Thursday, December 28, 2006

Programmer created utility to backup HD movie

See INQ report here. The programmer states that his backup utility is for fair use -- primarily for backup purpose.

Cyphers are used to protect messages from being read in plaintext by unauthorized persons listening to the communications, the recipient MUST obtain the original message. For this reason, you can only make DRM harder to crack--do it at the OS kernel and hardware. One attack on DRMed content is using virtual drivers to record decoded stream. If one goes extreme, she can use a virtual machine....

You can see that unless all video hardware is DRMed, there is no way to stop people from making a copy of the video. But, then people still have ways to defeat the system, using stuff like mod chips...

What else? FBI and courts. But, if a significant of percentage of the society is doing it, then legal remedy won't work either. It is impossible for RIAA to sue 100 million people--those who got sued are extremely unlucky ones. There are only a handful of Article III judges in a district, and copyright is a federal question.

BTW, I realized that AMD64 is probably the best solution to the DRM problem. With HT3 plugin cards, one can embed the encryption algorithm and keys in hardware. The encrypted data is sent via HT3 to the plugin cards to get decoded as raw content streams and then directly sent to the rendering hardware...

7 Comments:

Anonymous Anonymous said...

he didn't crack the encryption, he found the key (in his RAM). DRM impacting legit use is extremely annoying but it isn't like he found a crypto weakness here.

11:40 AM, December 28, 2006  
Anonymous Anonymous said...

actually sharikou..
it was a problem witht he program they used to see HD videos..
wich stores the video encription key in memory when loading the movie.


so in short words, nothing was cracked, the program is the product to blame.
and it might get blacklisted ( IT was powerdvd if I remember correctly )

3:40 PM, December 28, 2006  
Blogger Sharikou, Ph. D said...

he didn't crack the encryption

Did I write anywhere that he "cracked" the thing?

Folks, I know as much about cryptography as most of you do.

The encryption scheme is based on shared key symmetric encryption. The programmer can decode it because it's a standard encryption algorithm (AES). Now, consider the possibility of creating a "unknown" encryption algorithm, it will make the work substantially more difficult.

5:42 PM, December 28, 2006  
Anonymous Anonymous said...

"Now, consider the possibility of creating a "unknown" encryption algorithm, it will make the work substantially more difficult."

Security through obscurity is no security. Using good standard encryption algorithms is the way to go. Just make sure you won't leave the key somewhere in sight.

1:01 AM, December 29, 2006  
Blogger Sharikou, Ph. D said...

Just make sure you won't leave the key somewhere in sight.


That's impossible as long as decryption is done in plain software...

Given that the key can't be protected, the only option is to obscure the algorithm... you can't stop the determined folks, you only slow them down. The enigma machine is a good example, its algorithm was unknown and it was very hard to crack.

9:41 AM, December 29, 2006  
Anonymous Anonymous said...

"That's impossible as long as decryption is done in plain software..."

Almost everything is possible, it just needs a bit of thinking and plannig. E.g, do you know ifhow you can decrypt your DRM'ed videos or music you download from net?

You could say that one place where this "security through obscurity" shows its weakness is closed-source software. Of cource OSS also has bugs but there are lots of eyes reading and fixing the code. When someone finds yet another bug in IE they can exploit it however long they want without fearing anything. I don't remember when was the last time MS fixed some of its holes that weren't publically known before the patch.


People have tried to build their software on top of unknown (to public) encryption. The ones that are more used in public have all failed. Perhaps only some non-existent and/or inhouse applications still work. It all falls apard once the information about the algorithm leaks to general public.


Btw, do you know what encryption algorithms does FBI use in their day-to-day work for securing laptops and email exchage? IIRC it was AES, a very well known algorithm.

9:57 AM, December 29, 2006  
Blogger Sharikou, Ph. D said...

Almost everything is possible

Yes. It always possible to capture the key for a symmetric cypher.

You were talking about downloading DRMed video off the net, which is different from the HD movie situation. But, in any case, the content and key (if it's not single use) are there for grabs. You have to understand that cyphers are used to protect the message from captured by someone listening to the communications, the recipient MUST obtain the original message. For this reason, you can only make DRM harder to crack--do it at the OS kernel and hardware.

10:07 AM, December 29, 2006  

Post a Comment

Links to this post:

Create a Link

<< Home