is free food for hungry people evil? How do you feel about ATM fees? I suggest you click on The Hunger Site and try giving something for free. Then come back and tell us how much it affected your morgtage or car loan or whatever.

Re:DVD Encryption? Good riddance

[jnik]

In simple words: run the DVD, and copy it on a VHS. You'll lose these fancy functions, but the essence of the DVD is still there: a copyrighted movie.

The problem is, most DVD's have been macrovisioned. They mess up the video signal so that there's "minimal" loss in quality, but it wreaks havoc with the AGC of a VCR. VHS tapes are being macrovisioned now, too. 13th Floor, for example.

Re:link to the utility?

I went there and all this stuff is for windoze. Any source floating around? Or LINUX support?

20 dollars a gig? um no

I dont know where you are buying your harddrives but you are getting ripped off. I just bought a few 27 gig harddrives for 135 shipped.

Re:The unencrypted key in Xing's player is irrelev

There is no such thing as tamper proof hardware.

(See various discussions on the net about smart cards and the like)

So what about DVD-RAM?

Whats the story with this? I saw some DVD writers at Frys last night..is that for data only? Whats the magic cookie to differentiate to the player between data & video?

Re:So what about DVD-RAM?

[redled]

There are a few reasons why you can't yet use DVD-RAM, even though the encryption has been taken care of. First of all, DVD-RAM media is not recognized by all but a few drives -no dvd players recognize them. Also, there are 3 (three!) different standards for dvd-ram, all using slightly different technology. This means that it will likely be a few years before any one of them is widespread enough to become supported by the hardware manufacturers. The discs can only hold between 2.5-4.8GB. This means that some movies may not even be able to fit on a disc (discs cost around $20, btw). So, apart from these, the only viable option would be to use DVD-R to copy movies. Then again, at tens of thousands of dollars for the recording equipment, and $35-40 for the media, the purpouse is, once again, defeated. Fore more detailed information check out the DVD FAQ

--

No, it is spray painted in 50' high letters

[Randy+Rathbun]

What gets me is that no matter how hard they try encryption just gets blown away. I still find it rather tiring to keep reading this stuff. The guys coming up with this encryption stuff are either lawyers or marketing drones, so of course it does not stand up for very long!

Of course once it gets cracked then it becomes "hey! they cheated! they are illegal underground punks! they worship the devil!" and a host of other things - just look at what the Brittish recording industry put out recently - after all anyone who listens to MP3s are nothing but a bunch of pot smoking pedophiles, right?

To me breaking encryption is just the geek way of thumbing our noses at idiots. Here's to more beautiful hacks!


941415926518293950285123123568785948184839358193 948913958495
80124569890476636201512012315668018651125564087489 7980465063

Re:So do slashdot folks care that this is immoral?

[jafac]

The honest customer gets the VERY REAL and TANGIBLE benefit of not having to worry about Feds busting down his door and confiscating his computer, and locking him away.

The pirate may convince himself it's not going to happen. But there's always that possibility.

When you pirate, you get the software.
When you purchase, you get legitimacy. (personally, I think that MS probably hides GUIDs with your VC++ license # in the binaries it compiles, so virus writers can be tracked down, just like MS Word (UP) encodes GUIDs in Word documents).

I wish I had a nickel for every time someone said "Information wants to be free".

Offtopic: Philosphocal Question

[ewhac]

If, as you say in your post, "DIVX was *evil*," why did you work on it? Why did you help to create something you knew no one would want, and which you yourself didn't want to have?

I'm not trying to be hostile. It's just that I learned my lesson on issues like this a long time ago, and I've made it clear to myself (and my employers) that I will not work on projects with which I personally disagree. Perhaps I'm in a better position than most (and I also don't put myself in the way of such projects), but I've never fully understood why someone would spend their precious creative energy on something they personally felt was pointless, wrong, or ethically bankrupt.

This is just me talking,
Schwab

Re:Offtopic: Philosphocal Question

[Archeopteryx]

Well, honestly, I didn't think it was *evil*, but I thought it would be perceived as such. And I told people that it would be. The DIVX folks were not interested in being Big Brother, they were interested in providing a service that would obsolete video rental returns, and in making some major money while doing so. They failed to correctly consider the implications of the system that the available technology forced them to design.

However, if I were asked to work on something I actually thought was evil, I would either decline, or steer it away from that condition, or learn how to subvert it. In all the years I have been designing systems (22 years), I have not yet been faced with that choice. And that includes my time writing nuclear safety systems for a major power utility.

I have, however, decided not to go ahead with business ideas of my own which I thought were unethical. For example, I considered starting a 900 phone sex service in 1980, but decided that I didn't want to profit from other people's loneliness.

So do slashdot folks care that this is immoral?

[wall]

So now that some folks have figured out how to
STEAL DvD data, what next? Much like the huge
cd-r explosion will dvd-r's hurt the MPIA as
much as cd-rs have cut into the software industries profits?

Do any of you out there even CARE? Or like I
figure, none of you understand how you get
paid (many of you are students ANYWAY!) and
how lost profits affect you.

da fly'

immoral as any, but sad that the industry
will now try another format.

Re:So do slashdot folks care that this is immoral?

[Mattsson]

And, of course, all your software are licenced, you have never taped a tv/radio transmission,
never read a paper in the store, never parked without paying, never driven to fast, etc, etc.

All illegal and immoral...

Re:So do slashdot folks care that this is immoral?

[Steve+B]

2)Copying DVD movies for personal use, trading with friends, etc.: a Little Immoral

2.1)Copying DVD movies for personal use (e.g. backup, format conversion): Not Immoral. (Also Not Illegal, FUD to the contrary notwithstanding.)

2.1.1)Interposing technological barriers to (2.1) above: Immoral. (Not Illegal, but current practice of mandating it without consumer consent should be illegal.)

2.2)Copying DVD movied to trade: Immoral.
/.

Re:So do slashdot folks care that this is immoral?

[Amphigory]

Much like the huge cd-r explosion will dvd-r's hurt the MPIA as much as cd-rs have cut into the software industries profits?

Do you have hard numbers, or are you just talking out the side of your mouth?

Re:So do slashdot folks care that this is immoral?

[jafac]

Please. In the vast majority of piracy cases, the pirate would not have paid full price for legitimate copies anyway, so no sales are lost. In fact, there is a positive side to being pirated. Mindshare.
If only 5 people on the planet can afford to wear Nike shoes, that's not much mindshare. If 1 billion wear counterfieted shoes, maybe a 6th person will think it's cool enough to cough up the money for a legit pair. The CHANCE that the 6th person is going to buy, is better than the alternative, 5 customers, period, and no mindshare (which incidentally is what drives the stock market today - which is probably a lot more important to a company's long term success and survival than actual profits. Sick to say so, but unfortunately true).

I wish I had a nickel for every time someone said "Information wants to be free".

Re:So do slashdot folks care that this is immoral?

[Mr.+Slippery]

the spirit of my post, which is: what's wrong with "free everything"?

Nothing. But it doesn't exist. That's the point of my post. Now we're back where we started.

And that is the point, food in hungry peoples mouths. Hopefully it will be books & education next. Do you see any problems with this? How could you have problems with this?

My problem with this is that it would be much more efficient for us to give money directly to hungry people than to pay for various products an increased price, which goes to advertising budgets, a tiny portion of which goes to feed the hungry.

The advertisers aren't doing this out of the goodness of their hearts; if they were, they'd just send the money and be done with it without making you look at ads. They're doing this because they believe that getting you to look at their ads will get you to buy their stuff. And so we drive the culture of consumption which leads to the economic injustice that makes people poor and hungry in the first place.

Also, how much is your time worth? How much time does it take you to click on THS? Sending ten bucks to charity each year might actually be cheaper, as well as getting more results. To paraphrase some /.er's .sig, "Advertising-supported activities are only free if your time has no value."

(And yes, I do give directly to charity, and also to persons of my direct acquaintance who are in need.)

Re:So do slashdot folks care that this is immoral?

I don't like that argument about how pirates wouldn't have paid for the software anyway. Look at it from everyone's point of view:

Honest Customer:
I paid $300 for Visual C++ 6.0 and this #$@%#! pirate just got a pirated copy and now (s)he's enjoying the same benefits from the software that I am! Grrrr...

Pirate:
Cool, a penny saved is 1.4 pennies earned ('cause of tax, you know), and I love these features like Intellisense and Edit and Continue, I'm so much more productive... I'm ahead of Honest Customer because I'm not $300 poorer. And I'm gonna crush HonestCorp Inc. since they can't afford 100 copies of Visual C++ 6.0 and they won't be able to keep up with me without these cool features in their old copies of Visual C++ 2.0. M$ wouldn't have made any money off me anyway, so they didn't lose money.

Company (Microsoft in this example):
You're exactly right. We didn't really lose money since the pirate wouldn't have paid anyway, but we don't want HonestCorp Inc. to be put out of business... they paid good money for our software in the past and if they stay in business they might make us some more money in the future, unlike that pegleg Pirate. And we don't want Honest Customer to be tempted by Pirate into receiving Visual C++ 2000 (when it comes out) for free. Mindshare is cool for us but we'd be scared if 1 billion people had pirated Visual C++ because that would suck for the other 6 people who give us money.

Re:So do slashdot folks care that this is immoral?

[jafac]

I just bought my son a Gameboy for his birthday.

The license agreement for Pokemon Yellow says that I do NOT have the right to make backup duplicates of the game software (as if I could), and owning/operating the special equipment to do so is illegal. I understand why they feel they need to say something like this - but I don't understand why it's perfectly legal and acceptable for them to trample on my rights to "fair use".

I wish I had a nickel for every time someone said "Information wants to be free".

Re:So do slashdot folks care that this is immoral?

That so-called "contract" is not legally binding for a few reasons. One is that it crosses against the law of the land (You DO have a right to make backup copies, the courts have defended it, and any argument about the durability of gameboy media is irrelevant to that). Also, Nintendo has no right to create laws. Hell, the bastards claimed I was subject to a license agreement in thee back page of the manual of the N64 system. There is no way that the courts could defend a licnese agreement which subjects me to additional costs (Restricted rights) after I had paid money for my device. The fact that they give me nothing for the license agreement (I already OWN the machine) invalidates the license agreement further.

Re:So do slashdot folks care that this is immoral?

[hadron]

No it's not immoral. For example, this actually allows people to play DVDs on linux, which was previously impossible. This is a clear case of the movie industry being evil.

Re:So do slashdot folks care that this is immoral?

[johnynek]

Wait a second, what is immoral? Of course what these guys did is NOT immoral. Immoral would have been breaking the weak crypto, then copying all the top movies and selling them on the black market. The real bad guys were going to break this one day, these guys did the movie industry a favor by alerting everyone.

That having been said, I don't think that everyone has the right to copy DVD's and I don't think it will happen very often. However, when one day 4.7 Gigs is nothing, then maybe movies will be copied a great deal, and what then? The truth is copy protection (as noted by so many ./ers) does not work. So, we may just have to adjust to live in a world where a certain amount of piracy is expected.

I think it should still be illegal. If they catch people or rings selling pirated material they should be punished, but the movie industry needs to stop being so afraid of digital distribution.

PS: if they stop making DVD's over this I am going to be rather upset.

Re:So do slashdot folks care that this is immoral?

I don't know how you got moderated to 2 when you completly missed the spirit of my post, which is: what's wrong with "free everything"?

Granted, the food donated by TheHungerSite is not free for me to give because I have to see advertising to give it, but it is free enough to the hungry people who eat it. And that is the point, food in hungry peoples mouths. Hopefully it will be books & education next. Do you see any problems with this? How could you have problems with this?

Re:So do slashdot folks care that this is immoral?

[Mister+Attack]

short answer: no.

longer answer: I could go after your ad hominem attack ("none of you understand how you get paid (many of you are students ANYWAY!)"), and say that the fact I'm a student has nothing to do with anything, and that I do, in fact, understand how I get paid... but I won't.

It's not like it was particularly hard to copy DVD's before; a DVD player with the video out hooked to my digitizer would have worked pretty well. I'm not sure you understand that this doesn't _really_ change anything.

As for cd-r's and the software industry, come on, how many people were going to _buy_ AutoCAD or LivePicture if they couldn't get it for free? not many. Therefore, not much lost profit. Just my $0.02 (NC residents please add 6% sales tax)

Re:So do slashdot folks care that this is immoral?

[AxeLion]

Perhaps I'm just a tad too idealistic, but I would think that if these guys cracked the 40-bit encryption code, they would have first notified the affected companies/people.

But then again, if they did, the companies might have just shrugged it off and not done anything to make the encryption better.

Oh well ...

Re:So do slashdot folks care that this is immoral?

Of course they don't.

Most /.'s don't even consider it to be immoral.

It's this "free everything" idealism which can't really work in the real world thats to blame.

I'd like to see what they would have to say if it were their morgtage, car loan, and/or profits that were being affected :)

Personally, after seeing 20 years of this crap go on I'm pretty much desensitized these days although I'm *VERY* miffed that I may have to wait for DVD-R because of this!

BTW, I currently live in Norway, and to be quite honest I'm surprised that Norwegians are such prolific crackers/hackers - they generally just don't strike me as the type ;)

Re:So do slashdot folks care that this is immoral?

[Score+Whore]

So now that some folks have figured out how to STEAL DvD data, what next?

I can't speak for you, but I have a legally protected right to make backup duplicates of tapes, cds, vhs movies, dvd movies, etc. The industry putting CSS and Macrovision on the DVDs I legally own prevents me from getting my legally mandates rights. I don't own a console DVD player. I do have a small collection of DVDs that I'd like to transfer to VHS tape so that I can watch them when I please and not have to go over to a friends house.

-sw

Re:So do slashdot folks care that this is immoral?

um... how does CSS stop you from putting your DVDs onto VHS? Unless you've got a digital VCR that works with your computer, you wouldn't have been able to "copy" the DVD onto it anyway. You'd have to go through a video/audio-out system on your DVD player into your VCR

Hurry to see the previews!

Frankly, lots of movie trailers, and even lots of product ads designed for movie theaters, are better than the crap that follows them.

I love good ads, and if having to put up with them means that the next hike in ticket prices gets delayed another year or so, who am I to complain?

Re:Hurry to see the previews!

[Wah]

I like good ads too, but when I go to see Fight Club and I see ANOTHER GODDAM 1-8fsckin00 commercial before the movie starts, that bothers me.

Cool movie with a shitty ending and no consistent point.

DVD is Dead Anyway.

[Smakk]

As a pioneer in the industry to develop DVD-ROM, I can tell you first hand that DVD is dead. The only clients for it have been people with video (movies) to transfer. Even the most non-technical feel that all video will be available over the net soon, so why bother buying DVD's and DVD players? Internet II, digital TV and a host of other high speed connections will render putting the video on a disk silly, except maybe for storage.

Re:DVD is Dead Anyway.

[Todd+Knarr]

The "except maybe for storage" is the kicker. Most people buy videotapes, DVDs and such precisely for storage. If I have the movie on DVD, I have it. You can decide not to distribute it any more, alter it, edit it, do whatever you want with it, I can still pop the disk in the player and watch what I bought no matter what. If I download it over the net when needed, I'm at your mercy. If you decide to take it down, I'm SOL.

Case in point: DIVX. It died because people didn't want to have to ask somebody else permission to watch a movie they'd already (in their opinion) bought. I suspect the same people want Internet-based video to succeed as wanted DIVX to succeed, and it'll die for the same reasons DIVX died.

Re:DVD is Dead Anyway.

Uh...sure...

Re:DVD is Dead Anyway.

[Endymion]

Ahh... but can I watch Dark City, the Crow, and/or Fear and Loathing [widescreen] in nice crystal clear video and stunning 5.1 sound RIGHT NOW over the net? And will it cost me big $$$ each time I watch it? That can add up a lot when you watch the Thrill Kill Kult scene in the Crow over and over again...

I though not. I'll stick with DVD for a while then.

Re:prophecy vs. reality

|>"Computer FX will never get better than Tron"
|>"Apple is dead."
|>"The world market for computers is 5"
|>"DAT will replace tapes and CDs"
|
|I'm with you on the last three, but come on....
|
| Tron rules!

Yeah! Especially because of those nifty costumes!!!

--
Dildo Spandex - Maintainer of the Sensuously Spandex-Clad Men Website
http://dispan.tripod.com/

Businesses and export restrictions.

[Dast]

If they did limit the keys to 40 bits because of export restrictions, maybe this will convince businesses to help fight those restrictions.

They stand to lose a lot of money not being able to secure dvd's. And when there is money behind something, you can bet they will act.

Re:Net Impact on Movie Industry: Zero

[Jerenk]

The GEB example is a good one. With, one slight flaw though. However, instead of the Tortoise being the one to outwit the Crab it is the store that sells the record players to the Crab. =) If they keep changing the medium, we are going to keep getting screwed royally to buy new players.

Personally, I hope that the record companies understood that there was a 99.999999% chance that the encryption was going to broken. I bet they have some fail-safe plans. I believe some people have mentioned as such before that they still have some tricks up their sleeves.

But, to see the encryption fail soooooo stupidly, it has to hurt DVD's chances on the whole. Didn't Xing THINK that someone would reverse engineer their buggy software? Hell, maybe that was their idea (one little programmer not encrypting the code brings down DVD - hahaha).

Later,
Justin

Re:Consumers have been copying movies since the 80

[gorilla]

- finally, unlike the RIAA member companies, movie studios are not parasitical entities acting as a paid go-between between artists and their customers. They provide the capital, resources, and equipment for shooting films and play a very necessary role of the art form.

This is true for the most part, however more and more films are being made as independant productions & only distributed by the major studios.

This is a trend I expect to continue. With the increasing costs of movie production it shifts the risk from a single entity which can be bankrupted by a bad film onto a smallar company which can take bigger risks.

Re:The unencrypted key in Xing's player is irrelev

There is no such thing as tamper proof hardware.

He didn't say there was.

not much time left...

[mullein]

I was re-reading the Digital Millennium Copyright Act of 1998, which was made law a year ago (october 1998). One of its provisions is that defeating copy protection (unless you're a specifically exempt institution or can demonstrate a valid need to make backups) will be illegal two years to the day after the passage of the act, which makes it effective in october 2000. any comments on this, preferably from someone who understands the legal ramifications of this?

Re:not much time left...

[Mattsson]

Well... I'm glad that I'm a "potential terrorist" and not a US citizen. =)

Re:not much time left...

[Evangelion]

In the states, yes. Was that an international law? I can't remember.

The h^Hcrackers who did this were in Europe.

Re:not much time left...

[TheCarp]

hmmmm buy red meat and goto the police and confess
you could already do that...

Your brain produces DMT naturally. DMT is a
schedual 1 hallucinogen. Thus, you are not only
in posession of DMT, you are manafacturing it.

Many states already make GHB posession illegal...
GHB is what is found in meat..and again
already in your brain.

If I were you, I would go turn myself in now.

Re:not much time left...

Does the law make all defeating of copy protection illegal, or just defeating copy protection to make unauthorized copies? If the former is the case, then the use of CSS decryption surely can't be illegal to just watch movies, right?

Re:not much time left...

[hadron]

Fortunately, your funny little legislation doesn't affect what happens in parts of the world where people arne't so stupid.

Um, and it's probably unconstitutional anyway.

Re:Net Impact on Movie Industry: Zero

Now converting [DVDs] to VCD format and putting them on an 87 cent blank CD would be feasible, with a slight loss in quality.

"Slight" loss in quality? Ha ha ha, don't make me laugh.

Really cheap DVD copies are only a couple of years away. Save your $0.87 for then.

Re:Net Impact on Movie Industry: Zero

[ColinG]

Um... sort of off topic, but bandwidth related and to the downloading of DVDs. While you demonstrate your patience, assuming it takes between 6 and 10 (we'll assume 6) minutes to download 100k at 2400 speeds (in my experience, it DOES, also calculated assuming 2.4 kilobits/sec, or 300 *bytes* per second), that means it takes about 100 hours (one megabyte per hour) to complete a one megabyte download of your 100 megabyte linux distribution. I'm not patient enough to wait 100 hours for a DVD movie to download, so your comparison is a bit off, methinks. ;)

Good

[Col.+Panic]

Maybe this will give Hollywood types a more realistic perspective so productions like Hackers and that MTV portrayal are more accurate in the future.

They needed a clue and got one they will definitely listen to this time.

Re:Bad reporting on part of Wired

[Fizgig]

Someone on the livid-dev mailing list pointed out that he told the author this but he said he had already decided his slant on the story and wouldn't change it. Alax Cox then responded that that was sadly typical of Wired "reporters".

bleh

This is going to give the studios an excuse to roll out DIVX 2.

Re:Coca-Cola secret formula

[Porky+Pig]

don't they use guano as one of their
ingridients?

Not gonna happen in a million years

[Randy+Rathbun]

If it was going to, nobody would be producing audio or data CDs. We have had CD-R drives for what, 6 years now?
941415926518293950285123123568785948184839358193 948913958495
80124569890476636201512012315668018651125564087489 7980465063

Re:Not gonna happen in a million years

Congratuations!

You won the double-header!

How does it work, really?

OK, so there are lots of keys on the disc, and the player has one key. If the player's key is not on the disc, it can't play it, right?

Does this mean that if you buy a new player, it may be unable to play old DVDs?

Re:How does it work, really?

No. New players will use keys specific to the company that manufactured them (ie, a new sony player uses sony keys from before).

New manufacturers probably get assigned a new key along with an older/generic key so the player can read both new and old DVD discs. This is the only reasonable way to do it, otherwise (as was said) new players would lose compatibility with old discs without the new key.

-rain

rainfa1l@happypuppy.com

Re:How does it work, really?

[synthe]

From what I gathered from the article, that is backwards. The Xing key was cracked, as were a bunch of others by process of deduction, from knowing the Xing key. This means that future DVDs produced won't have those keys on the discs, meaning that old players won't be able to play new DVDs. The question then is, what about people who have hardware DVD players with keys that got compromised? Will there be a recall/exchange, some sort of flash upgrade, or are they SOL?

Re:How does it work, really?

[Otto]

What this means, more importantly, is that the manufacturer of a DVD may say that: only X players will play our disk.

That's bad. I didn't realize how bad it really was. I can just see Sony forming a deal with Warner (pick any two names you like) such that Warner's movies only play on Sony players..

Nasty...
---

What a crock

"Information" doesn't want to be anything... it's greedy malcontents that want something for nothing.

Re:What a crock

How is it wanting "something for nothing" to want private fair use of movies I paid for on my own hardware?

40-bit encryption??

[RayChuang]

I find it very surprising that the DVD encryption only used a 40-bit scheme. The problem is that anyone with a decently fast DESKTOP computer (e.g., Pentium III 550 MHz or Athlon 500 MHz minimum) could break the 40-bit scheme pretty quickly.

I think what will happen is that the DVD standards people will probably modify the encryption scheme to 128 bits, and believe me, to break 128-bit encryption you'll need hardware that is WAY, WAY beyond the expense of 99% of computer users nowadays. We're talking a multi-million dollar supercomputer or a HUGE Beowulf cluster (maybe over 600 machines in the cluster, and we're talking ones using the Alpha CPU) just to even consider breaking 128-bit encryption.

I won't be surprised that the modification of CSS to 128-bit encryption happens in the next year or so.

Re:40-bit encryption??

And they will still but the decryption key in the player, where it will wait to be discovered by someone with a disassembler...

Re:40-bit encryption??

[RayChuang]

>> And they will still but the decryption key in the player, where it will wait to be discovered by someone with a disassembler...

Finding the key is one thing, but decrypting a 128-bit key is QUITE something else.

You'll need extremely serious computing power just to consider decrypting something encoded with 128-bit encryption.

serves those !@#$%^&* right

no sympathy from me

Re:'They didn't encrypt the key' doesn't make sens

[hadron]

Yep.

Resistance is futile, you shall be duplicated.

Re: DVD and 40 bit keys

[Mattsson]

But not all the companies who make DVD players are american.
As a fact, very few.
So this wouldn't have been much of a problem...

related article

[icing]

The article at the digital bits gives a good assessment of what this might mean to DVD.

It will be interesting to see what the industry can do to fix "lost" activation keys. And that probably depends on if all discovered keys are in software or hardware players...

Re:Consumers have been copying movies since the 80

[Cygnus+v1]

Contrast this to the music industry, whose contribution to the art form, beyond providing a distribution channel they happen to enjoy a monopoly on, and perhaps a place to record and master (which any technically savvy musician can do in their own home), is negligable at best and quite often destructive.

I'm against the stranglehold that the Big Five have on media distribution, but I don't think that your statement holds water. It takes quite a bit of equipment just to make decent-sounding stereo recordings at home from a linear or non-linear multitrack system. Most of the big studios are not owned by record companies anyways. Don't even try to tell me that an album with the production quality of Dream Theater's Scenes From a Memory could be made in even 1% of home studios.

meaning of 'They didn't encrypt the key'

The dvd licensing requires that the software companies encrypt the CSS code on disk and only decrypt it in memory, the general idea being that you can't just run a disassembler on the object file, instead you must run the program and then trap/trace it when it does CSS - which makes it a little harder, but not much.

I think the hackers figured that they'd have to trace the program execution, and were surprised that they could just disassemble the code without running it, so it turned out to be easier than they thought it would be.

Re:Moderation

A moderator probably hasn't seen it yet...the default for Anonymous posts is Score=0, so it hasn't been moderated up or down yet. It is a pretty good comment, so hopefully a moderator will come along and boost it's score.

Re: Duh

Its their own fault

Essentially, the two European hackers who developed the DeCSS utility that copies a DVD movie disc were able to break the code because one of the product's licensees inadvertently neglected to encrypt the decryption key.

Thats kind of funny...

Re:Bad reporting on part of Wired

[Joools]

Good old Wired -- they invariably wring every storey for the most emotional value they can, even when they have to downplay an obvious truth to do so.

If the four-hundred-some messages on this board are any indication so far, the overwhelming reaction to this isn't "Great, now I can pirate DVDs", it's "Great! Linux drivers!" Which, of course, means MORE dvd sales, not less.

I don't typically believe in cosmic justice, but a little part of me is glad to see Real in the hotseat after this week's Real Jukebox Trojan Horse debacle.

Re:A dumb question (was Wherefore encrypted ....ke

[Spire]

Yes. But consumer DVD readers (including DVD-ROM drives) will not deliver data without first receiving the requisite decryption key via the established protocol. If you have a DVD-ROM drive, you can verify this by trying to copy one of the large (1GB) .VOB files to your hard disk; you'll get an error message as soon as you hit encrypted data within the file, since you haven't obtained "authorized" access to the data.

So the protection ("lock") is indeed done in hardware; the key to this lock, however, exists in software, which of course is the weak link in the chain.

When the DVD standard was being developed, I don't know if they failed to foresee that DVD decoders would eventually be implemented in software, or if they did foresee it, and simply accepted the eventual "cracking" of the protection as an inevitable reality. If I were they, I would have fought against allowing software DVD decoders to be produced at all -- at least it would have further delayed the inevitable.

Re:Now DVD is open. And Movie industry can't stop

What a load of crap. We need open source players? Why, on God's Green Earth, do we need open source players? I don't think the movie industry should get all these pet laws they push for, but they do have the right to charge for their product and to make it difficult to copy their property. I have no problem with DVD encryption being broken, just means someone was lazy or stupid in creating it and they're paying the price. Probably this won't be a big problem for them - but maybe next time they'll plan a little more carefully.

Re:So what happens when we can't export DVDs..

[Mattsson]

I don't understand.
Is it illegal to export encrypted data from the US?
I thought it only touched algorithms and encryption software.

Otherwise everyone in the US who's communicating with someone outside the US with a non-US encryption or the scanned PGP are breaking the law!

Otherwise there's no problem since very few dvd-players are manufactured in USA.
Most of them come from asia...

DVD2? Ya mean like S-VHS and DCC?

Nope. The mass market consumer public is slow to adopt new formats and even slower to abandon them for new formats. This is why we have 10 yr old VCRs and 30 yr old TVs still in operation. In the home audio/video market, people won't accept having to upgrade every few years like in the PC world.

Re:Video distribution over the network and DVD.

[Porky+Pig]

It's funny you've mentioned it. I've recently visited the seminar on xDSL technologies, and one of the topics was VDSL (very high speed DSL) suitable for movie distribution. Since distance limitations are rather serious, the idea is to put the aggregation point (sort of DSLAM) somewhere into the basement of a large appartment building, or appartment complex, or campus types of environment, and from there distribute the material over the existing phone wires. It is being implemented on vary large scale in Hong-Kong
(and I forgot where else)

Yet I do not believe DVD is dead. Some people like network-based distribution, some like to have a small collection, or rent, it all depends ... Eventually DVD will be superceeded by HDVD but this won't happen for at least 2-3 years, may be more.

Re:DVD crack

I believe cBS broadcast all of their prime time shows in HDTV now.

You're also talking about HD-DVD

blah

http://www.geocities.com/jblackbu/decss.zip

MODERATE THE ABOVE POST UP

a;dgkljnsd;ag

pun

[betamax_]

"the motion picture industry is reeled" Who else noticed it? Come on!

Re:From the Article

You mix up terms.
There is no such thing as 'breaking the copyright'.

Either you are in violation of Copyright law, or you aren't.
THe Movie itself has the protection of copyright law.
Realize, copyright law does not deal specifically with exactly what a 'copy' is, but what those copies are used for.

Fair use is acceptable in most jurisdictions.

So. Me copying segments of my DVD videos into one big collage for my own enjoyment is most CERTAINLY allowed.

Me copying them to give/sell to people who don't want to buy the real thing, that would constitute illegal distribution of copyrighted works.

Re:link to the utility?

Thanks!

Damn...

[BonzMan]

Wow, really sucks to be Real right now. After the escapade (what, 2 days ago?) with their realplayer sending out personal info, now they seriously fsck up in not encrypting their DVD player...
Does anyone else here smell lawsuits?

::sniff sniff::

Bonz..

Re:Damn...

[Mignon]

I think either the traders haven't heard this yet (yeah, right) or they don't think it'll cause a problem for Real. As I write this their stock price is at 113 3/4, up 7 3/4.

Re: Won't last long.

[bgarland]

So few consumers can afford DVD right now they'll lose nothing by burying the cracked format and starting over.

Where the hell do you live? Ethiopia?

Good DVD players can be had for about $250 which is no more than any other piece of mass market consumer electronics. Factor in that it plays CDs too and now you don't have to drop another $100 on a CD player. Joe Sixpack working for minimum wage at Wal-Mart can afford a DVD player for gods sake!

Movies are about $15 online and about $20 at retail stores. That's no more than the cost of a CD (but I guess few consumers can afford CDs either huh?).

Then again, maybe you're just disillusioned and still use cassette tapes and VHS!

I will admit to knowing not much about "DVD-2" but I don't really care. DVD as we now know it is here to stay. Millions of standalone players have been sold (several million) and nearly every new PC has a DVD-ROM drive. There's no reason to chuck it in favor of a new format. With current DVD there is a disc version called DVD-18 that is dual sided and dual layered. You can fit over 6 hours of film on one disc! For instance the first DVD-18, released recently, is Stephen King's The Stand all on one disc! How is that not good enough?

I really don't see what needs to be improved in DVD. Anyway, it really doesn't matter because so many players have been sold, so many movies pressed, that there's no way a rival format could take hold at this point, imho.

Ben

From the Article

[Mr_Plow]

The circulation through the Internet of the illegal and inappropriate software is against the stream of copyright protection

Is this true? I thought that it was not illegal to have software that was capable of breaking copy-protection, but merely that using it to pirate copyrighted materials was illegal. This is dubious logic because you can pirate recordings with a tape deck and you can record movies from pay-per-view to your VCR, but that doesn't make those machines illegal. WTF? Anyone know the legal precedence?
------------------------------------- ---------------------

Re:From the Article

DVDs are encrypted, so software and keys like this are needed simply to play them, which incidentally also allows copying them.

Re:link to the utility? - Linux version GONE

It seems to be gone now. :/

Anyone else?

DVD encryption - to keep honest people honest...

[brianvan]

Perhaps the issue isn't whether or not DVD copy protection can be cracked at all, but whether or not it's easy for MOST people to do it...

I'd say that if it were that easy to crack CSS, then perhaps it was meant to be no more effective than Macrovision... a stumbling block too big for those not interested enough in overcoming it. While it's pretty obvious that both it's now easier to crack DVDs and it's still unfeasible to copy them in massive numbers, what's not really thought of here is whether or not such a development will dictate the future effectiveness of the copy protections on DVDs.

The development of MP3+CDR is an entirely different story, as digital audio was an entrenched standard that was already effective for the music industry. On the other hand, DVD is still rather new and it's rather easy to predict that in five years it WILL be feasible to pass around cracked movies on the Net for many people. Just how many people are willing to do that is another issue entirely.

I suppose that fixed storage, recordable media, and available bandwidth will all be large enough in a few years to allow DVDs to be copied easily. Still, it will take a lot of one person's time to do extensive trading, and the availability of that kind of equipment to the general public will be limited. The interesting facts and issues of the situation are:
1. People who buy DVDs usually have all the other nice little gadgets too. Hence the current target market for DVDs will probably be enabled best to trade them illegally.
2. DVD is a premium high-quality format for an extremely popular medium, which means that unlike CDs (which would be more of a standard format) trading DVDs would be preferrable to any other kind of bootlegging.
3. The movie studios do have the option of pulling DVDs and sticking with VHS... for most releases. Or, perhaps a greater control and limited availablity on DVDs would prevent DVDs from becoming a mass-consumer product, hence eliminating the possiblity of mass-pirating.
4. On the contrary, the movie studios can make a huge push of DVD into the consumer market so that it does become a mass-consumer product, not only strengthening their margins above those of the already mass-pirated, more expensive, and lower-quality VHS, but also to eliminate the possiblity that a large part of the DVD market would pirate them. Add more to the market that won't be copying them and you minimize the copying problem. CDs currently enjoy this position, as there are many people who copy them but there's a massive amount of people who can't, don't, and won't, therefore making the CD-copying problem negligible on the bottom line.
5. Finally, the industry has time to combat the problem with a variety of solutions before copying becomes feasible. They don't have to pull off any drastic moves right now, which means that if DVD business is brisk I doubt they'll be scaling back on it anytime soon. They may switch formats (a DVD2), they might try to keep DVD-RWs and all similar DVD writable formats from becoming widespread, or they might ignore the problem altogether. It's not like what happened to the music industry, where one day the tools became available and people started ripping/encoding/copying CDs like crazy as the industry helplessly watched.

Right now, however, it's just a big embarassment for the movie industry and a new opportunity for the elite piraters. If I had the opportunity to advise the movie industry how to handle the situation, I would probably suggest that right now they should take a "good faith" position and trust the current market to not do what they pretty much could have done anyway. In the future, I'd suggest that perhaps they take either one of two paths: They start planning a format change RIGHT now for a rollout in 10 years and make the new DVD-Video format a self-standing component with closed specifications rather than a multi-component open standard, as this would prevent anyone from easily pirating movies (in other words, a DVD drive is like a standalone DVD player and you just overlay it, which shouldn't be too much to ask in 10 years) or getting any undesirable use out of the video. Or, they make DVDs an entrenched standard and a mass-market industry with even a bigger push than they are today, with the understanding that they hold the advantage of being the honest, legal, simple, and not-too-expensive solution for DVD purchasing. In other words, who cares about pirating when you're going to make gadzillions of dollars selling legit DVDs and, for most people, that's the best or only option now and for a long time. It's like if you own a candy store and little kids keep eating the candy... you can put the candy on a higher shelf, or you can put a small basket of free candy by the door. You DON'T stop selling candy (or only sell stale candy)...

Kill the smart people

[Slur]

Encryption is dead, will always be dead, and will always fail. Why? For the simple reason that a vast number of common hackers grok what goes into encryption technology, and no special corporate giant is going to be able to keep anything secret that is - simply put - built into the nature of things.

On the other hand, if governments and corporations want to protect information from ordinary citizens they have only to dumb down the educational system, and kill (or indoctrinate) everyone with an IQ over 130. Maybe it's just a matter of time before this occurs. Maybe it already is happening.

Vive la revolution!



--------
Yeah, I'm a Mac programmer. You got a problem with that?

Re:Kill the smart people

[Mr_Plow]

Encryption is dead? Don't you really mean that weak encryption is worthless? Click here for some insight on encryption. Distributed.net has been running its RC5-64 bit key challenge for two years. That's right, two years. There are, on average, some 40~60 thousand participants everyday. But if you look at the top performers, you will see that many of what is counted as a single participant is actually a group of hundreds of computers working together. Now, the amazing part is that with all the participants involved donating all of their spare CPU cycles for 2 years, less than 15 percent of the keyspace has been checked. That means that if for some reason the real key is the last one checked, it won't be found for another 11 years or so. But maybe in your eyes that's not a long time. For many practical purposes, 13 years is a long-enough time for gov-intel to be obsolete, or for private citizens hiding from the gov't, 13 years is long enough to pass the statute of limitations of many crimes.
----------------------------------------- -----------------

Re:DVD Consumer Rights - Copying is a GOOD Thing!

[Cramer]

CDs are bad enough -- esp. from bad mass-production houses. My win95 CD, in absolute pristine condition, has been difficult to read from day one due to the low quality, high speed method of production (I think they were a little low on silver that day :-))

Given this and the density of information on a DVD, I wish they would be securely encased. 3.5" floppies are better protected than DVDs. (I've always been a strong backer of CD caddies. It's unfortunate that high speed drives _have_ to be tray loaded due to balance concerns -- would you trust a caddy loaded CD spinning at 9000 RPM?)

I'd love it if DVDs were encased like MO disks. They are basically a CD in a secured housing that has a caddy-like door on both sides so they fit alot like a tray loaded CD. There is a recessed latch to keep the "door" from opening by accident. This may be how the DVD-RAM carts are done, but I've never seen one nor does the movie industry use such things (they'd much rather you buy a new 30$ DVD.)

Won't last long.

[heroine]

Next year DVD-2 will come out with a 1024 bit encription incompatible with existing DVD players. So few consumers can afford DVD right now they'll lose nothing by burying the cracked format and starting over. It's not good enough for college geniouses to crack stuff other people have developed. In order to solve these intellectual property wars, college geniouses have to start developing the stuff themselves.

Re:Won't last long.

[Speare]

Will DVD-2 have a reasonable less-lossy compression scheme? I really hate putting up with NTSC, nevermind making the image even worse with highly lossy compression that adds obvious artifacts.

I had just gotten into laserdisc when DVD came out, and of course now it's impossible to find laserdiscs of good titles. (I know, whine whine.)

Re: DVD and 40 bit keys

[DaveHowe]

I wouldn't be surprised if the lousy, five byte encryption on these things came down to making them US Export-Legal.... Even with the "new, improved" fast-track licencing, I believe each individual export has to be at least notified, and the paperwork overhead of tracking each batch of DVD players to the end user would have been astronomical.
And there, you thought the US government's export ban had no positive aspects ;+)
--

It is unrelated to weak encryption

[Alex+Belits]

The whole idea that someone can "encrypt" something that is supposed to be seen by user/consumer and have "secret" programs/keys/whatever running on equipment controlled by user that can "decrypt" it and show the result, is entirely based on the assumption that user is incapable of reverse-engineering running program, or at least effort necessary outweights the benefit. While one can argue that it can work for some games (and yet I don't think, it stopped anyone), it definitely not so for movies on DVD, especially considering regions and other "features" that users perceive as sabotage. Even the most perfectly "protected" program can be reverse-engineered if user can run it in some controlled environment, so in the case ov DVD encryption this model simply couldn't work -- once something is out, it's out, and to prevent someone from reproducing a process one shouldn't perform that process when someone is watching in the first place.

There are no damages to be liable for

[Sloppy]

If there's any liability, I would think it would be simply due to a breach of contract, and no more. How can MPIA ever show that this will result in damages? The damages may even be negative since this will almost certainly result in increased DVD sales. :-)

I'm not saying Xing/Real won't lose money -- they might chicken out and settle out of court. Or maybe there's a contractual provision that spells out a monetary penalty for disclosing keys.

But let's get realistic: there simply are no damages, and if this ever got into a court then MPIA's case would be pretty iffy.

---

Disassembly of Object Code illegal?

[Chris+Siegler]

"The circulation through the Internet of the illegal and inappropriate software is against the stream of copyright protection."

Check out Fravia's page on the legality of reverse engineering. In the US, this is the case sited

Sega v. Accolade, decided by the Ninth Circuit in 1992, makes clear that, in certain instances, the unauthorized disassembly of a computer program's object code in order to derive source code is not a copyright infringement. The Ninth Circuit applied the 'fair use' balancing test to determine that Accolade's use of reverse engineering techniques to produce an 'intermediate copy' of Sega's source code did not constitute copyright infringement. Accolade never distributed the intermediate copy commercially, but instead used it only to extract unprotectable ideas Ñ a sequence of bytes which act as a software key Ñ from Sega's game program. This key was then incorporated into Accolade's games, enabling them to 'unlock' and run on Sega's game platforms. The court cautioned, however, that disassembly involves the making of a literal copy of a program, and it is permissible only when necessary to extract the unprotectable ideas. It is unclear how far this fair use right extends.

Sounds almost exactly like what the DVD crackers did.

Re:Disassembly of Object Code illegal?

[otis+wildflower]

Sounds almost exactly like what the DVD crackers did

Yes, but US laws don't apply in Norway.
Your Working Boy,

Re:5:1 can be good

Cool.

You've listed all three reasons to buy into surround sound.

Except everything I listen to sounds fine with two speakers.

If I had five ears, having five speakers would make more sense, possibly.

Consequences for DVD?

[bughunter]

So what does this mean for the DVD format in general. I'm not clear on the details of the standard, but it sounds to me that this crack leaves the DVD standard open to nearly-indiscriminate copying, even if you don't have DeCSS. It's a known crack, now...

But I'm specifically curious if the same keys are used from title to title, or does each title have its own key?

And can the standard be "upgraded?" To a 128-bit key, for instance?

Now DVD is open. And Movie industry can't stop now

We are in a good position now.
The Movie intustry would loose a tremendous amount of money if they did not sell DVD's.

I don't care to copy DVD's myself.
I want a open copyable specification because:
- We need open source players.
- I want to be able to copy my movies to the next medium.(Think back to a time of copy protected disk games that you could'nt copy to your hard drive and run)

Re:prophecy vs. reality

[Battra]

>"Computer FX will never get better than Tron"
>"Apple is dead."
>"The world market for computers is 5"
>"DAT will replace tapes and CDs"

I'm with you on the last three, but come on....

Tron rules!

The last movie I rented was Battlestar Galactica, and no, I'm not kidding.

Hurray!

[David+A.+Madore]

I call this a victory against obfuscation and closed standards.

I hope the keys - and all the relevant details - were widely published, and I hope this means we'll have Linux software that reads DVD's soon.

Re:Hurray!

[David+A.+Madore]

But there's something I don't understand: they can't just change the format, like that, with all the existing DVD players around, can they? People who bought one of those will be mad (and you can't say - oh, sorry, you've got to buy a new one because some guy cracked our stupid format and we had to change it).

The world isn't really *that* rotten, is it? - Famous last words.

XORing bytes _is_ the ultimate security

[Mister+Attack]

Come on, without these "crackers" who break into things, we would still be XORing bytes and considering that the ultimate security.

As a matter of fact, XORing bits with a one-time pad _is_ the ultimate security. Completely unbreakable, as long as you have a completely random one-time pad, and as long as you only use each one-time pad once. Just thought I'd bring that to your attention.

Re:XORing bytes _is_ the ultimate security

[bofh23]

Nuke 'em from orbit. It's the only way to be sure.

Secure that shit Hudson! ;-)

This time it's war

Re:XORing bytes _is_ the ultimate security

And remember, the new Itanium has hardware random number generation based on diode shot noise, so generating truly random one-time pads will be quite easy, now...

(Of course, you may still want to obfuscate the text before XOR'ing if you're the paranoid type..

Re:XORing bytes _is_ the ultimate security

Actually, the ultimate security is completely destroying all traces of the data.. Not very useful in most situations, but is the only really secure thing to do.
Even one time pads have a key that can be compromised, that key being the one time pad. There are a million ways I can think of to steal, copy, or otherwise aquire that key..

Shiny Silver Platter Prices

[David+Jensen]

Both the music industry and the movie industry charge more for the shiny silver platter because they can. Customers feel that they are getting a better product than the one that comes on magnetic tape. The cost of duplication has no impact on thes pricing decisions.

Re:Net Impact on Movie Industry: Zero

[jCaT]

yeah, that's a one-time shot... then they can press as many as they want for a dollar a piece. Did you ever notice that VHS tapes when they first come out cost about 100 bucks, and after a few months drop down to reasonable prices? This is because of the time required to make a vhs tape. As someone already posted, it takes about 45 minutes. Take that against about 30 seconds to make a dvd.... hmm, looks like DVD is a little more efficient.

Another take on perfect digital reproduction...

[gharikumar]

I was talking to a friend who works for one of the big Japanese electronic firms. He said that it has been possible to produce digital camcorders with durable disks (not tapes) for years now. The recording quality is supposedly not be as good as DVD, but it is still far superior to the quality of the VHS-C and Hi-8 tapes. Also, the disks are far more durable (supposedly, they can last for decades without degradation, like those shown in the movie "Rising Sun".)

However, they won't produce them because they don't want to piss off the big Hollywood studios. Also, they won't make digital camcorders with digital outputs; once you record stuff, it comes out as analog. All because the studios are scared that the camcorder will become a medium of distribution for pirated movies.

Consider what this means. If I videotape my daughter, there is no way that recording will be around when she is 50. And not because we don't have the technology to make it happen.

Re:Security through obscurity doesn't work!

[Cramer]

As my dad says,

• "Locks only keep the honest people out."

Re:But electronics makers WANTED DVD format cracke

Would you not say that due to the DVD crack that now Hollywood would be more weary of producing a DVD movie? But on the other hand VHS copying is was a big deal back in the 80's and continues today to be a big deal. I really do not think that it makes a difference what medium Hollywood uses it is going to be decrypted and copied and ultimately sold or served off of a server somewhere. The encryption just bought some time and money for the industry.

Morality is nonexistant.

The entire concept of what is good, evil, right and wrong is merely this: an action or situation that either benefits or harms an individual or institution; and respectively is considered right or wrong. Society attempts to gain objective leverage by making a large group of cattle-er-humans believe in a subjective perception of right and wrong relative to what is beneficial to society and what is not. As far as I'm concerned, if one steals from the DVD industry, there are two perceptions involved. One of the DVD industry's, who ia being harmed by the action, and thus considers it wrong; and the person who steals the information, who benefits by not having to pay for it, and considers it right. There is but one imaginary difference between the two perceptions that many believe: merely because society backs the DVD industry in its belief that this action is immoral, it is. Come now, how foolish.

prophecy vs. reality

[Pope]

I can tell you first hand that DVD is dead

Right.
"Computer FX will never get better than Tron"
"Apple is dead."
"The world market for computers is 5"
"DAT will replace tapes and CDs"

OK enough of the "X is dead" predictions.
Anyone making such grand statements, especially in the computer field, has obviously not read any history.

I am not particularly impressed by Video on Demand demos.
I will always prefer to own the atoms of the movies I love, same with records.
I like having liner notes, cover art, etc.
All those bits have to be stored somewhere and I'd rather have the option of getting at them anywherem anytime I damn well like, and not have anyone else know about it.

Look what happened to DIVX!

Buy once, listen/watch many is my motto.

ppoe


Pope

DVD Consumer Rights - Copying is a GOOD Thing!

[Ron+Bennett]

First off as a former software hacker (only cracked software protection schemes, never other people's computers), it's clear that the decryption routine is the weakest link and there's absolutly no way around it as long as it's being decrypted on hardware they don't control. Even if their encryption was totally uncrackable, which it's certainly not, DVD protection is futile since any half-decent hacker can just intercept the data going to their monitor/sound card...and any idiot can just aim a camcorder at their computer screen and make a medicre but quite viewable analog copy.

Secondly, consumers should have the *same rights* with DVDs as they do with other media such as *copying for personal use*, *playability anywhere* (no regional restrictions), and *no tracking*; DIVX was an obvious example, but there's a push for more subtle schemes of tracking individual DVD consumers.

I bet within a few years, the movie industry in particular will give up their futile fight and realize that copying is a good thing just like has been for movies on video; and anyways there's no way to stop copying so why bother...just undercut the pirates and use more creative marketing...I mean Disney's marketing of the same movies in different packaging, etc is brilliant and shows that it's even possible to sell people the same movies they already OWN!!

Re:DVD Consumer Rights - Copying is a GOOD Thing!

Kids are gonna be MURDER on DVDs. There would have to be some kind of kid-proof cartridge for these things if they ever catch on.

They're called caddies, poindexter.

Re:DVD Consumer Rights - Copying is a GOOD Thing!

Have you tried to get a caddy'able IDE drive lately ? No, I didn't think so.

Ever heard of FAIR USE, you sanctimonious jerk?

[jcr]

Anyone who has legally purchased a DVD is perfectly entitled to make a backup copy against the possiblity of the original being damaged.

Get this through your head: EVERY advance in recording technology has vastly increased the revenues of the music and motion-picture industries, and despite this fact, those boneheads still fight tooth and nail against *every* new home-recording technology.

-jcr

Magic Bullet

[deefer]

Again, big business has failed to grasp the ingenuity and resourcefulness of the hacker community. Good work, fellas! :) And even better, well done for publishing your work this early. Less scrupulous people would have kept this to themselves, and have a car boot sale industry in pirate DVD's booming by now.
Why does big business seem to think copy protection is the magic bullet? Whatever can be engineered, can be reengineered. Even if they'd not a) hardcoded keys onto the media and b) not used a kitten weak security model, what on earth prompted the designers to think that people wouldn't try and break it, just for the sheer hell of it? Even if they'd used massive keys, I'd bet a pound to a penny there'd be an underground "CrackDVD@Home" distributed project running somewhere... And they're bound to get lucky sometime or other.
And why should it impinge on recordable DVD's? Existing video media are a doddle to rip off (not that I am advocating this). In 10 years time, yes, DVD's will be the defacto standard in western countries for video data. But protecting your copyright for this media must either be uncrackable (_very_ hard in this scenario, without considerable overhead for the user - imagine having to plug in a different dongle per disc, type in a security key, or whatever before being able to watch the film...), or the video industry must lobby international support for piracy crackdowns to be more thorough.
Just expecting technology to be the easy answer in this instance is foolish at best, and dangerous at worst. Until the price of the products the industry is hawking drops, and the penalty for illegal copies is made severe, piracy will still continue. But industry is too short sighted to see this, and will continue overcharging whilst whining about the pirate industry it is fuelling.

Re:Magic Bullet

So the smart disk (hey, we should patent it!) would either give out the key or actually provide decryption for the disk, but only for a specially blessed player. But how could it discriminate against a Free Software player built by reverse engineering?

Heeheehee

[DanaL]

I got a chuckle out of the article when they called them "anonymous developers" (to make them sound more dangerous and shady??) and then proceeded to quote one Jon Johansen, the founder of MoRE :)

Dana

Blamestorming

[sansbury]

So maybe now that it's Hollywood getting caught on the short end of the stick, we'll start seeing laws being re-written in a way not so favorable to manufacturers of crappy software.

On the other hand, this fight's a little like they used to say about the Iran-Iraq war: Whay can't both sides lose?

-cwk.

But electronics makers WANTED DVD format cracked!

DVD protection schemes hurt sales of player hardware because there are loads of hardheaded idiot consumers out there with lots of disposable income like me who'll refuse to buy any player that doesn't play everything. (I live in R1 and import R2 DVDs so my player must at least play R1 and R2 discs or I won't buy.) I bought a Pioneer 505 and not an RCA. Why? Because I could modify the Pioneer to be multi-region but could not modify the RCA. Electronics makers KNOW this and want their players sell rather than the competitors. The ONLY reason electronics makers put region coding, crypto, and macrovision into DVD hardware was so that the Hollywood movie industry would support the format. It was as simple as "No protection and we'll release no movies on your new format". So electronics makers cane up with a rudimentary "protection" scheme to appease Hollywood execs into supporting the format. Some, like Disney, wanted more restrictions (DIVX), but suffered the effects of horrific customer backlash. Anyway, the DVD format is now entrenched and too far accepted by the public for Hollywood to reneg now and abandon DVD. Now CSS encryption cracks are mysteriously leaked. Electronics makers can now sell more hardware and not have sales hindered by protection schemes. DVD-R burners and discs will get cheaper now (In 1991, 1X CDR burners were close to $10K with blank [63-min] CDRs at $20 each!]) and this whole protection scheme will become as laughable as what is now called the "bozo bit" in the Mac filesystem. (History lesson! The 'bozo bit' was once called the 'no copy' flag and was supposed to be respected by copy programs and not copy files with the bit set. Everything under the sun ignored it, including all of apple's own OS and tools, hence it's nickname of 'bozo bit')

So what happens when we can't export DVDs..

[empath]

..because of the high encryption they use? I mean, the distributed.net team's focus was partially to show that we needed to up the limits on export regulations. People are obviously going to find some way around any 'weak' encryption method out there. The industry will push for more complicated encryption until it's so complex that they can't export it.

If the movie industry can't export their movies, we're gonna have an even bigger force pushing for less-strict export laws on encryption. Or am I missing something here?

Not really that simple...

I. Key is stored in what is called the "lead-in" area of the disk. Special HW in the DVD drive
extracts this key and uses it. If you duplicate all the data sectors, you don't get the lead in
area which means you don't get the key...

Without getting too technical, a disk track is just a sequence of 1's and 0's... The lead-in
part of a track is usually just a special sequence of bits that says "hey the first bit is here!"
The key for a disk is interleaved into this bit pattern is a way to not harm the synchronization
properties, but be invisible in normal operation. (BTW, DVD+-RW have fixed lead-in areas so you
can't just write a special lead-in at home)

So you can't just copy the disk, you actually have to "crack" the DVD to copy it (i.e. figure out the
key, descramble it, fiddle with bits in the header to say the sector is now unscrambled, write out
the whole thing unscramble and record it into the a blank DVD which is now unscrambled...)

II. The data is uncompressed when it's in video memory... Copying from video memory is a pain
because the data rate is too high there. If you re-compress the data it looks crappy (worse than
VHS)...

III. The algorithms was pretty simple because it had to put only a minimal load on the CPU and
chip manufactures don't like putting lots of circuits on the chip to do silly decryption.

The compressed bitstream was encrypted so by the time it got out to the frame buffer it was
uncompressed. Figuring out the original bitstream from the video is -very- hard so known-plaintext
attack is hard (it usually only exists compressed in the processor registers for a short time before
it was decoded).

As with most things, the decryption wasn't broken, but a side channel was discovered (via the disassembler)...

It wasn't impossible to break this scheme (obviously), but they weren't that stupid since
it seems that they could have fooled you...;-)

DIVX was right

[IntlHarvester]

Interestingly, one of the big sells that DIVX had with the content industry was that DVD encryption was crap and would be easily broken. This was dismissed as FUD in some corners, but was enough to get a few studios to commit to DIVX over DVD early on.

DIVX hasn't been turned off yet - it would be interesting to see if a modified version is brought back to life. It's the only starting point they've got right now.

(Of course, they would have to sort out the pricing, quality, and retail channels issues that killed DIVX in the first place.)
--

Re:Consumers have been copying movies since the 80

[Darby]

Don't even try to tell me that an album with the production quality of Dream Theater's Scenes From a Memory could be made in even 1% of home studios.


Well never having heard it I can't address the issue.
Could you post the MP3 somewhere. I'll listen to it and let you know ;-p

---CONFLICT!!---

uhm no...

Don't you think the CSS group kept the list of who got what key? All they have to do is download
DeCSS.cpp and they know who's key was broke and that programmer is sunk...

etc. etc.

Re:uhm no...

Considering what this brave and/or clueless soul has done for the open source community, we should start a career and/or legal defense fund if they're identified.

link to the utility?

[griffjon]

Does anyone have the link to DeCSS? In all seriousness, I want to copy Matrix to my HD to see if I can run it any better from the HD than from the dvd.

A word on MacroVision

[Cramer]

Most quality TVs on the market have macrovision stablizers. My 13 year old Sony TV (it's actually a monitor with a TV decoder in it) has a macrovision stablizer in it -- and I have the full schematics for that TV :-) [FWIW, that TV also has a video signal stablizer in it that effectively puts the sync signals -- in fact, the entire VBI -- back in... who needs a cable descrambler :-) And no, it's not designed to be a descrambler, Sony just put some damned good hardware in there.]

Macrovision does not mess with the active video portions of the signal. It sticks a "super white" high-frequency spike in the vertical blanking interval (VBI) to mess up the automatic gain control (AGC) circuitry intended to correct the white level -- exactly what voltage is "white" and "black" -- for broadcast signals that can (and usually do) have slight changes in the peak-to-peak waveform. Basically, the AGC is there to prevent the picture from fading in and out when you're watching it.

TV's have very slow "averaging AGC's" simply because it doesn't have to react rapidly to what is usually very slight voltage changes. And since the TV is only displaying the image and the designers know the retenative properties of the phosphor and the average human eye, it doesn't make sense to have rapid changes in the AGC. A dip in signal would be smoothed by the glow of the phosphor and the image retention of your eyes. Like wise, boosting the signal for a transient spike would not be good -- it would take a noticable fraction of a second for the image to return to normal.

VCRs are a totally different problem. They have rapidly adjusting AGCs because they have to. They're job is to record the video signal to a magnetic tape. The tape heads can only handle a specific range of voltage for the video signal. Too much could bleed into the other tracks and end up erasing the tape instead of recording or actually generate too much voltage and damage the VCR during playback. Too little would end up not recording any signal at all. The VCR needs every frame that it's recording to tape to have the exact same peak-to-peak white level or it would run the risk of recording too little video signal to be able to play back a fully synchronized video signal.

Alot of VCRs will have no trouble at all playing back a macrovision signal recorded onto the tape, but even ignoring the AGC, most VCRs cannot record a signal with that voltage level -- the circuitry cannot recover fast enough from such a high voltage, high frequency spike. I used to have such a VCR... the rotary transformers would get slightly messed up and and not record a clean signal for the rest of the VBI and sometimes on into the active (displayed) video portion. (I may not have recorded anything I could playback, but it did a better job deguesing the heads than the tool designed to do that :-))

Disclaimer: Macrovision is not new and I'm not a child :-) I used to work on TVs and VCRs back before they became single-chip, disposable toys.

Re:Coca-Cola secret formula

[Cramer]

That's B A W L S...

It's an interesting drink. I have one setting here on my desk.

DeCSS

DeCSS certainly works great, but those DVD files are huge! Someone need to come up with a new compression codec for those monsters. (Like MP3 to a CD) Then, it might be feasable to rip a DVD. Until then, I dont see the point of ripping a DVD to your hard drive, although I do agree that as consumers, we should all have the option of copying the data, whether it be video or audio, because of ever-changing formats. (I sure wish there was a way to copy all my old VHS videos to DVD!)

Re:DVD crack

[syrupdude]

Well, you know that the ubiquitous "they" have been working on a new dvd that will support HDTV (1920 x 1080) resolution. I think that this is a good thing, since new releases will likely be released in the newer format rather that sticking with dvd resolution (whatever it currently is). HDTV broadcasts are still quite a bit away, so I won't be buying one anytime soon for broadcast reception... but if I can watch all my favorite movies that way, then I will certainly consider buying one. I don't see any reason why hdtv manufacturers won't be jumping on this like a whore on a congressman.

Re:'They didn't encrypt the key' doesn't make sens

[Cramer]

"simplistic obfuscation" can be _very_ powerful if exercised properly.

Please take a look at any Netrek client source code. "Blessed" binaries use a 128bit RSAREF public key system to verify the client as authentic (as opposed to a hacked up "borg" client that tends to play itself.) The key and relevant code is broken up into a minimum of 15 files (I think the max is 40) and then the binary is linked in random order so the key processing is scattered all over the rather huge binary.

Despite the "small" key size and the relative ease of recovering the secret key by factoring, I've never heard of anyone recovering one of the keys for a blessed binary. And if they did, I'm sure it was not by disassembling the binary.

Re:Net Impact on Movie Industry: Zero

[Chris+Johnson]

*spends half an hour trying to get to a page on Robert Fripp's website, curses*
Well anyway- Fripp put it better than I will, funnier, but he made his website badly enough that it's impossible to deal with. So I'll just paraphrase.
The record companies impose a number of historical charges in the form of percentages on the cost of the albums. So if the artist is getting 5% royalty on sales, that is 5% after a 20% wastage charge, j.random other charge, and (I am NOT making this up) a charge on typical breakage of the SHELLAC the music is recorded on. I am NOT making this up.
"But CDs are not made out of shellac!". As Fripp said in his lost article, "Now you're getting clever." ;)
Basically, we're looking at corporate pork barrel, bigtime. The artists, perhaps even the movie studios do not get _that_ much money out of these huge industries. It's the corporations taking more and more. Of course they are not passing savings on to the consumer. That would be capitalism and a desire to compete on the basis of price. Of course they are not passing vastly increased earnings on to the artists. Why should they when they can charge a percentage of CD sales to broken _shellac_ and deny it to the artist? Of course they are earning exponentially more than they were. Where do you think they get the money to bribe the government and attempt to get antipiracy legislation passed?
The industry does not DESERVE protection. Whether it's the music industry (slamdunk of an argument to anyone who knows anything about how bad it is) or the film industry (Blair Witch Project, anyone? All you 3DSMax artists ever wondered exactly why you can't just make a movie and start trying to sell it?), it is so corrupt it's disgusting, and needs to be put down for its own good. It's not capitalism. The barriers for entry are too high, and they aren't all legal barriers (remember 'payola' of the 1950s?) These days there are ever more interesting ways to do that. It's out of control, and the consumer is powerless to stop it.
The only sensible attack is the judo-like approach that has so often worked in the computer industry- it's time to start proliferating record companies and _film_ companies, all indy, all guerrilla businesses with low overhead and depending on the fact that, what with the big industries being the way they are, it'd actually be _more_ profitable for artists to go with an indie- even with the albums/DVDfilms/whatever being sold at fscking _bookstores_ (did you know that independent bookstores are also being choked to death by heavy corporate shifts to online selling and the constant mergers and consolidations into ever-larger corporations?).
I think that's the way the future is heading. Could result in the mainstream being very glossy, very trivial, and very empty- with not many customers left to cheat. All that's required is that the actual media (CDs, DVDs) can be produced by indies in formats that work with the hardware generated for the consumers. That's all that's necessary. You don't need to _lead_ the curve, only be on it somewhere.
Anyway, my two cents :)

Re:Unconstitutional?

You may be right that many parts of the Digital Millenium Copyright Act are unconstitutional. I wonder tho, what part of it is? Publishing information about how to copy a DVD would be protected as free speech (1st amendment). Modifying a player in your own home should not be subject to federal juristiction so that ought to be legal, although they could probably ban selling of modded players under the interstate commerce clause and have it stand up in court. hmm... Any comments from lawyer-type people?

Why not bribe a licensee?

[Ivootje]

First of all, it's a 40bit encryption. That's too less anyway.

So, every licensee gets a unique encryption key. Instead of cracking (or in this case, _reading_) the encrypion key, why not offer some employee at Real (or any licensee) some money (or free pizza, whatever the person falls for) and get the key.

If this whole DVD system is based on the fact that licensees should keep their keys secure, this encryption is bound to fall, either through bribe or the employee in question just gives the key to a couple of his closest friends, which give it to... well, you get the point.

My two E0,02 (two eurocents)

So naive, so very very naive

[m0nkeyb0y]

The movie industry is completely naive if they thought they had a system which was impervious to being copied. I'm too young to remember, but I can only assume the same thing happened with VHS when that was finally able to be copied/written at home. It was only a matter of time, effort, and curiousity.

Silly copy protection schemes

[nas]

I think someone needs some basic lessons on cryptography. If the
key to the DVD is encrypted then how can the player use it? Does
it have a key to decrypt this key? Is that key encrypted? Maybe
you can see the problem here.

The player must be able to decode the DVD. If people have access
to the player then they can reverse engineer it and find out how it works.

IMHO, any copy protection scheme like this is doomed to fail. If
you can play something then you can copy it. It really is as
simple as that.

Re:Matrix?

Physician, heal thyself! Reread your first paragraph. Calling someone "pathetic" doesn't seem too helpful to me.

some facts...

1. key to read disk is in the player
2. key to descramble data is on the disk (each disk has it's own key)
3. they stop publishing disks that respond to the player key so that player can't read new disks
(i.e., yes they will black-list, I'll bet new disks mastered as of today don't have the broken
key enabled on them)

This would have worked as expected, but the keys were only 40 bits and the encryption algorithm
was weak... (if you read their spec, they seemed to expect it would have been broken within 6
months). The problem now is that now one was broke, people know how to break new 40bit keys
quickly since the keys are short and the algorithm is weak...

The key exchange and distributed secret scheme that they used was reasonably standard, but it's
not that you know what to do, what's really important is that you know how to do it right ;-)

Re:Net Impact on Movie Industry: Zero

[jms]

Nope. The reason that VHS tapes cost around $100.00 when they come out is because they are selling primarily to video stores. A video store is willing to pay $100.00 for a tape, because they are going to rent it out over and over. A few months later, when the video stores are no longer buying copies, the studios lower the price to a level that appeals to individual consumers. It works. Lots of people will rent a movie when it comes out, then buy a copy six months later when the price drops down.

You'll notice that some trashy blockbuster movies are being initially priced at sell-through prices. It's all a matter of the studios maximizing their income. If they think that no one is going to care about "Godzilla" six months from now, then it's in their best interests to sell as many copies as they can now. It's just marketing.

Security through obscurity doesn't work!

[Tet]

If a DVD is encrypted, where does the key come from to decrypt it? If the user doesn't supply it at playback time, it must be embedded in the player. That means you only have to get one key, and you have access to everything. They can't change the encryption scheme without breaking all existing players, and can't blacklist the cracked key for the same reason. It's just security through obscurity, which has been proven ineffective time and time again.

Re:Now DVD is open. And Movie industry can't stop

Clue by four!!!!

We need open source players because the bozos that make DVD stuff won't provide the software for Linux!

We can't buy something that they won't make available.

Re:Net Impact on Movie Industry: Zero

As several people have commented, the quality of what the studios are now producing makes this a moot point, anyway.

I'm not a luddite, but I haven't been to a movie in the movie theater in over a year and haven't rented a video in probably three or so. I won't be buying a DVD player until I need one for the computer, and I'm unlikely to ever buy an HDTV converter box.

You know, after the last few turkeys I suffered through, I don't even miss the movies anymore, either.

Maybe if they start producing something worth watching, and quit trying to make a media circus out of every pile of dung that rolls out the door, I'll watch something again. Star Wars is the only thing I've even been moderately interested in watching, but I don't feel that my life is any less rich for having not seen it. In fact, it may be better, since I didn't have to see or hear Jar-Jar...

The amazing thing is that they've poisoned the water hole, and now are trying to make sure no one can drink for free - go figure.

I don't buy DVD just to copy them...

[WyldOne]

I buy DVD and CD-roms (audio and game) because they are more permenent. PERIOD. As media go they will last longer for me after multilple playing than say a magnetic tape/LP. I will hear no pop's, jitters etc. when I am using media in a digital format. I think that CD-ROM based tech is rated at about 30 year shelf life. Compare that to a magentic tape which maybe will last 6 months under hard usage. (I know this because I have lost games because of megnetic decay) On another note I think at last count I had over 300 video/DVD's, ~100 audio CD's/tapes, and over 100 games in my library. That represents over 1.5 TERABYTES of data. I _WISH_ I had that kind of spere hard drive space. The truth of the whole thing is this. I pay for movie, I want to keep movie and not rebuy move every 2 years because of decay/storage problems. The movie industry as well as the audio industry need to wake up. We are loosing good movies/soundtracks now at a terrifying rate. This frantic paranoia about somebody copying your stuff needs to put to better use.

Re:it takes a LONG time to rip a movie

That's because the ripper puts the drive into player mode so it plays it just like normal, in other words ripping a 2-hour movie would take 2 hours.

Re: DVD and 40 bit keys

[DaveHowe]

But not all the companies who make DVD players are american. As a fact, very few.
So this wouldn't have been much of a problem...
nbsp; Possibly not - but a lot of the recordings seem to be from the US, so I suspect they had a big say in the definition of the standard.
Non-US members could have defined a standard without them, of course, but would then run the risk of being the Betamax players in a VHS market....
--

Re:So... There go our chances of getting TPM on DV

You can get The Phantom Menace on DVD from China, or get MPEGs from the internet. If they don't sell legit TPM DVDs then they will just be giving all those profits away to the pirates...but then again, some movie studios are actually stupid enough to do that.

Moderation

Why is the above comment moderated at zero? This was the single most useful and interesting comment in the whole thread.

So... There go our chances of getting TPM on DVD

[handorf]

Just what we need, evidence that (like we all knew) the format would be broken. But you can be sure that the movie producers aren't going to treat this with logic ("Oh, so it can be copied. Big deal, they can do the same thing with video tapes").

No, instead we're going to see a flight from DVDs. Like Star Wars was ever REALLY going to come out. Gotta love the paranoia among the studios that'll be setting in about now.

At least this came out AFTER Divx died, otherwise it would just prolong it's life.

On the upside, if they kill the DVD format for fear of copying, maybe they'll release the specs so I can play the DVDs I do own under Linux with full interactivity!
-- I'm omnipotent, I just don't care.

thanks alot

[arielb]

I'm pretty sure this means the end of DVD-or at the very least, delaying the latest titles. I guess it's VHS forever

Where there is Media, there will be piracy.

[Craig+Maloney]

Witness the number of people in the 80's who spent time and trouble reverse-engineering copy protection. Witness the number of copy-guard "picture quality enhancers" on the market. Witness how many mods there are for game consoles (Doctor 64, anyone?) Wherever there is a media to be hacked, there will be someone hacking it. Yes, the industry might lose money on it, but on the same token, there should be no discernable effect on their bottom line. People will still buy DVDs at Best Buy in the same number that they did before. If the Motion Picture industry is really that paranoid this will encourage piracy on the internet, they need to stop making a home-based media for people to watch it. (And that would be just plain absurd.) The MPAA needs to get a reality check. There is always a way around copy protection and encryption.

Net Impact on Movie Industry: Zero

[ewhac]

I've thought about this a lot, and I've come to the conclusion that the movie industry really has nothing to worry about from unauthorized copying. The facts, simply, are these:

• DVDs are cheaper to produce than video tapes.
  A lot of manual intervention is required in the mass duplication of video tapes. Basically, you have a wall of VCRs which record at 2x normal speed. So it takes about 45 minutes to make a batch of 200 or so tapes. These machines are frequently attended by a human operator (who costs money). DVDs, on the other hand, are pressed like CDs in an entirely automated process. Thousands can be stamped out in an afternoon. The manufacturing costs for DVDs is less than one-fifth that of video tapes, a savings which, of course, is not passed on to the consumer. So, while their PR department whines shrilly about "piracy" (a term used more for its emotional overtones than its accuracy), the studio is raking in even more money than before.
• Copying of DVDs over the Internet is a non-issue, even with the advent of broadband.
  The number of people who are going to A) spend hours downloading a 5 gigabyte file, and B) spend 5 gigabytes of hard disk space to store it (at a cost of $20/gig) is statistically insignificant. Yes, you'll probably have a college dormitory sharing movies over their 100Mbit LAN. This represents -- what? -- 0.001% of the total market? I'm surprised the studio's accounting department hasn't killed these anti-copying campaigns as an unbelievable waste of money.
• Writable DVDs will only slightly change the playfield.
  The fact is that DVD writers are expensive and are likely to remain that way for the forseeable future. Beyond that? I think we can take a lesson from what happened to the music industry with the proliferation of CD writers and MP3 files: Those companies are as strong as they ever were, and there is no proof they are suffering financially (despite our fervent desires to the contrary).

What I find particularly puzzling is that the hardware companies haven't figured out that they're in the driver's seat. Toshiba et al could have easily told the movie industry, "No, you're not going to get encryption or regional lockouts. Because it doesn't matter. Our manufacturing process costs less than one-fifth of the one you're using now. Once your shareholders find out there's a process that will cut your costs and increase profits and product quality (and we'll make sure they do find out), they'll rake you over the coals until you adopt it. You will use our open, unencrypted platform, and you'll like it. The financial reality leaves you no choice."

The argument really is that simple.

Schwab

Re:Does anybody know about DVD encryption?

[Admiral+Mouse]

Two questions:

1. Is the encryption algorithm known?

2. Will consumer decks play unencrypted disks?

Yes, they will. I have many discs which are not encrypted with CSS.

----

not even 40 bit security

[gonar]

note the article states that there are 400 individual keys pressed into every dvd. this reduces the 40 bit security down to a little more than 35 bits.

that might stand up for an hour on a brute force attack by a pentium 90. if they were lucky.

MUCH more likely, a valid key would be hit early in the attack, after all, there are 400 to choose from.

Age...

The founder of MoRE is 15 years old.

Can data ever be considered safe?

[Kingpin]

Have any of you ever heard of an attempt to keep data protected from copying that was successful? I haven't. Never seen a game, app with a software/hardware protection that hasn't been breached. The crackers have always "won" as I see it - perhaps it's just a matter of time before we see CRACK@home when the software business introduces long keys. Sooner or later any encryption technology (save quantum perhaps) will be outdated and basically worthless.

Kingpin

DVD Encryption? Good riddance

[Enoch+Root]

I fail to understand how this is such a shock to the industry. Why, I have partially cracked DVD Encryption a long time ago:

Let assume c is the ciphertext and p the plaintext. Simply run the algorithm to decipher c, then dump the plaintext p unto another medium. Repeat for every c.

In simple words: run the DVD, and copy it on a VHS. You'll lose these fancy functions, but the essence of the DVD is still there: a copyrighted movie.

The point is: it's silly to try to prevent the copying of a film or music, whether it's in DVD, MP3 or CD format. Who the hell cares? Copyright laws are in place, and they're supposed to prevent anyone from making money illegally off of them. However, it's not illegal per se to copy a film or a song, once you bought them legally and are doing so for personal use.

So, breaking the DVD Encryption scheme is akin to figuring out how to copy VHS to VHS. The fact that this data can be transfered over the Internet is, I think, irrevelant. The industry needs to grow up; I certainly don't see a reason to stop producing DVDs because of this.

The rule of copy-protection scheme is: sooner or later, it's gonna get broken. Surely they realised that.

"Knowledge = Power = Energy = Mass"

Does anybody know about DVD encryption?

[Thagg]

Two questions:

1. Is the encryption algorithm known?

2. Will consumer decks play unencrypted disks?

If the answers to these are 'No', then this isn't really too important, for the time being. And while it's theoretically impossible to prevent people from determining the decryption algorithm if you ever sell software players, it should be possible to build an encryption system that can be kept a secret.

thad

mp3 rocks!

The other 95% of the world can't tell the difference between a CD track and an mp3 rip of it. I love mp3's.. makes it easy to keep a huge archive and then burn custom audio cd's based on what I want to hear. I wouldn't be able to do that if I was storing 50+ meg tracks. Of course, you're probably one of those wackos who says that direct digital transfers of cd tracks to a hard drive decreases their quality. Yea right, the same thing happens when I copy my redhat iso images around. Seems to lose bits here and there. NOT.

How does DVD encryption work?

[RelliK]

Can somebody please explain in detail how the whole DVD encryption works?

Can't you just duplicate the encrypted DVD data using a DVD-R? You'd be able to get the exact replica of the original, and play it in any DVD player, without the need to decrypt it first. Or am I wrong?

Not anonymous

[Ilmari]

good luck, since the "crackers" responsible remain anonymous

Well, according to this article (in norwegian), it was a 15-year old guy named Jon Johansen from Thor Heyerdahl high school, in Vestfold, Norway, who cracked it (He's a member of the group MoRE (Masters of Reverse Engineering), mentioned in the Wired article).

Not at all that anonymous if you ask me :)
---
Ilmari

Re:Not anonymous

[finkployd]

True, but now that I think about it, it will be tough to prove that he did anything illegal since the RealNetworks key was not encrypted anyway.

I don't think anything will happen to him.

Finkployd

DVD crack

Well, you know what this means. Your expensive DVD players will be worth less because DVD2 will come out, not be compitable with current plays. New movies on DVD2.. Higher price to combat piracy.

Bad reporting on part of Wired

I am disappointed that Wired emphasized the word "piracy" throughout the article. They imply that the only purpose of the CSS code could be for shady people to go against the will of the copyright owners.

This simply isn't the case. They didn't bother to print the obvious fact that blank media costs significantly more than DVD movies to begin with, making unauthorized copying a waste of time and money! (Not to mention the fact that equipment to record DVDs playable in consumer DVD players is around $15,000)

I also didn't see anyone mention that copyright law does not restrict people from making backup copies of material that they own. Even the copy protection in consumer DAT machines allows this, unlike the broken CSS scheme. (Suppose I want to make sure that the DVD movie I just bought will still work 50 years from now, even if the original gets scratched or destroyed)

They missed the most important fact of all-- as long as CSS remained secret, computer users were forced to use Microsoft Windows or Mac OS to play back DVDs. Only the release of CSS to the public will make playing back DVDs on other operating systems possible. Many people have _wanted_ to go out and buy a DVD decoder card and movies, but have not because there was no support for this hardware in Linux or their operating system of choice. Hardware drivers have become available for some DVD decoder cards, but without CSS code the drivers are relatively useless.
Now, we will not have to wait much longer to watch DVDs on our machines.

oops, i meant 31 bits

[gonar]

correction: "this reduces the 40 bit security down to a little more than 35 bits."

should read: "this reduces the 40 bit security down to a little more than 31 bits."

Oh boo hoo. No one's going to stop making movies.

And if one studio quit producing, another will pop up and take their place so fast your head will spin. Look at software. Piracy is orders of magnitude more rampant than in the movie or record industry. And yet all of these industries seem to be more profitable than ever. "Leaking info on how to break protection schemes will destroy DVD!" It's NOT gonna happen.

Playstation Encryption vs. DVDs

[ronfar]

Currently, there is a war going on between Sony and mod-chippers over encryption. You see, a while ago I got a mod chip installed in my Playstation purely so I could play one disk (Samurai Spirits 1 & 2, a legitimate import version, not available in the US region.) Even though I chipped my Playstation to play games which were coded for outside my region, that same chip works for copied games too. Recently, Sony became aware of the encryption crack, and has started coding some of its disks (such as Dino Crisis from Capcom) so they will detect the chip and fail to play. Of course, now there are people coming out with new ways to get around the new encryption, including new hacked pirate disks and GameShark codes. I wonder if DVD companies will attempt something similar.

poor poor pitiful Toshiba

[technoCon]

Think of it as cosmic justice. I remember when Toshiba sold the Russians the machine tools they needed to make their nuclear submarines' propellers a zillion times quieter.

This is also a cautionary tale for cryptologists that every cryptanalyst knows by heart.

Cryptologists will often be deluded into thinking their systems are far more secure than they really are. Cryptanalysts stay in business because of this.

Money has caused you to miss the point as usual

Everyone is so concerned about the financial issue that they miss the real point. The actual strategy being played out here is one of fear induction. You (the public) are supposed to fear the pirate, the terrorist, the different thinker, the one that looks different or acts different. The Establishment has always thrived on the irrational fears of the public and so has attempted to control those fears -- not control as in eradicate, but control as in be the source of those fears or the fear inducing announcements. Power and control. Soon, you'll beg for internet regulation. Then you'll beg for reproduction regulation. Then you'll suffer an eternity in your very own Hell.

DVD fiasco discussions at the Yahoo RNWK board

[cyberdonny]

Come in and join the fun