[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] (Fwd) FC: Dutch crypto whiz broke dig-vid scheme -- but won't publish?
- To: debate@lists.fitug.de
- Subject: [FYI] (Fwd) FC: Dutch crypto whiz broke dig-vid scheme -- but won't publish?
- From: "Axel H Horns" <horns@ipjur.com>
- Date: Wed, 15 Aug 2001 10:35:03 +0200
- CC: krypto@thur.de
------- Forwarded message follows -------
Date sent: Tue, 14 Aug 2001 16:50:13 -0400
To: politech@politechbot.com
From: Declan McCullagh <declan@well.com>
Subject: FC: Dutch crypto whiz broke dig-vid scheme -- but won't publish?
Copies to: niels@ferguson.net
Send reply to: declan@well.com
Description of the "High-Bandwidth Digital Content Protection" scheme:
http://www.dvddemystified.com/dvdfaq.html#1.11
>The HDCP key exchange process verifies that a receiving device is
>authorized to display or record video. It uses an array of forty
>56-bit secret device keys and a 40-bit key selection vector -- all
>supplied by the HDCP licensing entity... Once the authority of the
>receiving device has been established, the video is encrypted by an
>exclusive-or operation with a stream cipher generated from keys
>exchanged during the authentication process. If a display device with
>no decryption ability attempts to display encrypted content, it
>appears as random noise.
This may be the spec itself, though I couldn't actually get to it:
http://www.ddwg.org/data/dvi_10.pdf
More background on HDCP:
http://www.wired.com/news/print/0,1294,41045,00.html
>The content is encrypted with a High Definition Copy Protection
>(HDCP) system JVC developed that is similar in function to the
>Content Scrambling System (CSS) on a DVD. The HDCP system can't be
>broken, however, because only high definition sets will have the HDCP
>decoder, according to Dan McCarron, national product specialist in
>JVC's color TV division... DVI ports on PCs will not have the HDCP
>decoder, so PCs can't be used to break HDCP like it did with CSS.
-Declan
*******
Date: Tue, 14 Aug 2001 13:18:26 -0700
From: Gabriel Rocha <grocha@neutraldomain.org>
To: Declan McCullagh <declan@well.com>
http://www.securityfocus.com/templates/article.html?id=236
Video crypto standard cracked?
Noted cryptographer Niels Ferguson says he's broken Intel's
vaunted HDCP Digital Video Encryption System, but fear of U.S. law
is keeping him silent on the details.
By Ann Harrison
August 13, 2001 10:14 PM PT
ENSCHEDE, NETHERLANDS--A Dutch cryptographer who claims to have
broken Intel Corp.'s encryption system for digital video says he
will not publish his results because he fears being prosecuted or
sued under the Digital Millennium Copyright Act. Niels Ferguson
announced last weekend that he has successfully defeated the
High-bandwidth Digital Content Protection (HDCP) specification, an
encryption and authentication system for the DVI interface used to
connect digital cameras, high-definition televisions, cable boxes
and video disks players. "An experienced IT person could recover
the master key in two weeks given four standard PCs and fifty HDCP
displays," said Ferguson. "The master key allows you to recover
every other key in the system and lets you decrypt [HDCP video
content], impersonate a device, or create new displays and start
selling HDCP compatible devices." Ferguson, who announced his
results at the Hackers At Large 2001 (HAL) security conference, is
not providing details of how he defeated HDCP.
[...]
Intel has not threatened him in any way, says Ferguson. But he says
he
was informed by a lawyer from the San Francisco-based Electronic
Frontier Foundation (EFF) that he could be sued or prosecuted
under the DMCA for publishing his research, even on his own Web
site. And if Intel chooses not to sue, Ferguson fears that the
motion picture industry, whose movies are encrypted with HDCP, may
haul him into court.
[...]
----------------------------------------------------------------------
--- POLITECH -- Declan McCullagh's politics and technology mailing
list You may redistribute this message freely if you include this
notice. Declan McCullagh's photographs are at
http://www.mccullagh.org/ To subscribe to Politech:
http://www.politechbot.com/info/subscribe.html This message is
archived at http://www.politechbot.com/
----------------------------------------------------------------------
---
------- End of forwarded message -------