An ad-hoc experiment in Slashdot-style collaborative journalism. Background reading: Michael Olson got us started by linking the RealJukebox privacy flap with the recent crack of DVD encryption ( see http://tbtf.com/blog/1999-10-31.html#7 ); Seth David Schoen contributed a "let 100 DVD players bloom" perspective via Dave Farber's IP mailing list ( see http://www.interesting-people.org/199911/0016.html ). Got any useful insights on the DVD crack and its implications?

As $/meg for hard disks drops, and as cable modems, DSL, and other high speed net links proliferate, I forsee the crack of CSS as the "thin end of the wedge" in starting an MP3 like revolution for video. It's currently just barely feasable to download a 5GB video over DSL (order of magnitude 10 hours). One more order of magnitude bump in net connections (and many dorm rooms have ethernet already...), and it becomes cheap to download a movie for your collection.

Ah well! Once more the geeks have won and the suits have lost.
As far as I am concerned, it is now time to start working to destroy the two great curses of modern civilization - patents and copyrights. Anybody who has thought deeply enough about these issues will realize that both patents and copyrights do not work in consumer favor - both are instruments designed to take away freedom of choice. And if someone still thinks that patents and copyrights protect the rights of authors and inventors, I have only one thing to say- WAKE UP!
How can patents be right? - did you know that Galileo was denied a patent for the telescope because the Patent Office thought it was an obvious idea. And now we have patents on specific colors! There have never been a truly innovative idea in the history of mankind ever since the invention of the Wheel, fire and the number Zero. And no one ever got patent rights for those!
Copyrights are even worse! Anyway who thinks copyrights protect authors is truly mistaken. A writer gets no more than 5 percent of what his book is actually sold for! Musicians get seven percent! The rest is cleaned off by the "industry" people. I'd rather pay 10$ direct to a books author than 40$ to the company.
Sorry for being off topic in "Offline", but I think there is at least a tangential relation here to the actual topic.

By the sounds of it, the current generation is comprehensively
cracked. The industry is bound to respond, and it may be amusing
to try and predict that response. I'll ask the salesman today, when
I go to buy my first DVD :)

One easy "fix" is to not license a "next generation" to software
suppliers. Having a software DVD player does make it a lot
easier to reverse engineer than hardware. A further improvement
would be to develop a combined decrypting-analogue chip that
took a stream in and provided the video/audio out. Once all the
action occurs within a single chip, this will make matters harder,
as all that is available is plaintext and cyphertext. Especially if
they start using real keylengths.

If the chip was also supplied directly by the consortium, then there
is no reason for the muliple licensees to participate in the key
management. Which makes for less mistakes.

You would still have the single key break problem, so atom-scraping
the chip would be worth someone's while. As there is a single
distribution it is hard to get around that issue.

Further down the line, you might see DVD machines hooked to the net,
in which case they could dynamically request the key on supply of
some meatspace put-em-in-jail hook. That still wouldn't solve the
problem, as it just raises the cost of the hack to how hard that protocol
makes things.

Another possibility is to sell them for much cheaper. If official DVDs
cost a buck, who'd bother with the pirate? At the current price of $20
or more, they are at the point where it is tempting for bored compsci
students to give it a go.

Video on DVD copying won't be a significant issue until
  A) DVD-R recorders come out (next summer apparently,) and
  B) DVD-R media price goes under $10, even more so under $5.

If the DVD content creators have enough leverage in their contracts with the DVD device&media manufacturers to keep media prices high, they can make the copying/piracy issue practically irrelevant by manipulating or taxing the cost of media (or secondarily, read/write devices). But DVD will then never supplant CD-R(W) as a data storage medium.

I'd be very interested in knowing exactly what the terms are for the apparently-secret legal contracts that tie together the DVD content owners and DVD device manufacturers.

Anyway, back to the subject- implications for DVD. Assuming there aren't any useful penalty clauses in that contract for restricting DVD technology adoption once the "CSS cat is out of the bag", the content producers could also threaten to jerk all their content now, forcing media/device manufacturers to sign new contracts that will keep the media price high (a "sign or we kill the baby" move.) While drastic, they don't have to delay DVD media price drops forever; just to slow the rate of price drops for 2-4 more years so that there's time to roll out a DVD successor.

Which brings us to my final point. No matter whether any of the above things come to pass, clearly the DVD-crack substantially increases pressure on the content producers to get the post-DVD SDMI watermarking technology in place, as soon as possible. (With any luck, they'll rush through SDMI and get details of it wrong too!)

  --Greg

P.S. DV isn't the last word in video, BTW. I won't be using it in 30 years (unlike CDs), I guarantee you. Why? Lousy resolution. DVD's TV-resolution is about 640x480. My PC does 1600x1200. Film screens are around 4000x4000. So I'm not making any of my permanent archival video stuff in "lousy" DVD. Higher resolutions will be enough for both content producers and device manufacturers to sell a post-DVD upgrade cycle of devices and media and content. In my book, DVD is an 8-track.

Nobody has commented on how this might intersect with the MPAA's push to try to get PC lockouts added into 5C/DTCP [1].

At first glance, I'd say that it moots the MPAA's demands, at least for the moment. I rather doubt that the guys writing unauthorized DVD rippers are going to incorporate 5C. In fact, I can't imagine that their NDA for the 5C technical specs would even be accepted.

[1] http://tbtf.com/blog/1999-10-24.html#9

This is definitely going to raise the stakes on the SDMI negotiations going on at the moment. It also raises the credibility of the 'paradigm shift' argument being made by the vocal minority there, the basis of which is that commercial music should adopt the same economic model as other mass-delivery information systems like TV programs and print media which removes the motivation for piracy. Example: Yes, you could pirate a newspaper, but what would be the point? It would probably cost more to photocopy than to buy your own copy. Yes, you can pirate commercial TV, but it comes 'free' over the air anyway.

Incidentally, I also regard DVD as a short-lived transitional format. It's marginally better than SVHS videotape, about on par with the old Laserdisc analog format (but with considerable economic and ergonomic advantages over LD). It seems that the major commercial push initially was on the basis of piracy resistance and durability in consumer hands. Now that CD R/W drives are common and DVD R/W drives loom on the near horizon, MPAA see it only as another threat to their proprietary profits.

Frankly, I think the longer that both the music and film/video industries fail to 'get with it' technically, the more likely that they'll be completely supplanted by some newer distribution channel, be it legal or otherwise. Joe Consumer accepts videotape because it's out there and it performs adequately on the playback hardware in the living room. When NTSC TV goes away, videotapes are going to look awful on HDTV sets. If MPAA drag their feet too much hoping for some 'unbreakable' copy-protection scheme, and fail to bless a format with at least HDTV broadcast resolution, they'll find a market-driven piracy solution for HD Video has landed in US households just as MP3 has. And with the increasing number of desktop PC's in households (50% in US according to Gates at Fall COMDEX), it's only going to get worse if you're a proprietary data format pusher.

Unfortunately, the media coverage is disturbingly wrong and this case
illustrates the lack of checking journalists do before copying news from
other sources. I don't know who badmouthed Xing in the first place, but
as an outside witness I would like to tell the world what really
happened.

The round-up is this:

  1. It is difficult (next to impossible) to copyright digital content.
     So the film industry decided to implement a copy protection scheme
     (it does not matter if it works or not) and legally protect that.
     Then, if anyone copies a DVD, they can sue him on violating the
     copy protection rights.
  2. Like most clueless consortia, they did not ask an expert but
     defined their own encryption. This should remind everyone of the
     spectacular failures that previous consortia suffered with this
     strategy (notably the GSM mobile telephony "encryption" and the
     pay TV standards). Actually there is a conspiracy theory that the
     film industry deliberately made the standard weak so they more
     people would break it and they could get more money out of the
     combined lawsuits. An interesting side-note is that they actually
     _did_ ask an expert (at least one expert, the Intel security
     officer who designed the DVD key exchange with the 409 player
     keys). That expert told them that their cryptography was weak and
     they did not listen to him.
  3. The algorithm was proprietary and unpublished. But once software
     players can decrypt the DVD you can read the decryption key and
     binary code from your computer's RAM and look at it. It is vital
     to understand that no amount of obfuscation or "encryption" can
     prevent this. If the computer can decrypt the DVD, the decryption
     code must be visible to the processor and then it is also visible
     to the attacker. To blame the DVD crack on Xing shows an amazing
     amount of incompetence. Xing probably is the party with the least
     "guilt" (if you can talk about guilt in the first place).
  4. Some warez cracker group disassembled the decryption code gleaned
     from the Xing player and decompiled it back to C code. This C code
     was anonymously published around the world. Among others, the
     mailing list of the Linux DVD development effort was one of the
     recepients.
  5. A cryptographer got hold of this code and wrote a program that
     would crack the code by trying all the keys within a single day.
     That program would crack a key in at most 17 hours, that is after
     8.5 hours average running time it would have found the key. This
     is notable because it shows just how bad the encryption is. The
     DES crack took eight days on 40 machines, this crack takes 8.5
     hours on one machine. And DES is nowadays regarded as too weak
     because of that.
  6. The next day the same cryptographer had found and implemented an
     attack that would find a key within a fraction of a second if you
     know 6 bytes of decrypted output.
  7. It was later found that the attack can be enhanced to work with 5
     known output bytes. These 5 bytes are known if you watch an
     encoder successfully decrypt a DVD! The new attack takes 5
     seconds.
  8. The DVD encryption works like this: each DVD is encrypted with a
     randomly generated session key. This key is encrypted with 408
     different "player keys", each of the encrypted keys are stored in a
     sector on the DVD. Each player vendor must have registered with
     the DVD consortium and received a player key. It can then decrypt
     all the encrypted session keys with its player key and check if it
     got the right one against a hash value that is also stored on disk.
     The rationale is that, if a player key is compromised, you can
     fabricate future DVDs without the session key with that player key,
     i.e. you can retract keys.
  9. 5 seconds and 408 keys means that you can decrypt all player keys
     in about 30 minutes. The next day someone published "a few hundred
     random numbers" with the comment that the generation took 30
     minutes. That means that CSS has been completely broken. This was
     the event that caused the DVD consortium to unleash their lawyers.
     If the DVD consortium would replace all the player keys on future
     DVDs, then it would only take another 30 minutes to break them all,
     and all the people who have bought DVD players from Sony,
     Panasonic, whatever, would have to bring them in for replacement.
 10. The absolute killing stroke was delivered the next day when it was
     found out that you can retrieve the session key just by using the
     hash value that players use for verification in a mere 20 seconds!
     That is even if the DVD consortium would change the DVD player keys
     every few months, CSS would still be broken, and there would even
     be no manual intervention when someone needs to invest the 30
     minutes of CPU time to crack all the player keys.

Conclusion: CSS is amazingly weak. They did almost everything wrong.
The only thing they did right was the retraction scheme for DVD player
keys. I couldn't point at any other thing that they could have done
worse than they already did.

What I find the very worrisome about this is that the consumer has to
pay all the money that was wasted on devising and implementing CSS. And
now the film industry is hunting the wrong people with their lawyers.
The reverse engineers posted the stuff anonymously, so the lawyers are
going after the Linux developers who had nothing to do with the whole
issue besides that it was posted on their mailing list.


It is interesting to note that the code came from different players.
While the player key came from the Xing player, the authentication code
came from another player, rumours say it was the Cinemaster player, and
the CSS code comes from an unknown player. At any time there were at
least 5 teams working on extracting the code from different players.

This was _not_ just some kid stumbling upon on a weakly encrypted Xing
key as the media reported.

Felix

Actually I aggree with Prodeep( or whatever the name :), sorry ). But to another point, though...

On the point, it's all about profit 'n stuff... And jsut because some "patents" seem obvious doesn't mean they're obvious, at all. Being a compsci guy, well, maybe 1/2 cracker ( for some fun ), I'm still bother with that. Though it involves techno issues, the eco stuff are pretty obvious ( did somebody scream "patents" ?)

As stated by many writer on the net ( as far as I've seen, over 100, but that's just me ), the points are:
- Cost and benefit ( those include cost'n benefit of both the industry and authors', as well as consumers' )
- Conspiracy revolving C 'n B.
- 'til when they start another standard.(???)

It's a shame we're discussing something that does not help the issues at all, no matter how devoted we are. So why we keep discussing...

I, for one, desperately want to make a great voice out of the community, but couldn't. So are the majority of us. The hope can only come in the form of a certified individual/organisation that take the responsibility to speak our common voice. Anybody?? Well, not until a big-mouthed, famed jounalist joins us...
-(sorry, this will amuse most of the people here, so I beg to be anonymous)