[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) FC: Dutch crypto whiz broke dig-vid scheme -- but won't publish?

To: debate@lists.fitug.de
Subject: [FYI] (Fwd) FC: Dutch crypto whiz broke dig-vid scheme -- but won't publish?
From: "Axel H Horns" <horns@ipjur.com>
Date: Wed, 15 Aug 2001 10:35:03 +0200
CC: krypto@thur.de


------- Forwarded message follows -------
Date sent:      	Tue, 14 Aug 2001 16:50:13 -0400
To:             	politech@politechbot.com
From:           	Declan McCullagh <declan@well.com>
Subject:        	FC: Dutch crypto whiz broke dig-vid scheme -- but won't publish?
Copies to:      	niels@ferguson.net
Send reply to:  	declan@well.com

Description of the "High-Bandwidth Digital Content Protection" scheme:

http://www.dvddemystified.com/dvdfaq.html#1.11
>The HDCP key exchange process verifies that a receiving device is
>authorized to display or record video. It uses an array of forty
>56-bit secret device keys and a 40-bit key selection vector -- all
>supplied by the HDCP licensing entity... Once the authority of the
>receiving device has been established, the video is encrypted by an
>exclusive-or operation with a stream cipher generated from keys
>exchanged during the authentication process. If a display device with
>no decryption ability attempts to display encrypted content, it
>appears as random noise.

This may be the spec itself, though I couldn't actually get to it:
http://www.ddwg.org/data/dvi_10.pdf

More background on HDCP:
http://www.wired.com/news/print/0,1294,41045,00.html
>The content is encrypted with a High Definition Copy Protection
>(HDCP) system JVC developed that is similar in function to the
>Content Scrambling System (CSS) on a DVD. The HDCP system can't be
>broken, however, because only high definition sets will have the HDCP
>decoder, according to Dan McCarron, national product specialist in
>JVC's color TV division... DVI ports on PCs will not have the HDCP
>decoder, so PCs can't be used to break HDCP like it did with CSS.

-Declan

*******

Date: Tue, 14 Aug 2001 13:18:26 -0700
From: Gabriel Rocha <grocha@neutraldomain.org>
To: Declan McCullagh <declan@well.com>

http://www.securityfocus.com/templates/article.html?id=236

Video crypto standard cracked?

    Noted cryptographer Niels Ferguson says he's broken Intel's
    vaunted HDCP Digital Video Encryption System, but fear of U.S. law
    is keeping him silent on the details.

    By Ann Harrison
    August 13, 2001 10:14 PM PT
    ENSCHEDE, NETHERLANDS--A Dutch cryptographer who claims to have
    broken Intel Corp.'s encryption system for digital video says he
    will not publish his results because he fears being prosecuted or
    sued under the Digital Millennium Copyright Act. Niels Ferguson
    announced last weekend that he has successfully defeated the
    High-bandwidth Digital Content Protection (HDCP) specification, an
    encryption and authentication system for the DVI interface used to
    connect digital cameras, high-definition televisions, cable boxes
    and video disks players. "An experienced IT person could recover
    the master key in two weeks given four standard PCs and fifty HDCP
    displays," said Ferguson. "The master key allows you to recover
    every other key in the system and lets you decrypt [HDCP video
    content], impersonate a device, or create new displays and start
    selling HDCP compatible devices." Ferguson, who announced his
    results at the Hackers At Large 2001 (HAL) security conference, is
    not providing details of how he defeated HDCP.

    [...]

   Intel has not threatened him in any way, says Ferguson. But he says
   he
    was informed by a lawyer from the San Francisco-based Electronic
    Frontier Foundation (EFF) that he could be sued or prosecuted
    under the DMCA for publishing his research, even on his own Web
    site. And if Intel chooses not to sue, Ferguson fears that the
    motion picture industry, whose movies are encrypted with HDCP, may
    haul him into court.

    [...]




----------------------------------------------------------------------
--- POLITECH -- Declan McCullagh's politics and technology mailing
list You may redistribute this message freely if you include this
notice. Declan McCullagh's photographs are at
http://www.mccullagh.org/ To subscribe to Politech:
http://www.politechbot.com/info/subscribe.html This message is
archived at http://www.politechbot.com/
----------------------------------------------------------------------
---

------- End of forwarded message -------

Prev by Date: Re: [FYI] Mit dem Niedergang von Napster sinken auch die CD-Verkäufe
Next by Date: Re: [FYI] (Fwd) FC: Dutch crypto whiz broke dig-vid scheme -- butwon't publish?
Prev by thread: Re: [FYI] Mit dem Niedergang von Napster sinken auch die CD-Verkäufe
Next by thread: Re: [FYI] (Fwd) FC: Dutch crypto whiz broke dig-vid scheme -- butwon't publish?
Index(es):
- Date
- Thread