Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

AACS Specifications Released

CowboyNeal posted more than 9 years ago | from the meet-the-new-css dept.

486

An anonymous reader writes "AACS, the proposed key management scheme for HD DVD, has finally released preliminary (ver 0.9) specifications. The specs look like CSS on steroids: they use AES instead of proprietary crypto, but other than that they're basically the same. The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player."

cancel ×

486 comments

Sorry! There are no comments related to the filter you selected.

Manufacturers (5, Insightful)

Joff_NZ (309034) | more than 9 years ago | (#12241816)

The main difference appears to be that AACS can revoke an entire player model if a hack appears against it

In that case, why would any manufacturer in their right mind produce anything under such terms? That would just be insane

Re:Manufacturers (1)

virgil_attack (744501) | more than 9 years ago | (#12241823)

why would any manufacturer in their right mind produce anything under such terms?

Mind control

Re:Manufacturers (2, Interesting)

Morlark (814687) | more than 9 years ago | (#12241834)

Yeah it is insane, but it's just the latest in a long line of insanity. Notice how a lot of the technologies that are being touted recently are all about restricting what people can do with content. It's a growing trend, and I don't think it's right.

Re:Manufacturers (0)

Anonymous Coward | more than 9 years ago | (#12241873)

Particularly in light of the fact that once a model is hacked and subsequently revoked, all the people who own that model would start suing the manufacture for selling faulty goods.

Re:Manufacturers (4, Interesting)

Tx (96709) | more than 9 years ago | (#12241874)

From the spec:

If a set of Device Keys is compromised in a way that threatens the integrity of the system, an updated MKB can be released that causes a device with the compromised set of Device Keys to be unable to calculate the correct Km. In this way, the compromised Device Keys are "revoked" by the new MKB.

If I read this right (which is not guaranteed this early in the morning), only hacked devices would be revoked. So it wouldn't be insane for manufacturers to use this scheme, and in fact would make them discourage hacks rather than making them easy as they do with many DVD players. Bad for fair use, but no problem for manufacturers.

Re:Manufacturers (4, Insightful)

GizmoToy (450886) | more than 9 years ago | (#12241930)

Well, thousands of customers calling their support lines to figure out why their players no longer work is going to be a pretty big problem for them, I'd say.

I'm not sure that creating a product that another entity can simply break is a great way to go. Can you imagine how irate all the innocent users would be? Man, I'd hate to be tech support at any of the companies that make these.

Re:Manufacturers (0)

Anonymous Coward | more than 9 years ago | (#12241965)

You think they'll even bother with tech support? Your nuts...people will just get a recording if they are lucky that tells them to buy a new player.

Re:Manufacturers (1)

Frank T. Lofaro Jr. (142215) | more than 9 years ago | (#12241989)

Credit card chargebacks are always a good way to fight back.

Yeah, there are time limits, etc, but if you bought it and it breaks soon after you can do it, get paid, and if enough people do so, the seller suffers and can even have credit card transaction rights revoked from them.

Re:Manufacturers (1)

Tx (96709) | more than 9 years ago | (#12241972)

Innocent users don't hack their devices. Not necessarily saying you're wrong otherwise.

Re:Manufacturers (3, Insightful)

BJH (11355) | more than 9 years ago | (#12241994)

So hacking a piece of hardware (not software, mind - *hardware*) that you bought and own is now a crime?

Let me guess what country you live in...

Re:Manufacturers (1)

Tx (96709) | more than 9 years ago | (#12242061)

Didn't say it's a crime, but it could invalidate your warranty.

User: "Hey tech support, I hacked my player and now it don't work!!!"

TS: "And ... this is our problem how?"

Like I said, I'm just telling you it isn't a problem for the manufacturers, not saying it's a good thing.

And FWIW I don't live in the USA, unless Britain has become the 51st state since I last checked :).

Re:Manufacturers (0)

Anonymous Coward | more than 9 years ago | (#12242085)

Go check again...

Re:Manufacturers (2, Insightful)

RedWizzard (192002) | more than 9 years ago | (#12241995)

Innocent users don't hack their devices. Not necessarily saying you're wrong otherwise.
The point is that if you happen to own the same device that the hacker broke the keys for, you could be SOL. I.e. if someone cracks the keys for Sony's Model 99 HDDVD player, the DVDCCA can revoke those keys and everyone who owns a Model 99 now has a useless paperweight (well I guess they'd still play old discs, just not new ones). Now, whether they'd use that ability or not, who knows? It's the sort of thing that would have lawyers lining up to start class actions suits, I'd expect.

Re:Manufacturers (1)

Tx (96709) | more than 9 years ago | (#12242037)

Like I said, I read it to be that just hacked devices would be affected - causes a device with the compromised set of Device Keys to be unable to calculate the correct Km - not all devices of the same model. But I could be wrong.

It'd be great for an anti-trust lawsuit though. (0)

Anonymous Coward | more than 9 years ago | (#12242063)

Not to mention it would just kill DVDs period. Once the medium becomes reliably unreliable there's no reason not to pirate exclusively. A move like this could end up with a US court kicking all similar contrivances out of the US.

Re:Manufacturers (4, Informative)

Craig Ringer (302899) | more than 9 years ago | (#12242011)

I'm afraid I think you read it wrong.

"... with the compromised set of keys ..." is the key phrase. A given model, if this is the same as CSS, has a CSS key - not a given unit of that model. Revoking the key would revoke it for all units of that model since they all have the same key.

Nasty. DVD is offensive enough already ("You may not skip this!"), this will just make it worse. Argh.

Re:Manufacturers (1)

Magnus Reftel (143) | more than 9 years ago | (#12242017)

... it wouldn't be insane for manufacturers to use this scheme ...

So, what do you suggest? That they pass on HD DVD? Unless bluray has better terms that's not going to happen.

Re:Manufacturers (1)

Lehk228 (705449) | more than 9 years ago | (#12242098)

I wonder if BluRay could corner the market by eliminated the ability to revoke keys then FUDbombing as much as possible.

Re:Manufacturers (5, Informative)

nothings (597917) | more than 9 years ago | (#12242047)

You're not reading it right. If somebody pries out a key from a device and uses that in a DeCSS-like software, they want to make that key no longer work--they want to revoke that key entirely. That's the only way this makes any sense.

With that in mind, it's clear that you can read what you quoted in the above sense, and indeed it's the plausible way to read it: it's not "causes a compromised device to be unable...", it's "causes a device with the compromised set of Device Keys to be unable...". Any device using this set of keys--whether it's superDeCSS or any particular machine of the sort that was compromised, or any other machine that shares the same set of keys--will no longer be able to view content--presumably only new content created after the revocation.

Related, from the spec:

The set of Device Keys may either be unique per device, or used commonly by multiple devices. The license agreement describes details and requirements associated with these two alternatives. A device shall treat its Device Keys as highly confidential, as defined in the license agreement.

Re:Manufacturers (1)

fm6 (162816) | more than 9 years ago | (#12241934)

You mean they have a choice? If their product can't play the movies the industry is publishing, its about as sellable as a betamax VCR.

Let me be the first to hack it.. (5, Informative)

Anonymous Coward | more than 9 years ago | (#12241819)

Click here [aacsla.org] to get the specification without agreeing to the terms of access.

Re:Let me be the first to hack it.. (2, Funny)

Anonymous Coward | more than 9 years ago | (#12241971)

Click to get your tinfoil hat. [stopabductions.com]

Re:Let me be the first to hack it.. (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12241981)

Wow, what a horrible attempt at humor ruined by an HTML typo... Thank god for the "post anonymously" option!

Player Model? (5, Insightful)

NEOtaku17 (679902) | more than 9 years ago | (#12241824)

"The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player."

Player model? What if a hack comes out for PC that allows you to circumvent the copy protection: Does it revoke PCs altogether, only certain disk drives, or what?

Re:Player Model? (0)

Anonymous Coward | more than 9 years ago | (#12241831)

Probably player software, in that case. Since the decrypting will probably take place in hardware rather than software, as it does now.

Re:Player Model? (2, Insightful)

Omkar (618823) | more than 9 years ago | (#12241912)

Considering that one "hack" would be just capturing the signal sent to the TV, I think it's fair to say they're not going to be banning anything anytime soon.

It's all about firmware? (0)

CdBee (742846) | more than 9 years ago | (#12241929)

I expect future DVD players will have USB ports so you can boot them off a key drive and flash the latest firmware, and keeping up-to-date firmware will be required for all DVDs to play

Re:It's all about firmware? (3, Insightful)

Frank T. Lofaro Jr. (142215) | more than 9 years ago | (#12242008)

Then DVDs will die.

Most people won't even know what you are talking about.

Now having new DVDs automatically update the firmware is easy, stealthy, evil, and effective. I think some DRM systems use such an idea.

The user merely watches a movie, and their player gets reflashed in the process. That could work.

Expecting the average movie watcher to even know what to do with a USB cable and how to boot something off an external drive won't.

Re:Player Model? (3, Informative)

nothings (597917) | more than 9 years ago | (#12242078)

"Circumvent the copy protection"? The data is encrypted. You can copy it all you want; but you can't play it without decrypting it.

So they revoke a player model as follows (omitting lots of details that aren't important to the big picture, and oversimplifying):

Each player model gets its own key ("set of Device Keys" in the specification). Data on the disc is encoded with a disc-specific data key. Given N player models, there are also N encrypted master keys, one for each (non-revoked) player model.

If a player model is compromised and the key from it used in a DeCSS-like program, they will "revoke" that key and, on all future releases, not include a copy of the disc-data key encrypted for that player.

I accept? (3, Funny)

Anonymous Luddite (808273) | more than 9 years ago | (#12241825)

>> These documents are preliminary drafts and are subject to change without notice. To download the v0.90 specifications, please accept the above terms and conditions.

No Thanks. I'll just wait for it to get posted to /.

Direct link (1)

Edward Teach (11577) | more than 9 years ago | (#12241840)

http://aacsla.org/specifications/AACS_Spec-Common_ 0.90.pdf

Re:I accept? (1)

fr1kk (810571) | more than 9 years ago | (#12241847)

it took you a full minute to type that? ;P

Mark my words. (5, Funny)

Adult film producer (866485) | more than 9 years ago | (#12241833)

This scheme will not be broken for at least 20 years.

There's no way they'll make the same mistake twice. DirecTV upgraded all their smart cards 2 or 3 years ago and it has yet to be broken. Bell Canada's expressvu is adopting the same technology because _everybody_ and their mom is pirating the signals.

Re:Mark my words. (0)

Anonymous Coward | more than 9 years ago | (#12241863)

Quantum computing is due earlier.

Re:Mark my words. (5, Insightful)

wolrahnaes (632574) | more than 9 years ago | (#12241865)

This scheme will not be broken for at least 20 years.


There's no way they'll make the same mistake twice. DirecTV upgraded all their smart cards 2 or 3 years ago and it has yet to be broken. Bell Canada's expressvu is adopting the same technology because _everybody_ and their mom is pirating the signals.

Here's the big difference...

Gaining access to DirecTV's signal requires hacking proprietary hardware. If PC-based players are ever allowed, reverse engineering will be along the same lines as last time around. It's just so easy to monitor everything your computer is doing in real-time, especially with the help of emulators like QEMU, Bochs, VMware, or Virtual PC.

Re:Mark my words. (1)

mrchaotica (681592) | more than 9 years ago | (#12242012)

...Which is where Treacherous Computing comes in, of course.

Re:Mark my words. (2, Insightful)

sTalking_Goat (670565) | more than 9 years ago | (#12241867)

you're kidding right? Client side encryption is dead. So Unless DVD players have to dial in to decrypt the movie this is a joke.

Re:Mark my words. (1)

zappepcs (820751) | more than 9 years ago | (#12241875)

Exactly! So long as you have the ability to monitor the decrypting, and know what the result is supposed to be, encryption is a delaying tactic at best... it helps keep honest people honest, kind of like the locks on your car doors.

Re:Mark my words. (1)

yahyamf (751776) | more than 9 years ago | (#12241947)

Not really.
Once the DRM is circumvented, someone is sure to write a slick GUI utility, where all you do is click a large, friendly looking 'copy' button and that's it.
Much easier than opening a locked car door.

Re:Mark my words. (2, Funny)

Frank T. Lofaro Jr. (142215) | more than 9 years ago | (#12242045)

Just press the "easy button".

Re:Mark my words. (0)

Anonymous Coward | more than 9 years ago | (#12242092)

I don't know about that last one. Technique ala man-who-stole-my-CD-collection:

* Insert screwdriver between frame of car window and glass.
* Use as lever to snap pane
* Push broken class into car.
* Reach inside and open door. .. that is, assuming a lack of alarms. But if they're stealing from the vehicle rather than trying to steal the vehicle there's often little point in bothering with opening the doors - and the screwdriver approach is sufficiently non-violent to avoid setting off shock sensors. Unless you have movement sensors or the like inside your car the alarm will probably never even sound.

Re:Mark my words. (1)

Sweed (851139) | more than 9 years ago | (#12241869)

Heh heh.

(You *are* joking, right?)

Re:Mark my words. (3, Insightful)

mattkinabrewmindspri (538862) | more than 9 years ago | (#12241895)

Consider the source.

"Adult film producer"

Re:MOD parent up!! (0)

Anonymous Coward | more than 9 years ago | (#12241890)

And by "up," I mean "Funny," of course.

Re:Mark my words. (0)

Anonymous Coward | more than 9 years ago | (#12241921)

Mark my words, it will take at least 20 years before enough people could be fucked to buy this sort of stuff.

Re:Mark my words. (1)

Frank T. Lofaro Jr. (142215) | more than 9 years ago | (#12242020)

Maybe its been hacked and is being kept really quiet. They are keeping quiet, to prevent an even stronger system coming out and they losing access again.

Okay, DVD Jon... (4, Funny)

kwoo (641864) | more than 9 years ago | (#12241841)

You have your work cut out for you!

Just kidding. :)

Re:Okay, DVD Jon... (0)

Anonymous Coward | more than 9 years ago | (#12241872)

Dude, where my car?

Re:Okay, DVD Jon... (0, Troll)

voisine (153062) | more than 9 years ago | (#12241919)

:) DVD Jon is likely just some guy who agreed to take credit for the real hacker's work. They release their work though him to avoid litigation. Either that or he's a very industrious fellow, cracking apple's drm and then releasing a complete Linux itunes music store client and what not.

I, for one... (1, Insightful)

Kagura (843695) | more than 9 years ago | (#12241871)

I, for one, welcome our new DRM encryption overlords! Perhaps they'll do better than our previous overlord, Chief General CSS. It only took seven lines of code [windowsitpro.com] to bring him down...

Re:I, for one... (2, Funny)

Lehk228 (705449) | more than 9 years ago | (#12241898)

THis new standard will probably require 15 lines

Re:I, for one... (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12242101)

Let's call that Jon's law: "Every successive digital video standard will require a minimum of roughly twice the number of lines of code as the previous generation."

Re:I, for one... (1)

mrjb (547783) | more than 9 years ago | (#12242095)

Yeah but it was seven lines of *perl* code. In justa about any other language it would have taken 700.

*sigh* (1, Insightful)

LCookie (685814) | more than 9 years ago | (#12241878)

Why don't they get it.. If it can be played back it can be ripped.
It's not magic...

Re:*sigh* (1, Interesting)

NEOtaku17 (679902) | more than 9 years ago | (#12241915)

Wrong...If it can be played back it can be captured . Ripping requires the DRM to be circumvented.

What will the packaging say? (5, Interesting)

The New Andy (873493) | more than 9 years ago | (#12241887)

Suppose player X has been revoked. Now, I'm assuming that any disks released after this won't work on it right? So, does the packaging for the disk say: "Plays on any player except blah"?

Now, how does this scale, suppose players AAA through ZZZ have been revoked. Do we need larger DVD cases just so we can fit a list of all the players that won't work on it?

Re:What will the packaging say? (1)

billsoxs (637329) | more than 9 years ago | (#12242028)

damm and me with no mod points

Re:What will the packaging say? (3, Informative)

J. Random Luser (824671) | more than 9 years ago | (#12242112)


Playable on all Licensed Players
see Figure 1-1 page 2 (12) of the Advanced Access Content System: Pre-recorded Video Book.
It's your job as user to figure out if your player is still licenced.
Now that's not to deny enterprising souls the right to devise methods to play it on unlicensed players, but there may be some fine print about such methods violating your EULA with the content provider...

Owning a model player that get's revoked .... (5, Insightful)

Anonymous Coward | more than 9 years ago | (#12241900)

Well, what happens to the customers that have a player-model that gets, by no fault of themselves, revoked. Are they reembursed (getting (part of) their money back), or are they just left with a piece of worthless, but costly junk ?

Even worse : you have no way of knowing if the player you are going to buy is on the list of players shortly-to-be-revoked, or worse yet : allready revoked.

How's the "you should be able to use a bought commodity for a reasonable time"-law come in play here ?

Re:Owning a model player that get's revoked .... (1)

Orgazmus (761208) | more than 9 years ago | (#12241997)

Well. You would probably have to buy a new one, so its even more licencing money for the rich.
Great plan for bringing in a lot of money today, but it will also guarantee the fall of the industry tomorrow.

Re:Owning a model player that get's revoked .... (4, Insightful)

l0b0 (803611) | more than 9 years ago | (#12242018)

Well, what happens to the customers that have a player-model that gets, by no fault of themselves, revoked. Are they reembursed (getting (part of) their money back), or are they just left with a piece of worthless, but costly junk ?
This can't possibly work on the global scale, so it'll just be the final kick in the balls before all consumers learn how to pirate movies. That is, if the movie industry doesn't realize that it's their worst move of all times.

Well then... (4, Funny)

mattkinabrewmindspri (538862) | more than 9 years ago | (#12241905)

Go Blu-Ray!

Re:Well then... (0)

Anonymous Coward | more than 9 years ago | (#12241975)

Um hate to tell you but Blue Ray has the same shit involved. With the shit they wanna do it'll be eaisier to just buy the HK Rips that come out for everything...or ya know...stick with cracked DVDs as is.

Content scrambling is stupid... (5, Insightful)

jleq (766550) | more than 9 years ago | (#12241906)

It may be the strongest encoding out there, but who cares? What stops me from plugging the video output of a dvd player into my video capture card and recording off of it? Sure, the quality won't be as good, but it will still work.

I wish they simply wouldn't scramble content in the first place. 99.9% of the people who buy the dvd and would need to break the encoding have a LEGITIMATE reason to break said encoding (backup, copying to laptop so it's not necessary to carry discs on trips, etc).

Re:Content scrambling is stupid... (1)

Anonymous Coward | more than 9 years ago | (#12241941)

Macrovision for analog signals.

And in case you use HDMI, its HDCP.

Re:Content scrambling is stupid... (1)

aXis100 (690904) | more than 9 years ago | (#12241970)

If you can get the signal into your eyes or ears, it can be recorded.

Re:Content scrambling is stupid... (1, Insightful)

Frank T. Lofaro Jr. (142215) | more than 9 years ago | (#12242035)

Analog Macrovision is *easy* to break.

I know how, but won't say.

That is illegal knowledge to disseminate.

The flaw in the argument (1)

dnaboy (569188) | more than 9 years ago | (#12242019)

The only thing I would point out is that you mentioned that 99% of the people who BUY the DVD and would need to break the encoding have legit uses in mind.

There's a ton of people out there who never buy the content to begin with, because they download it themselves.

There's a huge difference. I know that the Betamax defense is the obvious counterargument, but that was way before one could make indefinite copies without massive quality loss. The idea that one would make really good copies available to a massive amouont of people wasn't covered in that case.

Is this legal? (2, Informative)

Foktip (736679) | more than 9 years ago | (#12241909)

In many countries (such as will probably be with Canada soon), there will be laws stating that bypassing DPM's (digital protection measures) is allowed, and legal, if it is of legal intent. SUch as fair use, backing it up, etc.

So, if you use it fairly in a country where its legal to do so, and they "block you", is that legal too? Is their EULA more powerfull than non-American laws?

Re:Is this legal? (4, Informative)

ta bu shi da yu (687699) | more than 9 years ago | (#12241964)

In Australia it now is, we are not allowed to create any copy protection circumvention mechanisms. To all you Americans: thanks for nothing.

Re:Is this legal? (1)

mrchaotica (681592) | more than 9 years ago | (#12242022)

Don't blame me, I voted against Bush!

Re:Is this legal? (1)

CosmeticLobotamy (155360) | more than 9 years ago | (#12242043)

To all you Australians blaming Americans for this: we're not going to invade you. You're actually allowed to not do what our head jerks say. If you let it happen, you're now officially as bad as us.

Not with the Free Trade Agreement They/We Can't! (2, Informative)

thecampbeln (457432) | more than 9 years ago | (#12242105)

The Aussi-Gringo FTA fucked allot of things for the Aussi's (though they thankfully avoided the worst on their government prescription drugs program). From what I saw and heard, the FTA has little to nothing in it for Aussi's (loss of domestic TV programs, lingering threats to their PBS, etc). And the DCMA-esque copyright "equivalents" required by the FTA are headed their way (if not already implemented, life +70 years anyone?). The FTA is the only reason Australia has troops on the ground in Iraq, because the misguided "head jerks" wanted that fucking thing so damned bad for whatever reason ("Oh, oh, we can mitigate problems between the US and China because of our relationships with the two countries!" - so what? When two elephants dance, all you can do is get the hell out of the way).

wtf? (1)

circletimessquare (444983) | more than 9 years ago | (#12242075)

why is the usa to blame for what australia does?

your cynicism only seems to make you out to be the biggest victim of the evils you dislike

i don't know how it works in australia, but i would think that any red-blooded australian would consider you to be a sell out

because you have to believe very little in australia in the first place to consider it to be the kind of victim you imagine it to be, but which in fact only you are

Re:Is this legal? (1)

m50d (797211) | more than 9 years ago | (#12241978)

In many countries the law is that you're allowed to do that, but there's nothing stopping them trying to stop you. So you can hack their DVDs and they can do whatever they want to encrypt them or whatever. If they're going to sell you non-working dvds that's probably illegal under consumer protection laws though.

When VHS came out... (1)

JoaoPinheiro (749991) | more than 9 years ago | (#12241916)

It was supposed to be unduplicatable...
If something can be played, it can be ripped, make no mistake about it. Also, if PC-based players are allowed, it'll just be a matter of monitoring their activity and reverse-engineering them once again.

The real issue here is the possibility of revoking a certain player model. How will users accept a format with this limitation? I wouldn't be too eager to buy a HD DVD reader only to have it revoked a few months later.

Can Slash stop with the obscure acronymns (4, Informative)

zymano (581466) | more than 9 years ago | (#12241931)

Content Scrambling System = CSS.

AACS= Advanced Access Content System.

Maybe I am an idiot but i had to actually read the article to know what the posted article was talking about.

Re:Can Slash stop with the obscure acronymns (0)

Anonymous Coward | more than 9 years ago | (#12242031)

You're NHAY

Re:Can Slash stop with the obscure acronymns (1)

zymano (581466) | more than 9 years ago | (#12242103)

You S.O.B.

Re:Can Slash stop with the obscure acronymns (5, Funny)

csrster (861411) | more than 9 years ago | (#12242056)

I must admit that I thought an encryption standard based on the Cascading Style Sheet specs was a clever idea. Should be almost impossible to decipher.

So I roll the dice (2, Interesting)

JohnnyGTO (102952) | more than 9 years ago | (#12241933)

drop big bucks on equipment hoping someone does happen on a hack? Yea right and they wonder why only the sheeple fall for this shit.

key revocation (4, Insightful)

Anonymous Coward | more than 9 years ago | (#12241936)

If they can revoke keys, then we can DoS the keyspace. There's no need to crack any crypto. All we gotta do is trick them into deprecating keys.

How many people are still running windows 98? How many people know how to set the clock on their vcr?

You DoS the keyspace eventually people won't be able to play commercials. Then the productions don't get their money. Then the system does either of 2 things. 1: every screen goes black and there is no tv or 2: they give up and take off the crypto so the ads work again.

Key revocation is a bigger security risk than keys in software dvd players because you can do more than opening up a file to everybody. You can lock everybody out of it as well.

This idea (starting with hdcp I guess) just opens up more vectors for attack. Now we have a social engineering vector and a keyspace vector in additon to a locally stored key vector (css).

Re:key revocation (2, Insightful)

rjh (40933) | more than 9 years ago | (#12242004)

No, you can't DoS the keyspace.

They're using AES. That means it has (potentially) a 256-bit keyspace. You have neither the time, nor the energy, nor the computing power, to exhaust that keyspace. You can't even make a dent in that keyspace. A really monstrously huge distributed.net effort that runs for a decade might be able to create 2^80 bad keys. Okay, fine, great, that's a lot.

Now take 2^256 and subtract 2^80. What do you get?

Why, roughly 2^256. 2^80 is so insignificant in comparison to 2^256 that you're basically subtracting zero from the total keyspace.

People who do not understand just how large a keyspace is should not talk about how easy it is to exhaust a keyspace.

Re:key revocation (5, Insightful)

Anonymous Coward | more than 9 years ago | (#12242109)

Nobody said anything about exhausting the keypace.

We're talking about attacking the subset of deployed keys. We don't need these keys at all to get them revoked.

The device itself will decrypt the stream. All you need is access to the output to reencode and share. Copyright cops detect the share, lift whatever watermark may be in the stream, finger the device and revoke the key.

There you go. You just DoS'd a production run of playstations from decrypting movies. All without having any knowlege of any keys.

When I say DoS the keyspace I don't mean exhausting the theoretical keyspace of a 128 bit cryptosystem. You're right, that'd be hard. You don't have to discover keys to DoS the subset of deployed keys via third party revocation. You need only make it seem as if the key was compromised to the revocation authority, thus prompting revocation.

So long as the stream will exist in a decrypted form so the user can watch it, then no knowlege of keys is needed to perform this attack.

Also. If the revocation authority becomes wary of such attacks it acts as a bunny rabbit attack. When keys are legitimately compromised they may do nothing thinking it's just another dupe.

The keyspace isn't the weakness here. It's people.

Hey... If there are hacks against it? (4, Insightful)

DaedalusLogic (449896) | more than 9 years ago | (#12241945)

In that case isn't the cat already out of the bag? Not like they can on the fly say that all your HD-DVDs won't work in the morning... The only thing that they can do is prevent future media from playing on that model of HD-DVD player.

We have seen that play before, cripple the next hot DVD to hit the market and what do you get? A ton of product returns and pissed off customers. The encryption may be more advanced, but when you want to give everyone consumer devices with the universal key to the castle... It's only a matter of time before someone figures out a way to copy it.

Protecting everyone's interests. (2)

crottsma (859162) | more than 9 years ago | (#12241960)

They should use open source crytographic methods. That way the whole community would be able to contribute towards the effectiveness of copyright security, and they would be protecting not only the consumers' best interests, and also the consumers' best interests.

Re:Protecting everyone's interests. (4, Insightful)

Dwonis (52652) | more than 9 years ago | (#12242006)

Consumers' best interests would be best served my using NO crypto. All that crypto hardware/software costs money to develop and manufacture. Guess who pays for it in the end?

please /. this spammer down (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12241969)

http://z1.adserver.com/w/cp.x;rid=295;tid=5;ev=1;d t=3;ac=60;c=691;

Yes I know this comment will get mod'd down but please don't. This wabsite is overriding popup protection on Safari and who knows what on IE and Firefox and it is clearly fishing of addresses to spam.

This isn't new news... (5, Interesting)

harmless_mammal (543804) | more than 9 years ago | (#12241980)

Here's analysis of AACS [blogspot.com] that was blogged last December. One interesting point mentioned is that there is no requirement to wait for keys to get compromized before revocation begins. They can revoke keys whenever they want, publicly claim it was due to hackers, and stimulate new equipment sales any time they want.

Re:This isn't new news... (2, Insightful)

Anonymous Coward | more than 9 years ago | (#12242082)

One interesting point mentioned is that there is no requirement to wait for keys to get compromized before revocation begins.
Yes, there is. There are the warranties of merchantability and fitness for a particular purpose. Better yet, in the USA at least, collusion between player and movie makers to breach a warranty would probably run afoul of the Racketeer Influenced and Corrupt Organizations Act.

This garbage is doomed to die. Either they will have to conspicuously advertise the players as unreliable and the movies as not watchable on all players, or they get their asses sued into the ground.

To be more precise... (0)

ecki (115356) | more than 9 years ago | (#12241991)

It's not only player models that can be revoked, but this goes down to individual players.

Industrial sabotage possibilities? (3, Insightful)

TheOriginalRevdoc (765542) | more than 9 years ago | (#12242026)

Seems to me that a manufacturer could sabotage another manufacturer's products by hacking them (under cover, of course) while they're still available new. That would make the players almost impossible to sell.

Aaah, now I see their dastardly plot... in order to avoid this, manufacturers will be forced to make their products hack-proof. Tricky, eh?

When will they learn? (5, Insightful)

rips123 (654488) | more than 9 years ago | (#12242039)

Remember when macrovision changed the hsync/vsync patterns of the video signals to stop VCR's copying tapes?

Remember Apple IIe games that wrote bad sectors or extra sectors and other such nasties to try and stop people copying 5-1/4 inch floppies?

Remember SecureROM and others making CD copy protection by intentionally leaving broken sectors on CDs - making them unburnable in nearly all of the burners at that time?

Remember that DVD's were once uncopyable?

Remember when Pay TV signals were encrypted by obfuscating their signal with some analogue hardware?

Remember when they started using proprietary digital encryption for Pay TV (Irdeto)?

Every time someone offers up content in some protected form, someone is going to break it. Period. Even if they can't break it, someone will use a legitimate DVD player and screen/sound grab their favorite movies using a capture card.

The only difference I see now is that the companies implementing these measures are monopolies whereas they used to smaller players in their respective markets. This might mean that they can push some legislation through to discourage copying but nothing will ever stop it IMHO.

Re:When will they learn? (1)

mrchaotica (681592) | more than 9 years ago | (#12242050)

Remember when they came out with Palladium and digital screens so that there's end-to-end hostile encryption with no analog hole?

Re:When will they learn? (0)

Anonymous Coward | more than 9 years ago | (#12242072)

Er, there is still an analog hole. They would also have to outlaw all non-Palladium hardware. Even then there would still be an analog hole, they would just have made it illegal to possess/make/sell/buy the equipment needed to take advantage of it.

And considering the lack of effectiveness of governments trying to regulate drugs, gambling and prostitution, I find it hard to believe they are going to ever be able to effectively enforce any hardware ban that stands in the way of content "piracy". Particularly since they have to stop it from happening *even once*, after which the cat is out of the bag and anyone can watch the content without DRM.

Did I leave any devestating points out...

Definition of insanity? (4, Insightful)

DMouse (7320) | more than 9 years ago | (#12242070)

Keeping on doing the same thing, and expecting a different result.

WTF .. has the world gone MAD (1)

Ozric (30691) | more than 9 years ago | (#12242073)

ha .. good thing I still have my BataMax ...

oH and I dont give a dam really ..

I wont be letting one of those things in my house.

If we dont buy this Crap wont fly.

Remember DIVIX ?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>