New AACS Crack Called "Undefeatable" 554
Tuoqui writes "With all the focus on the infamous hexadecimal number, people may be ignoring a bigger weakness in the AACS armor, which emerged two weeks ago. Some hackers have figured out how to crack AACS in a way that cannot be defeated, even by revoking all the keys in circulation."
Re:Got it! (Score:5, Interesting)
Get 'em while you can (Score:5, Interesting)
Anyway, in the bizarro-world that the people who write DRM systems inhabit, I think that this will probably just push them to make the drives harder to "tamper" with; I fully expect that they'll eventually just pot the circuit boards in epoxy or something, to keep you from desoldering the chips.
So if you're interested in this stuff, you might as well go out and get one of the MS drives or other first-gen drives, because I suspect the hacking possibilities may decrease over time; it's going to be these early drives which are the most hackable.
The Art of Information (Score:5, Interesting)
Re:Get 'em while you can-MISSING THE POINT (Score:5, Interesting)
ZKP (Score:2, Interesting)
Re:Got it! (Score:1, Interesting)
http://linux.slashdot.org/comments.pl?sid=133782&
Didn't know they were there yet (mod parent up) (Score:5, Interesting)
That's pretty interesting. (In TFA the [hack|crack]er is quoted as saying that one of their goals is to eventually be able to pull the Volume Unique Key from the drive without a hardware hack, but he made it seem pretty far off.) I didn't know they had gotten to that point already.
Slightly OT: I'm really hoping that someone will write up a good introduction to how AACS works, in semi-layman's terms. I've read the official AACS documentation (as much of it is public, anyway) and it's not the easiest thing in the world to get your head around, if it's not your field already. It's obvious these Doom9 guys know their shit, but it would be nice if somebody made some documentation just so the rest of us know what the hell is going on; AACS has so many keys and keyblocks and keys-within-keys-within-keys that I'm never quite clear what exactly they've cracked, or which key is required to read the actual content without any other intervention from the player.
It would really be good if Wikipedia handled that, but right now the AACS article is just a lot of news-bites about the progress of the hacking, and it's very light on the technical stuff (and it's currently locked due to some pissing contest or other).
At what point is enough just enough already?! (Score:5, Interesting)
Re:Get 'em while you can (Score:3, Interesting)
To put into the context of this discussion: you buy an HD-DVD, you insert it into your player, and you watch the movie. The disc constitutes the totality of the message, the sender is the manufacturer, and the recipient is your player. Within the larger message is contained the movie, and the message itself instructs your player to show you the movie if, and only if, certain conditions are met. The inaccurate part of your
The real weakness in DRM is that there is an approximately infinite number of potential attackers spending an approximately infinite amount of time and using an approximately infinite number of discrete messages attempting to break the code, and that furthermore these attackers ALREADY KNOW what the decoded message is supposed to look like, AND have unlimited unmonitored access to an approximately infinite number of valid recipients. It follows that the encryption WILL be compromised no matter how good it is, because the attackers have so much access to all but one party in the scheme (the sender) that it can never be good enough.
Re:Didn't know they were there yet (mod parent up) (Score:5, Interesting)
http://www.full-disk-encryption.net/lurker/messag
Old security law... (Score:3, Interesting)
Re:At what point... (Score:3, Interesting)
Exactly!
Software has long been sold as a license transaction, not a physical item or intellectual property transaction.
Entertainment products are still treated as physical items, when really the manufacturer would prefer it be a license but without the right to back up the "software". By keeping the distinction fuzzy, the argument can be left unresolved.
Because of this, my biggest fear with all the fires stoked by the *AA orgs is not that they actually expect to be able stop casual or large-scale copying, but that they keep the argument alive long enough to scream that it can't be stopped. Then they say that because of that, they should be subsidized by taxes on blank media (like what happened with DAT or what happens now with blank discs in Canada). In essence, control the argument so that your point can't be refuted, then say the problem is endemic and find a "solution" that generates revenue but still leaves you with your original "problem" that can be trotted out anytime someone raises a valid point about your original argument.
Re:Maybe it's just me... (Score:4, Interesting)
I wonder why the HD-DVD people don't get together with the satellite people? Satellite TV is extremely secure and has never really been cracked successfully. Most cracks involve emulating a smartcard, which is easy since the smartcards still use early 80s technology. Even then, nobody has really done a crack that wasn't fixed within a week.
Re:Perhaps if this is proven to be true.... (Score:3, Interesting)
Re:Perhaps if this is proven to be true.... (Score:3, Interesting)
"I thought the *real* pirates where the guys who were doing bit for bit copies of the disks, encryption and all, so they could sell them? Cracks mean nothing in that context."
Nope, trading HD-DVD movies via BitTorrent with links you found on The Pirate Bay is piracy, too. The relevant definition of "pirate" is pretty broad -- dictionary.com has it as "a person who uses or reproduces the work or invention of another without authorization." Nothing about how it's copied, how it's distributed, or whether it's sold.
My unsolicited advice is not to worry too much about others' perception of your actions; I don't think there's a need to call sellers of pirated DVDs "real pirates" to justify your own piracy. If you enjoy using cracking software to create "back ups" to share, or if you enjoy torrenting HD-DVDs, then don't sweat it. All that matters is your own moral compass, and not some arbitrary third person's. Enjoy your movies, and enjoy the money you've saved.
Re:Got it! (Score:3, Interesting)
If I were a studio, I would ask for some sort of guarantee the protection would not be crackable easily. Like a financial penalty if the format is cracked within __ years of its release. Maybe Sony would work a little harder at their DRM if they had to pay out the nose for being flimsy.