And I think you are way off here saying they are only looking out for themselves.
Have you tried actually reading their blog? With all the self-promotion, personal attacks and vitriol, it's glaringly obvious they are doing this first and foremost for drawing attention to themselves.
The only reason the software player used is visible at all right now is because the people involved are still working out the process. Once that gets nailed down and the scene goes completely underground, there will be people who crack disks and release the volume keys into the wild, and no one will have any idea how they got them.
And you think the producers will make no effor whatsoever to infiltrate this? Thinking you can go "completely underground" on the internet is pretty naïve.
Plus, there are a number of other methods to defeat this. One possibility is to simply not print the same volume key on each disc. Even a set of twenty or so different volume keys for each title would make it prohibitively hard to find them all, and noboby would feel like putting in all the effort, especially when it's much easier to just break one key and then torrent the contents. That wouldn't let you play your disc in your open-source player, but it's not like the pirates give a fuck.
c) The key issuers of the content providers get so desperate that they start revoking keys given any provocation.
I understand that keys for software players will be revoked every six months even if they aren't cracked, so this will not likely be a problem. Well, not more of a problem than the basic system already is.
Pluged ? How ? No player key were compromised during the process of hacking this stuff.
Revoke the key, and force the software makers to tighten up their code so it can't be so easily sniffed. Hole is plugged, or so the theory goes.
Nothing stops the pirates from starting over and finding a new hole, of course, but the current one is unusuable.
With BD and HD DVD that race won't happen again, because muslix64's softs don't need any compromised player (revokable) key. They need a volume key, unrevokable and always available during a shot time in memory or SIMD registers. Keys that can subsequenlty be shared on the net.
But to get those keys in the first place, you still need to hack a player in one way or the other. It's just a variation on the same game.
What would that "financial incentive" be, exactly? Wholesale piracy of the discs only requires making bit-by-bit copies, and does not require a decryption key. Making a knockoff player is not feasible, as the key would be revoked the second the player hits the market.
Ok, I know this is Slashdot and people love nothing more than throwing around idioms they do not understand the meaning of, but I still have to ask:
What exactly are you trying to imply? "The pot calling the kettle black" means somone accusing someone else of something that is true of themself. In this case, the grandparent poster says "perjury isn't treason". Are you implying that the grandparent poster himself is, in fact, "not treason"?
As it is well known that it is possible to do this, there is no reason for security researchers to do it. It would take lots of work, and there would be no payoff except that the grad students could warez some movies.
Which player gets its keys revoked? The people involved are being intentionally elusive on this topic.
And thus this isn't a very useful crack, because the minute it is revealed, it gets plugged. Maybe earlier, if they figure it out anyway.
Even if you wipe out a player, you can still crack all the discs currently on the market.
And that's how many?
What gives you any reason to believe that the same misguided souls who believed AACS was a secure solution implemented revocation securely?
AACS is as secure as it gets. It uses proper crypto, unlike CSS. Copy protection is a fundamentally unsolvable problem, but apart from that there is nothing wrong with AACS.
And what does "implement revocation securely" even mean?
There are, what, a handful of discs on the market? I don't think the producers are losing any sleep over the fact that they can't magically re-encrypt those movies, when they can stop people decrypting any more. They were planning on this happening, that's why there is a mechanism for revoking keys in the first place.
That is not to say there won't be more breaks in the future, of course, but this particular one can be easily plugged.
I can tell you right now that none of them do. We're talking scanning electron microscopes here.
And if some east asian knockoff company does it, it's not like they're going to release the keys anyway, so it doesn't really matter, does it?
PS: "Working out the decryption code was probably the hard part of the process" - No, the specs are all public, and the algorithm used is standard AES. That part is trivial.
There's a world of difference between snooping unecrypted traffic on an externally exposed bus and taking apart and mapping a chip to figure out its contents.
This hasn't been "cracked" in any meaningful sense of the word. All they've done is implement a decrypter working from the format specs, and worked out a way to hack decrypted keys out of a software player.
At any point, the player can have its keys revoked and code changed, and we'll be back to square one.
And to think I've been told, again and again, that the PS3 will sell "no matter what" in Japan, because it's made by Sony! It couldn't have been that those people were all talking out of their asses, could it?
You can, and have the right to say anything you want. However you are responsible for the results of that speech as well. This is where many fail to realize that speech has consequences, and worse, don't want to take responsibility for those consequences.
Ok, so if I'm a politician, it's perfectly OK for me to lock up anyone who disagrees with me? Of course they're free to do so, they're just responsible for the results of that speech, viz. getting locked up.
To nitpick your nitpick, if a japanese person says "2chan", it is obvious that he is referring to 2channel. 2chan.net is always called "Futaba Channel". The confusion only exists among western users.
And I think you are way off here saying they are only looking out for themselves.
Have you tried actually reading their blog? With all the self-promotion, personal attacks and vitriol, it's glaringly obvious they are doing this first and foremost for drawing attention to themselves.
Maybe, but do you honestly expect them to keep publishing the keys they might uncover?
The only reason the software player used is visible at all right now is because the people involved are still working out the process. Once that gets nailed down and the scene goes completely underground, there will be people who crack disks and release the volume keys into the wild, and no one will have any idea how they got them.
And you think the producers will make no effor whatsoever to infiltrate this? Thinking you can go "completely underground" on the internet is pretty naïve.
Plus, there are a number of other methods to defeat this. One possibility is to simply not print the same volume key on each disc. Even a set of twenty or so different volume keys for each title would make it prohibitively hard to find them all, and noboby would feel like putting in all the effort, especially when it's much easier to just break one key and then torrent the contents. That wouldn't let you play your disc in your open-source player, but it's not like the pirates give a fuck.
c) The key issuers of the content providers get so desperate that they start revoking keys given any provocation.
I understand that keys for software players will be revoked every six months even if they aren't cracked, so this will not likely be a problem. Well, not more of a problem than the basic system already is.
Pluged ? How ? No player key were compromised during the process of hacking this stuff.
Revoke the key, and force the software makers to tighten up their code so it can't be so easily sniffed. Hole is plugged, or so the theory goes.
Nothing stops the pirates from starting over and finding a new hole, of course, but the current one is unusuable.
With BD and HD DVD that race won't happen again, because muslix64's softs don't need any compromised player (revokable) key. They need a volume key, unrevokable and always available during a shot time in memory or SIMD registers. Keys that can subsequenlty be shared on the net.
But to get those keys in the first place, you still need to hack a player in one way or the other. It's just a variation on the same game.
What would that "financial incentive" be, exactly? Wholesale piracy of the discs only requires making bit-by-bit copies, and does not require a decryption key. Making a knockoff player is not feasible, as the key would be revoked the second the player hits the market.
Pot. Kettle. Black.
Ok, I know this is Slashdot and people love nothing more than throwing around idioms they do not understand the meaning of, but I still have to ask:
What exactly are you trying to imply? "The pot calling the kettle black" means somone accusing someone else of something that is true of themself. In this case, the grandparent poster says "perjury isn't treason". Are you implying that the grandparent poster himself is, in fact, "not treason"?
But Slashdot just recently duped the original news of the crack from several years back, so it's totally topical!
As I already said, a task several orders of magnitude easier, since all he had to do was snoop an external bus.
As it is well known that it is possible to do this, there is no reason for security researchers to do it. It would take lots of work, and there would be no payoff except that the grad students could warez some movies.
So my point stands.
You seem to be confusing "everyone" and "yourself" there. Just because you were surprised doesn't mean everyone else was.
Which player gets its keys revoked? The people involved are being intentionally elusive on this topic.
And thus this isn't a very useful crack, because the minute it is revealed, it gets plugged. Maybe earlier, if they figure it out anyway.
Even if you wipe out a player, you can still crack all the discs currently on the market.
And that's how many?
What gives you any reason to believe that the same misguided souls who believed AACS was a secure solution implemented revocation securely?
AACS is as secure as it gets. It uses proper crypto, unlike CSS. Copy protection is a fundamentally unsolvable problem, but apart from that there is nothing wrong with AACS.
And what does "implement revocation securely" even mean?
No, duh.
There are, what, a handful of discs on the market? I don't think the producers are losing any sleep over the fact that they can't magically re-encrypt those movies, when they can stop people decrypting any more. They were planning on this happening, that's why there is a mechanism for revoking keys in the first place.
That is not to say there won't be more breaks in the future, of course, but this particular one can be easily plugged.
Yes, universities regularly let grad students tie up multi-million-dollar equipment for weeks just so they can warez some movies.
Considering that the keys for the player can be revoked at any time, that isn't much of a "crack".
Yes, I am sure that they are just going to let manufacturers have the keys sitting unencrypted in externally accessible ROM.
I can tell you right now that none of them do. We're talking scanning electron microscopes here.
And if some east asian knockoff company does it, it's not like they're going to release the keys anyway, so it doesn't really matter, does it?
PS: "Working out the decryption code was probably the hard part of the process" - No, the specs are all public, and the algorithm used is standard AES. That part is trivial.
There's a world of difference between snooping unecrypted traffic on an externally exposed bus and taking apart and mapping a chip to figure out its contents.
The whole Wii thing was unexpected
No, this was well into the period when the Wii hype was at its highest.
Oh yes. Extract the keys from a hardware player, just like that. Let me get my screwdriver...
Do you really think a bunch of teenagers have the resources to reverse engineer specialized hardware?
This promotion campaign of yours is really fucking pathetic, just FYI.
This hasn't been "cracked" in any meaningful sense of the word. All they've done is implement a decrypter working from the format specs, and worked out a way to hack decrypted keys out of a software player.
At any point, the player can have its keys revoked and code changed, and we'll be back to square one.
And to think I've been told, again and again, that the PS3 will sell "no matter what" in Japan, because it's made by Sony! It couldn't have been that those people were all talking out of their asses, could it?
You can, and have the right to say anything you want. However you are responsible for the results of that speech as well. This is where many fail to realize that speech has consequences, and worse, don't want to take responsibility for those consequences.
Ok, so if I'm a politician, it's perfectly OK for me to lock up anyone who disagrees with me? Of course they're free to do so, they're just responsible for the results of that speech, viz. getting locked up.
To nitpick your nitpick, if a japanese person says "2chan", it is obvious that he is referring to 2channel. 2chan.net is always called "Futaba Channel". The confusion only exists among western users.