Slashdot Mirror


User: Goaway

Goaway's activity in the archive.

Stories
0
Comments
4,507
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,507

  1. Re:Not too big of a deal on Vista Activation Cracked by Brute Force · · Score: 1

    Apparerntly, you have not looked at the actual article, though.

  2. Re:Er... on Vista Activation Cracked by Brute Force · · Score: 4, Funny

    Why not actually try to read the article to see how the program works?

  3. Re:uh, what? on Secure Private Key Storage for UNIX? · · Score: 1

    I'm pretty sure I "came here" for the same reason most people do, to read news. The occasional poking fun at the zealots is merely a small amusement on the side, and helps one stay sane reading this site.

  4. Re:Protected memory on Secure Private Key Storage for UNIX? · · Score: 2, Funny

    Yes, when there is no actual Microsoft vulnerability available, the crafty Slashdotter can just imagine that one exists, and still get that refershing feeling of superiority!

  5. Re:uh, what? on Secure Private Key Storage for UNIX? · · Score: 0, Troll

    Oh no! Somebody asked something of Linux that it doesn't provide! Better silence him, quick!

  6. Re:people *are* imitative on Why the Gaming-Violence Connection is So Comforting · · Score: 1

    but I wonder how much it affects others.

    How much? Or how little?

    Maybe it's you who's messed up.

  7. Re:So let me get this straight... on MPAA Fires Back at AACS Decryption Utility · · Score: 1

    AACS is far from "utterly destroyed". It's well equipped to deal with breaks like the ones published so far. They'll be using the technological measures too, soon enough, in addition to the legal ones. This is all going according to plan so far.

  8. Re:Serves it's purpose on Benefits of Vista's User Access Control? · · Score: 1

    Blaming the user? Pshaw, Microsoft is just ripping of Linux again!

  9. Re:Open DRM? on Apple's iTunes DRM Dilemma · · Score: 1

    The newest version AACS (Advanced Access Content System) has basically been beat to crap as well. Just read some past /. stories. :-)

    It has not. It is still working well within specifications. It is designed to take into account the fact that people will inevitably find the various keys, and has many mechanisms in place to control the damage caused by this. Those have not been circumvented.

  10. Re:OSS the Epitomy of Unfinished Product on Are Unfinished Products Now the Norm? · · Score: 1

    Stop being a literal-minded nerd for a second and try to actually read the meaning of the post and not the individual words, please.

  11. Re:Will they actually do it? on AACS Device Key Found · · Score: 1

    I feel that as the DRM gets more and more complex, the prestige and economic value of cracking it goes up.

    Most of these attacks are temporary, though. They can be circumvented by revoking keys and patching the software. This means that there is a need for a constant stream of cracks to keep new discs playing. Sure, the first person to crack a device key gets his share of fame, but what about the 135th person to do it three years down the road?

    This is a war of attrition between hackers and content producers, and the outcome is far from certain at this stage. Barring any real vulnerabilities being discovered in the algorithms (unlikely, since this time they chose good ones), the question is merely who will tire of the game first.

  12. Re:Will they actually do it? on AACS Device Key Found · · Score: 1

    Read doom9, the rest of this /. thread, http://www.freedom-to-tinker.com/?p=1122, etc. It's quite puzzling that the manufacturers haven't yet used the full AACS spec.

    The freedom-to-tinker.com link, at least, does not say that NNL key trees are not being used. It says that they are not using randomized processing keys, which is another matter entirely. It is weird that they are not using it, but it has nothing to do with lacking implementations in players, but with lacking implementations of the full standard when mastering new discs.

    Or they could just use the cracked device to crack a big pile of discs, and release the keys for the individual discs.

    This is unworkable due to being too big an effort. It might work now that releases are few, but if one of the formats grows to the same popularity as DVDs, that plan is impossible.

  13. Re:Will they actually do it? on AACS Device Key Found · · Score: 1

    Please re-read my comment. Hardware players can be individually revoked. Not lines of players. Individual, single, physical players.

  14. Re:Will they actually do it? on AACS Device Key Found · · Score: 1

    This is not the case. The media key block on the HD discs contains the media key, encrypted with several hundred device keys.

    Perhaps before shooting your mouth off, you should actually try and read the AACS spec and see if that is true or not? Because it isn't.

  15. Re:Will they actually do it? on AACS Device Key Found · · Score: 1

    Perhaps you should tell that to the people who actually made the AACS spec and included that very feature? I'm sure they'll be glad to be corrected on that matter.

  16. I'm not really sure, but. on Sort Linked Lists 10X Faster Than MergeSort · · Score: 3, Funny

    Maybe this guy has re-invented radix sort? I can't really tell! I wish somebody would post and tell me!

  17. Re:OSS the Epitomy of Unfinished Product on Are Unfinished Products Now the Norm? · · Score: 1

    Gee, volunteers mostly only do the things that are fun? I'm shocked!

    No, this is obviously not shocking. However, claiming this is a better development model than that for propietary software is definitely stretching it just a bit.

  18. Re:Will they actually do it? on AACS Device Key Found · · Score: 1

    Did you RTFA?

    Not only did I RTFA, I have been following the threads from the start.

    The folks who've accomplished this already got around a decent amount of obfuscation.

    There was zero obfuscation.

    They are determined and obviously have some coding skills.

    Some, but nobody has even touched a disassembler yet. That requires quite a bit more skill than looking at hex dumps and implementing AES from specs.

    The decryption keys must inevitably be revealed to the firmware/software

    You could write an alternative implementation of AES that does not use keys in the normal form, but directly uses obfuscated values. You can make sure values are kept in registers and the entire key is never present. These can be defeated, but it takes a large amount of work with a debugger and disassembler to trace and re-create the algorithms from the machine code. This is a much harder task, and the pool of people who have the skills to do it, and the willingness, shrinks quickly.

  19. Re:Will they actually do it? on AACS Device Key Found · · Score: 1

    Of course there is, and any decent programmer would know this. You can modify the algorithm to directly use obfuscated values, or only ever keep parts of the key in registers and never in memory, or a combination of the two. It is not undefeatable, of course, but it requires a lot more effort to defeat than this one.

  20. Re:Will they actually do it? on AACS Device Key Found · · Score: 1

    Only in theory... the manufacturers don't yet implement the full AACS spec which would allow this.

    Do you have a reference for this?

    Furthermore, if hardware players had completely individualized keys, then this would open up new vulnerabilities. The individualized keys would of necessity be stored in Flash or EEPROM, since the economies of scale required to manufacturer semiconductors inexpensively don't allow fabricating unique ASICs for each player.

    This would, of course, help hackers narrow down the location of the hardware keys in the system. :-P


    It might, but it still wouldn't help the fact that as soon as they got the keys, they would be revoked, negating the usefulness of the attack.

  21. Re:Will they actually do it? on AACS Device Key Found · · Score: 1

    Please go read the actual AACS spec, or some summary of it. What I said was correct. Individual players can be revoked.

  22. Re:Will they actually do it? on AACS Device Key Found · · Score: 1

    Hardware players individually, as I said.

  23. Re:Do you suppose it really does delete things? on Software Deletes Files to Defend Against Piracy · · Score: 1

    So, what would be an appropriate response to knowing that someone has just tried to use your software illegally?

    Disabling the program, and deleting nothing, like everyone else does. That wasn't a very hard question, man.

  24. Re:indeed on DRM Causes Piracy · · Score: 3, Interesting

    You "used Windows and FairPlay stripped the DRM from it to access the AVI inside"?

    There are no DRM'd formats with an "AVI inside". "FairPlay" is a DRM system used by Apple. It is certainly not a thing you can use to "strip the DRM from it and access the AVI inside" anything. There used to be a tool named "FairPlay", which worked on music files and not video files, and has long since been abandoned.

    So no, I do not think anybody cares that your imaginary friends are copying this imaginary file.

  25. Re:indeed on DRM Causes Piracy · · Score: 1

    We got the "joke". It was, however, nowhere near funny.