Grandmaster
20-04-2006, 12:15
Interesting article over on IGN (http://uk.gear.ign.com/articles/702/702074p1.html).
It would appear that HDCP is far less secure than has been previously known. Essentially it is a quest to discover the 1600 number key, and then the whole protection system folds like a card table.
Interestingly, 'DVD Jon' - the man who broke DVD's CSS system and won his numerous court cases against Hollywood's big guns, has cracking HDCP as his next target.
Read on...
Jon Lech Johansen, the Norwegian hacker who famously developed DeCSS software that broke open the original CSS DVD encryption, has publicly pledged to fight HDCP and AACS in a similar fashion, and engineers and knowledgeable users around the world are rallying to uphold their rights of fair-use. While Hollywood has scoffed at hackers' pronouncements in the past, recent news may put the studios in a very weak position.
Last week, Princeton mathematics professor Ed Felten published a relatively practical examination and groundwork for the manner in which HDCP will be cracked. While it has been publicly known since 2001 that the HDCP encryption scheme is flawed, thanks to the work and academic paper "A Cryptanalysis of the High-Bandwidth Digital Content Protection System" produced by Scott Crosby et al, Felton's post details in simplified math and practical terms the inevitability of the system being broken.
What Professor Felten makes clear is the fact that, due to obvious flaws in the HDCP encryption scheme, HDCP will not simply be cracked or bypassed, but entirely owned. The entire HDCP system relies upon a secret set of 1600 special numbers that form a 40-by-40 matrix. If these numbers are discovered, every conceivable HDCP license key can be produced. According to Professor Felten, this is "virtually certain" to happen in the next couple of years.
The general (and rather simplified) concept of HDCP copy-protection involves a handshake between two compliant devices. Each device has a private value and a public value. When two devices communicate, they exchange their public values. Each device combines its own private value with its partner's public value, creating a secret key. The critical flaw in the system is the fact that the public and private values are combined using simple addition. Because all the mathematics involved are linear and rather simple, an attacker could generate a straightforward series of equations that will eventually solve for each device's secret value.
According to Professor Felten, once the secret values of 40 HDCP devices are discovered, the entire 40-by-40 matrix of special numbers that make HDCP encryption work will be reverse-engineered and the entire system will be broken. Once this is accomplished, it will be a simple task to produce dongle-attachments that will allow HDCP protected information to be tricked into working with non-compliant hardware.
It would appear that HDCP is far less secure than has been previously known. Essentially it is a quest to discover the 1600 number key, and then the whole protection system folds like a card table.
Interestingly, 'DVD Jon' - the man who broke DVD's CSS system and won his numerous court cases against Hollywood's big guns, has cracking HDCP as his next target.
Read on...
Jon Lech Johansen, the Norwegian hacker who famously developed DeCSS software that broke open the original CSS DVD encryption, has publicly pledged to fight HDCP and AACS in a similar fashion, and engineers and knowledgeable users around the world are rallying to uphold their rights of fair-use. While Hollywood has scoffed at hackers' pronouncements in the past, recent news may put the studios in a very weak position.
Last week, Princeton mathematics professor Ed Felten published a relatively practical examination and groundwork for the manner in which HDCP will be cracked. While it has been publicly known since 2001 that the HDCP encryption scheme is flawed, thanks to the work and academic paper "A Cryptanalysis of the High-Bandwidth Digital Content Protection System" produced by Scott Crosby et al, Felton's post details in simplified math and practical terms the inevitability of the system being broken.
What Professor Felten makes clear is the fact that, due to obvious flaws in the HDCP encryption scheme, HDCP will not simply be cracked or bypassed, but entirely owned. The entire HDCP system relies upon a secret set of 1600 special numbers that form a 40-by-40 matrix. If these numbers are discovered, every conceivable HDCP license key can be produced. According to Professor Felten, this is "virtually certain" to happen in the next couple of years.
The general (and rather simplified) concept of HDCP copy-protection involves a handshake between two compliant devices. Each device has a private value and a public value. When two devices communicate, they exchange their public values. Each device combines its own private value with its partner's public value, creating a secret key. The critical flaw in the system is the fact that the public and private values are combined using simple addition. Because all the mathematics involved are linear and rather simple, an attacker could generate a straightforward series of equations that will eventually solve for each device's secret value.
According to Professor Felten, once the secret values of 40 HDCP devices are discovered, the entire 40-by-40 matrix of special numbers that make HDCP encryption work will be reverse-engineered and the entire system will be broken. Once this is accomplished, it will be a simple task to produce dongle-attachments that will allow HDCP protected information to be tricked into working with non-compliant hardware.