"We observe that attackers can exploit a well-known cryptographic design mistake: the shared secret generation is entirely linear. The attack only needs 40 public/private key pairs such that the public key pairs span M ⊂ (Z/256Z)40, the module generated by all public keys. Since HDCP devices divulge their public keys freely, one can easily test whether a set of 40 devices have public keys spanning M before expending the effort to extract their private keys. With these keys, the authority’s secret can be recovered in only a few seconds on any desktop computer."
Edited to add the next paragraph (paper was published in 2001):
"The consequence of these flaws is that, after recovering the private keys of 40 devices, we can attack every other interoperable HDCP device in existence: we can decrypt eavesdropped communications, spoof the identity of other devices, and even forge new device keys as though we were the trusted center. Note that this allows us to bypass any revocation list or “blacklisting”: such mechanisms are rendered completely ineffective by these flaws in HDCP. Therefore we recommend that the current HDCP cryptosystem should be abandoned and replaced with standard cryptographic primitives."
Therefore we recommend that the current HDCP cryptosystem should be abandoned and replaced with standard cryptographic primitives.
So does this mean that all new equipment will quickly switch to DisplayPort, necessitating another round of TV/monitor upgrades? Or will the HDMI organization add DPCP (AES) to the HDMI standard?
[Edit: it was mentioned elsewhere* in the thread that HDCP 2.0 uses AES]
For those not quite that curious, if you've ever tried to watch a Blu-Ray movie on your computer, and gotten an error about it being restricted from playing back on your display; there's a good chance that is because of HDCP.
If this is true (and there isn't really a good reason to believe that it isn't), this is pretty bad news for the content industry.
Blu-Ray on Windows is the single most user-hostile computing experience I've ever had. I stopped buying/renting blu-ray movies because I didn't feel like rebooting 3 times every time I wanted to play a disc, with the software treating me like a criminal the whole time.
Blu-Ray on standalone Blu-Ray players is the single most user-hostile entertainment experience I've had.
My Samsung BD-P1590 has had new fewer than 4 firmware updates, the last of which actually caused the player to crash on most of the Blu-Ray movies I try to watch. I rent from Netflix and I have literally had to rip the movie and stream it to my XBMC box in order to watch the movie because it wouldn't play on my Blu-Ray player.
Secondly, I've had to completely disable BD-Live because when the disc has those lame downloadable previews, it takes several minutes of just sitting at a spinning wheel or lame icon with nothing (apparently) happening. If I'm lucky the preview will download and play, but 90% of the time, the player just stays like that forever and the only button that works on the remote is Power.
Lastly, the unskippable previews really piss me off. I know that DVD had this as well, but it's seriously annoying that it takes 5+ minutes just to get to the menu to watch a movie. Many times I do sit and watch the previews while popcorn is popping or the wife isn't ready to watch yet, but when I want to skip them, I really should be able to.
So, despite the fact that I try to watch movie the authorized way, most of the time I find it easier to rip/stream the movie from a BD-ROM with XMBC than to actually use my Blu-Ray player.
I really feel bad for the non-techies that have to deal with all this mess without being able to find sneaky workarounds to get it to work properly.
I bought my first Blue-Ray the other day and the experience was terrible, I put the disk in and nothing happened.. I tried to play it in windows media center, no ball.. not in VLC.. there was no player included on the disk.
I had to download a 300meg trial of PowerDVD just to play a film I'd already paid for (I also had to update my graphics card for some reason, the computer had been playing HD content for months without needing that).
I've had nothing but trouble with HDCP. I've used HDMI matrix switches to transport a video signal around the house. 40% of the time I get the HD snowstorm so have to reboot the TV to attempt a second handshake. This gives a low Wife Approval Factor. I believe they should stop torturing the paying punters, like me, and just be happy with the majority who pay and not the minority that don't. Also, before someone mentions the x billion lost per year, I doubt maybe the 100,000 that downloaded 'The Bounter Hunter' would of seriously bought it.
Also, before someone mentions the x billion lost per year
It's bizarre. Imagine a job where my customer complains about how ineffective my product is yet continues to shovel money at me. Wait, even worse, my product makes their customers miserable and yet they still shovel money at me. It sort of sounds like the business model of a crack dealer.
The comments so far are just about HDCP, Blu-Ray and playback difficulties.
The paste however contains the key matrix used to encrypt and decrypt the digital video signal. If this is valid, every transmission between a HDCP-secured playback device and the display can be decrypted, thus rendering every other encryption method, used in the playback chain, useless, including AACS and BD+.
This is serious, because the keys for AACS can be revoked, if compromised. HDCP keys however can't be revoked.
It doesn't completely render BD+ useless, as BD+ can be used to watermark the video signal according to the player model (and hypothetically other variables, like location, IP address, or player serial number). So, to avoid identification, pirates would need to crack BD+, or combine the output from multiple players to obscure the watermarking.
Another problem with cracking the transport instead of the storage medium, is that to rip from HDMI you have to play the movie at normal speed, while ripping straight from disc can be done much faster.
Worth noting (again, assuming this is credible): Version 2.0 of HDCP is likely not affected.
According to their FAQ: http://www.digital-cp.com/faqs
"HDCP revision 2.0 uses industry-standard public-key RSA authentication and AES 128 encryption. It also supports protection of compressed content, making it feasible to use relatively slow 50 to 200 Mbps interfaces."
... and ...
"HDCP 1.x technology offers protection for uncompressed content transmitted over several common wired interfaces including DVI, HDMI and DisplayPort. HDCP revision 2.0 adds strengthened encryption..."
"The wireless interfaces which utilize HDCP revision 2.0 so far include: Digital Interface for Video and Audio (DiiVA), NetHD, Wireless Home Digital Interface (WHDI), and Wireless HD (WiHD)."
Maybe it'd work better for folks like me who shop at big&tall stores... We have the perfect body for this t-shirt. Finally, all my McDonald's days are about to pay off!
I was a minor participant in the tvtime project years ago. HDMI and HDCP came around and made that kind of thing highly improbable for HD content. CPUs and GPUs are now at speeds that make advanced HD video manipulation practical. I hope this HDCP crack, if verified, makes a tvtime-like application for HDMI video possible. Better yet, a PC-based realtime compositing and overlay system, requiring only a $100 GeForce GPU and HDMI capture cards.
Credibility is less because it was posted anonymously as a dump of hex to paste-bin, therefore eliminating any authority that would come if this person was a well-known security researcher. If the author had credibility and wanted to use his/her reputation to make the post more credible, he'd have the pleasure of a herd of lawyers and law enforcement at his door, assuming that he lives in a country with anti-circumvention laws. So his only choice is to keep it to himself or post anonymously, taking away any credibility that comes with authority in a subject.
Regardless, someone will test this soon enough and determine if this non-credible post is credible or just a creative bunch of social engineering. That it's garnered this much attention this quickly (take a look at your major social news sites ... and tech blogs) should scare industry insiders. The mere HOPE that some random posting on pastebin would topple HDCP and bring a possible end to device interoperability would get this much attention truly highlights what a dismal mess HDCP is. If it's The Real Thing(tm), we'll know when the master key is used to generate a random device key and 80% of the time the signal is decrypted properly without having to turn both devices off and back on.
And if it is true, I hope our friend that posted it took some pretty serious precautions to protect his own anonymity.
That's the wonderful thing about math. You can verify its correctness without reference to anybody's reputation or personal opinion. Indeed, that's pretty much the definition of math.
[+] [-] js2|15 years ago|reply
http://www.cs.rice.edu/~scrosby/pubs/hdcppaper.ps
http://www.cypherpunks.ca/~iang/pubs/hdcp-drm01.pdf
Here's the fun bit:
"We observe that attackers can exploit a well-known cryptographic design mistake: the shared secret generation is entirely linear. The attack only needs 40 public/private key pairs such that the public key pairs span M ⊂ (Z/256Z)40, the module generated by all public keys. Since HDCP devices divulge their public keys freely, one can easily test whether a set of 40 devices have public keys spanning M before expending the effort to extract their private keys. With these keys, the authority’s secret can be recovered in only a few seconds on any desktop computer."
Edited to add the next paragraph (paper was published in 2001):
"The consequence of these flaws is that, after recovering the private keys of 40 devices, we can attack every other interoperable HDCP device in existence: we can decrypt eavesdropped communications, spoof the identity of other devices, and even forge new device keys as though we were the trusted center. Note that this allows us to bypass any revocation list or “blacklisting”: such mechanisms are rendered completely ineffective by these flaws in HDCP. Therefore we recommend that the current HDCP cryptosystem should be abandoned and replaced with standard cryptographic primitives."
[+] [-] nitrogen|15 years ago|reply
So does this mean that all new equipment will quickly switch to DisplayPort, necessitating another round of TV/monitor upgrades? Or will the HDMI organization add DPCP (AES) to the HDMI standard?
[Edit: it was mentioned elsewhere* in the thread that HDCP 2.0 uses AES]
* http://news.ycombinator.com/item?id=1691794
[+] [-] m0nastic|15 years ago|reply
For those not quite that curious, if you've ever tried to watch a Blu-Ray movie on your computer, and gotten an error about it being restricted from playing back on your display; there's a good chance that is because of HDCP.
If this is true (and there isn't really a good reason to believe that it isn't), this is pretty bad news for the content industry.
[+] [-] nimai|15 years ago|reply
[+] [-] oomkiller|15 years ago|reply
[+] [-] ra|15 years ago|reply
[+] [-] seldo|15 years ago|reply
[+] [-] Osiris|15 years ago|reply
My Samsung BD-P1590 has had new fewer than 4 firmware updates, the last of which actually caused the player to crash on most of the Blu-Ray movies I try to watch. I rent from Netflix and I have literally had to rip the movie and stream it to my XBMC box in order to watch the movie because it wouldn't play on my Blu-Ray player.
Secondly, I've had to completely disable BD-Live because when the disc has those lame downloadable previews, it takes several minutes of just sitting at a spinning wheel or lame icon with nothing (apparently) happening. If I'm lucky the preview will download and play, but 90% of the time, the player just stays like that forever and the only button that works on the remote is Power.
Lastly, the unskippable previews really piss me off. I know that DVD had this as well, but it's seriously annoying that it takes 5+ minutes just to get to the menu to watch a movie. Many times I do sit and watch the previews while popcorn is popping or the wife isn't ready to watch yet, but when I want to skip them, I really should be able to.
So, despite the fact that I try to watch movie the authorized way, most of the time I find it easier to rip/stream the movie from a BD-ROM with XMBC than to actually use my Blu-Ray player.
I really feel bad for the non-techies that have to deal with all this mess without being able to find sneaky workarounds to get it to work properly.
[+] [-] thehodge|15 years ago|reply
I had to download a 300meg trial of PowerDVD just to play a film I'd already paid for (I also had to update my graphics card for some reason, the computer had been playing HD content for months without needing that).
That will be the last Blue-Ray disk I buy..
[+] [-] sofuture|15 years ago|reply
[+] [-] grk|15 years ago|reply
[+] [-] flannell|15 years ago|reply
[+] [-] reduxredacted|15 years ago|reply
It's bizarre. Imagine a job where my customer complains about how ineffective my product is yet continues to shovel money at me. Wait, even worse, my product makes their customers miserable and yet they still shovel money at me. It sort of sounds like the business model of a crack dealer.
[+] [-] js4all|15 years ago|reply
The paste however contains the key matrix used to encrypt and decrypt the digital video signal. If this is valid, every transmission between a HDCP-secured playback device and the display can be decrypted, thus rendering every other encryption method, used in the playback chain, useless, including AACS and BD+.
This is serious, because the keys for AACS can be revoked, if compromised. HDCP keys however can't be revoked.
[+] [-] nitrogen|15 years ago|reply
Another problem with cracking the transport instead of the storage medium, is that to rip from HDMI you have to play the movie at normal speed, while ripping straight from disc can be done much faster.
[+] [-] bdonlan|15 years ago|reply
[+] [-] reduxredacted|15 years ago|reply
According to their FAQ: http://www.digital-cp.com/faqs "HDCP revision 2.0 uses industry-standard public-key RSA authentication and AES 128 encryption. It also supports protection of compressed content, making it feasible to use relatively slow 50 to 200 Mbps interfaces."
... and ...
"HDCP 1.x technology offers protection for uncompressed content transmitted over several common wired interfaces including DVI, HDMI and DisplayPort. HDCP revision 2.0 adds strengthened encryption..."
[+] [-] wmf|15 years ago|reply
In other words, no equipment that anyone has.
[+] [-] audidude|15 years ago|reply
[+] [-] daychilde|15 years ago|reply
[+] [-] Maakuth|15 years ago|reply
[+] [-] nitrogen|15 years ago|reply
[+] [-] bcl|15 years ago|reply
[+] [-] wmf|15 years ago|reply
[+] [-] andybak|15 years ago|reply
[+] [-] nash|15 years ago|reply
Hence the master key pretty much kills it all.
[+] [-] b3b0p|15 years ago|reply
I don't think this does anything for Blu-ray as it has it's own encryption scheme.
Edit: Oops, I see someone mentioned this already. Missed that comment.
[+] [-] uuoc|15 years ago|reply
http://boingboing.net/2010/02/18/infographic-buying-d.html
[+] [-] toodoo|15 years ago|reply
[+] [-] yock|15 years ago|reply
[+] [-] reduxredacted|15 years ago|reply
Credibility is less because it was posted anonymously as a dump of hex to paste-bin, therefore eliminating any authority that would come if this person was a well-known security researcher. If the author had credibility and wanted to use his/her reputation to make the post more credible, he'd have the pleasure of a herd of lawyers and law enforcement at his door, assuming that he lives in a country with anti-circumvention laws. So his only choice is to keep it to himself or post anonymously, taking away any credibility that comes with authority in a subject.
Regardless, someone will test this soon enough and determine if this non-credible post is credible or just a creative bunch of social engineering. That it's garnered this much attention this quickly (take a look at your major social news sites ... and tech blogs) should scare industry insiders. The mere HOPE that some random posting on pastebin would topple HDCP and bring a possible end to device interoperability would get this much attention truly highlights what a dismal mess HDCP is. If it's The Real Thing(tm), we'll know when the master key is used to generate a random device key and 80% of the time the signal is decrypted properly without having to turn both devices off and back on.
And if it is true, I hope our friend that posted it took some pretty serious precautions to protect his own anonymity.
[+] [-] mechanical_fish|15 years ago|reply
[+] [-] ra|15 years ago|reply
[+] [-] unknown|15 years ago|reply
[deleted]