Intel Corporation devised High-bandwidth Digital Content Protection
(HDCP) it delighted the entertainment industry. At a time when
the industry was cooking up high definition television and Blu-ray
movies, they now had the perfect scheme to lock customers in and
prevent pesky activities they hated -- like piracy or creating backup
copies (HDCP worked alongside AACS to lock Blu-Ray movies in common hardware/media pairings).The scheme was working out pretty well, until this
week when someone using the account IntelGlobalPR let
slip the scheme's
master key on Twitter, confirming that it wasn't quite as secure
as was believed. While that account appears to be in no way
related to Intel, Intel is confirming that the information is
accurate.Intel spokesperson Tom Waldrop comments,
"We have tested this published material that was on the Web. It
does produce product keys... the net of that means that it is a
circumvention of the code."This means that it should be
trivial to create hardware boxes that directly rip HDCP protected
Blu-ray or other content, without having to resort to directly
intercepting the video stream like current hardware schemes. It
could also open the door to software ripping solutions.The
industry will likely now have to resort to pricey litigation to try
to sue to prevent such products from reaching the market. A
similar scenario played out when the Content Scrambling
System that protects DVDs was cracked. Companies like
RealNetworks and Kaleidescape released hardware rippers to the
market, but were sued by organizations like the RIAA. They
eventually lost in court, as the current U.S. courts precedent is
that customers never
have the right to circumvent DRM to make backup copies.We
may never know who exactly posted the key to Blu-ray's DRM, but what
matters is that it is now effectively dead, despite Intel's protests
that it's still a good content protection tool.The
instruction for using the master key to generate source and sink HDCP
keys, according to the confirmed post are:
is a forty times forty element matrix of fifty-six bit hexadecimal
generate a source key, take a forty-bit number that (in binary)
consists of twenty ones and twenty zeroes; this is the source KSV,"
the instructions say. "Add together those twenty rows of the
matrix that correspond to the ones in the KSV (with the lowest bit in
the KSV corresponding to the first row), taking all elements modulo
two to the power of fifty-six; this is the source private key.
generate a sink key, do the same, but with the transposed matrix.
breaking of HDCP is not a surprise to secure expert Scott
Crosby. Way back in 2001 Scott Crosby published a report on
weaknesses and flaws in HDCP 1.0 (today's implementations use HDCP
1.3).Mr. Crosby comments, "I have no way of knowing if
this is the actual master secret, but if it is, I am not surprised.
I am not the only one to predict that this could occur; the master
secret can be calculated from the secret keys stored on as few as 40
TV's, computer monitors, video cards, or video players and millions
of HDCP supporting video cards and TV's are in people's homes all
over the world."
quote: But no they can't just make a copy of the disc like you can with DVDs.
quote: Why must a storage-only drive be 7200RPM?
quote: The industry will likely now have to resort to pricey litigation to try to sue to prevent such products from reaching the market. A similar scenario played out when the Content Scrambling System that protects DVDs was cracked. Companies like RealNetworks and Kaleidescape released hardware rippers to the market, but were sued by organizations like the RIAA. They eventually lost in court, as the current U.S. courts precedent is that customers never have the right to circumvent DRM to make backup copies.
quote: Honestly, this doesn't look like something that was reverse-engineered like CSS was. This was a leak from someone who was intimately familiar with HDCP. No matter how technically brilliant the DRM is, it will never be really secure for just this reason. You can build your castle as strong as you like, but if the guards keep bringing home wooden horses...
quote: Assume I license content by purchasing it. Also assume that DRM is preventing me from using the product due to the unavailability of a method to decode the DRM. Should the manufacturer be compelled to remove the DRM?
quote: Case in point; I do not have access to wideband internet. I therefore cannot play StarCraft 2 in single player mode. If I purchase the game, what is my legal recourse?
quote: Corporatists are the most anticapitalist people around.