You simply pick up a new hardware player each month and fetch a new key
You do not "simply" do that, even if you've figured out how. It still involved stripping ICs and electron microscope scanning them. The cost is significant, no matter what, while the cost of revoking the keys is very low. You will need to have signficiant money to keep pumping into that project. Who would do that?
If you've got the time to edit, you've got the time to register.
Totally irrelevant. It's not about having the time, it is about whether you want to spend that time on a totally useless task, or on doing what you actually came to do. And those who are actually experts in a field generally have better things to do with their time anyway, so putting up extra barriers is just going to make them not bother to contribute.
I do not want to "participate editorially in wikipedia". I want to fix a mistake in an article on a subject I am knowledgable in, or write some new information I feel is lacking. But if I have to go through the trouble of creating yet another account I will most likely never use after that to do this, I will just not bother, because I have better things to do. I am quite sure this is also true for a very large number of potential contributors, especially those who are experts in their field, as they have far better things to do than jump through hoops on some website.
Yes, let's leave all writing to the kind of people who have nothing better to do with their time than create accounts on every single website on the internet. This will certainly increase quality.
This argument makes perfect sense, because scientists have always believed in global warming ever since antiquity, and certainly don't want to rock the boat now by allowing any non-traditionalist "no global warming" theories to get a foothold.
Look, sarcasm aside, global warming is the new theory here, and denying it is the traditionalist view, OK? The only thing that is ironic is that you seem to argue the exact opposite would be the case.
My example of the engineering student. Colleges often have equipment laying around that students are free to use during off-hours. Not just scanning electron microscopes, but other advanced equipment that wouldn't be available on the consumer market, some of which may even be prototypes built by professors and their research assistants.
But the only feasible attack that one could mount against a hardware player using any kind of college lab equipment is retreiving the device keys, which would be instantly revoked anyway.
As examples, a software player which doesn't obfuscate the key locations (which is what happened here), or a hardware player where the title keys are easily sniffed while passing through the traces.
The software player gets its keys revoked and a release is pushed out which fixes the flaw. This does not break the whole system. A hardware player that lets you get the volume keys would indeed be a problem, but it is extremely unlikely to happen. For it to be feasible, it would have to expose the keys on an external bus, and no such player is going to be allowed onto the market, barring total fuck-ups. Being able to do it once or twice in the lab is not really a feasible attack in practice.
Revoking AACS keys isn't a technical problem, but a public relations problem.
The system is clearly set up so that it won't be a public relations problem. Hardware keys can be individually revoked, and software keys are revoked as a matter of course. Where is the problem?
Remember, too, you aren't necessarily defending against just the Doom9 people (regardless of their actual intelligence level), but against many other potentially smarter opponents with resources far beyond what a typical home user would have.
What makes you claim this?
Further, it only takes one slip-up in one software or hardware implementation to break everything.
I don't see how that would be the case. Please elaborate on what kind of slip-up would "break everything".
Truth is, any attempt to use a new processing key would invalidate all existing players, and would likely cause a public relations backlash that would kill the new formats in their infancy. For all practical purposes, AACS is broken.
I'll admit I haven't looked into the AACS specs enough to see how exactly the processing key works, but I seriously doubt this would be true. AACS is well-designed, and very much built around the possiblity that keys will be broken in mind. Even if changing it would break playback, I was under the impression that only software players use the processing key, and they are already equipped to be able to quickly update keys (as their keys are supposed to be revoked every six months even if they are not compromised), so updating them for this (if it is actually necessary) is trivial.
Ok, here's what I'd do to obfuscate an AACS implementation:
First, you need an implementation of AES. Hand-write this in assembly to make sure you know where your bits and bytes go. Never keep unobfuscated keys in memory, and never all in one spot. Spread the parts around, and only re-assemble them in registers when you need them. Never keep a full key in registers at any point either, but swap parts in and out as you work your way through the algorithm (as it will have to be anyway, since you don't have large enough registers to hold it all anyway). You can also work through the maths of the algorithm to add obfuscation to that, and to the values you need to store in registers.
Now, the key will never be in memory in a useful form, nor will it ever be in registers. Of course, you can reverse the obfuscation, but that requires identifying the AES code, reverse-engineering it to understand how it works, and then working out how to recover unobfuscated keys from that. That is certainly not impossible, but it is orders of magnitude harder than what people are doing now. Especially if you go to the extra effort of obfuscating the machine code.
I'm sure there are furhter tricks than that, too. This is just off the top of my head.
I'm smart enough to do that, and I know it's child's play. I can do quite a bit more than that, but I can also think up quite a number of obfuscations that would stop me dead in my tracks.
Anything that simply adds another layer of indirection will just be a bit harder to crack.
That may just be enough. Read through the threads about this, and you will find the people who did this aren't geniuses. Make it hard enough, and they won't be able to do it. Sure, there are people out there who can, but you have no guarantee they will try.
In the greater war of AACS, this is still just a small skirmish. The real battles are still to come.
That's an extremely naïve post you're quoting there. It assumes the algorithms will not be tightened up to keep the key from sitting unprotected in memory. That's the first thing that will be done.
Only if you assume the player code will be unchanged and will not be tightened up to prevent this (very trivial) attack. Which is an extremely naïve assumption.
No, you don't need to update any firmware. You simply stop including the compromised key on the disc. This is how key revocation works, and no, you don't need to revoke an entire line of players, you can revoke an individual one.
Sure, some are referencing it for that reason.
= 14697991d =15259769d =15259805d =15260576d =10840822
Some of the people talking about it here, though, they're obviously not. For instance:
http://it.slashdot.org/comments.pl?sid=177104&cid
http://ask.slashdot.org/comments.pl?sid=184843&ci
http://ask.slashdot.org/comments.pl?sid=184843&ci
http://ask.slashdot.org/comments.pl?sid=184843&ci
http://yro.slashdot.org/comments.pl?sid=129960&ci
Look, you can't expect people to just read the bible without first receiving the proper training in the required rationalization techniques!
You simply pick up a new hardware player each month and fetch a new key
You do not "simply" do that, even if you've figured out how. It still involved stripping ICs and electron microscope scanning them. The cost is significant, no matter what, while the cost of revoking the keys is very low. You will need to have signficiant money to keep pumping into that project. Who would do that?
The fact that Slashdotters are referencing the bible when arguing against things they don't like is amusing me to end.
If you've got the time to edit, you've got the time to register.
Totally irrelevant. It's not about having the time, it is about whether you want to spend that time on a totally useless task, or on doing what you actually came to do. And those who are actually experts in a field generally have better things to do with their time anyway, so putting up extra barriers is just going to make them not bother to contribute.
I do not want to "participate editorially in wikipedia". I want to fix a mistake in an article on a subject I am knowledgable in, or write some new information I feel is lacking. But if I have to go through the trouble of creating yet another account I will most likely never use after that to do this, I will just not bother, because I have better things to do. I am quite sure this is also true for a very large number of potential contributors, especially those who are experts in their field, as they have far better things to do than jump through hoops on some website.
Yeah, well, good luck with that.
Oops, looks like I offended some people who have nothing better to do with their time than create accounts on every single website on the internet.
Remove anonymous posting
Yes, let's leave all writing to the kind of people who have nothing better to do with their time than create accounts on every single website on the internet. This will certainly increase quality.
The best encyclopedia you cannot read ever!
This argument makes perfect sense, because scientists have always believed in global warming ever since antiquity, and certainly don't want to rock the boat now by allowing any non-traditionalist "no global warming" theories to get a foothold.
Look, sarcasm aside, global warming is the new theory here, and denying it is the traditionalist view, OK? The only thing that is ironic is that you seem to argue the exact opposite would be the case.
My example of the engineering student. Colleges often have equipment laying around that students are free to use during off-hours. Not just scanning electron microscopes, but other advanced equipment that wouldn't be available on the consumer market, some of which may even be prototypes built by professors and their research assistants.
But the only feasible attack that one could mount against a hardware player using any kind of college lab equipment is retreiving the device keys, which would be instantly revoked anyway.
As examples, a software player which doesn't obfuscate the key locations (which is what happened here), or a hardware player where the title keys are easily sniffed while passing through the traces.
The software player gets its keys revoked and a release is pushed out which fixes the flaw. This does not break the whole system. A hardware player that lets you get the volume keys would indeed be a problem, but it is extremely unlikely to happen. For it to be feasible, it would have to expose the keys on an external bus, and no such player is going to be allowed onto the market, barring total fuck-ups. Being able to do it once or twice in the lab is not really a feasible attack in practice.
Revoking AACS keys isn't a technical problem, but a public relations problem.
The system is clearly set up so that it won't be a public relations problem. Hardware keys can be individually revoked, and software keys are revoked as a matter of course. Where is the problem?
Also:
Remember, too, you aren't necessarily defending against just the Doom9 people (regardless of their actual intelligence level), but against many other potentially smarter opponents with resources far beyond what a typical home user would have.
What makes you claim this?
Further, it only takes one slip-up in one software or hardware implementation to break everything.
I don't see how that would be the case. Please elaborate on what kind of slip-up would "break everything".
Truth is, any attempt to use a new processing key would invalidate all existing players, and would likely cause a public relations backlash that would kill the new formats in their infancy. For all practical purposes, AACS is broken.
I'll admit I haven't looked into the AACS specs enough to see how exactly the processing key works, but I seriously doubt this would be true. AACS is well-designed, and very much built around the possiblity that keys will be broken in mind. Even if changing it would break playback, I was under the impression that only software players use the processing key, and they are already equipped to be able to quickly update keys (as their keys are supposed to be revoked every six months even if they are not compromised), so updating them for this (if it is actually necessary) is trivial.
Perhaps you can explain this statment further?
Ok, here's what I'd do to obfuscate an AACS implementation:
First, you need an implementation of AES. Hand-write this in assembly to make sure you know where your bits and bytes go. Never keep unobfuscated keys in memory, and never all in one spot. Spread the parts around, and only re-assemble them in registers when you need them. Never keep a full key in registers at any point either, but swap parts in and out as you work your way through the algorithm (as it will have to be anyway, since you don't have large enough registers to hold it all anyway). You can also work through the maths of the algorithm to add obfuscation to that, and to the values you need to store in registers.
Now, the key will never be in memory in a useful form, nor will it ever be in registers. Of course, you can reverse the obfuscation, but that requires identifying the AES code, reverse-engineering it to understand how it works, and then working out how to recover unobfuscated keys from that. That is certainly not impossible, but it is orders of magnitude harder than what people are doing now. Especially if you go to the extra effort of obfuscating the machine code.
I'm sure there are furhter tricks than that, too. This is just off the top of my head.
I'd settle for people actually knowing how AACS works before making all kinds of bold claims about it, but that's asking a bit much, I guess.
And the relevance of this little tirade of yours was...?
I'm smart enough to do that, and I know it's child's play. I can do quite a bit more than that, but I can also think up quite a number of obfuscations that would stop me dead in my tracks.
Anything that simply adds another layer of indirection will just be a bit harder to crack.
That may just be enough. Read through the threads about this, and you will find the people who did this aren't geniuses. Make it hard enough, and they won't be able to do it. Sure, there are people out there who can, but you have no guarantee they will try.
In the greater war of AACS, this is still just a small skirmish. The real battles are still to come.
One more time: You can revoke individual hardware player keys in AACS. Only the one single compromised player will be affected.
Revoking hardware player keys is a lot easier and less of a hassle, because hardware players have essentially individual keys.
That's an extremely naïve post you're quoting there. It assumes the algorithms will not be tightened up to keep the key from sitting unprotected in memory. That's the first thing that will be done.
Only if you assume the player code will be unchanged and will not be tightened up to prevent this (very trivial) attack. Which is an extremely naïve assumption.
In theory yes, but how easy do you believe it is to update all those specialized video players, all offline?
Trivial, as you can just stop included their keys in the key set. The AACS spec is design specifically for this.
No, you don't need to update any firmware. You simply stop including the compromised key on the disc. This is how key revocation works, and no, you don't need to revoke an entire line of players, you can revoke an individual one.
Yes, thanks for the totally relevant typo flame.