Support NeoGAF

[Nerevar]

from slashdot ....

ACS, the proposed key management scheme for HD DVD, has finally released preliminary (ver 0.9) specifications. The specs look like CSS on steroids: they use AES instead of proprietary crypto, but other than that they're basically the same. The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player

Don't be surprised if that brand new HD movie player you bought stops playing new movies because some Norweigan student for some insane reason decided he had the right to watch his movies on a Linux box rather than shelling out $150 for proprietary software.


All in all, I hope this happens and some class-action lawsuits come down on the major studios and manufacturing companies. I'm in favor of digital rights, but allowing them to stop your player from working because someone else hacked theirs? You're going to have some very unhappy non-technical people when they buy the new Pixar movie and it won't work on their player.

 

[The Faceless Master]

would that even be a feasible option?

i mean, what company would want their movies to not sell to people who owned a certain player?

 

[Nerevar]

would that even be a feasible option?

i mean, what company would want their movies to not sell to people who owned a certain player?

the logic is that once a player becomes compromised, it can then be used to extract the raw movie data and redistributed electronically or have pirate copies made. Movie studios want to be able to "shut out" that player so that new movies can't be copied with it. Fucks the consumer over, but hey, what do they care?

 

[WedgeX]

Sooo basically, they want to completely ignore the VCR precedent that was set by Sony v. Universal?

Jerks.

 

[darscot]

This will never happen it's not even physically possible. How are they going to shutdown a model and why would they?

 

[shuri]

Can you imagine the lawsuits from the blocked companies?

 

[WedgeX]

Can you imagine the lawsuits from the blocked companies?

There already was one, in Sony v. Universal back in the 80's.

From Wiki http://en.wikipedia.org/wiki/Sony_Corp._v._Universal_City_Studios

Sony Corp. of America v. Universal City Studios, Inc. 464 U.S. 417 (1984) (Docket Number: 81-1687), also known as the "Betamax case", was a decision by the Supreme Court of the United States which ruled that the making of individual copies of complete television shows for personal use does not constitute copyright infringement, but is fair use. The Court also ruled that the manufacturers of home video recording devices, such as Betamax or VCRs, cannot be liable for infringement. The case was a boon to the home video market as it created a legal safe haven for the technology, which also significantly benefited the entertainment industry through the sale of pre-recorded movies.

The broader legal consequence of the Court's decision was its establishment of a general test for determining whether a device with copying or recording capabilities ran afoul of copyright law. This test has created some interpretative challenges to courts in applying the case to more recent file sharing technologies available for use on home computers and over the internet.

 

[Nerevar]

This will never happen it's not even physically possible. How are they going to shutdown a model and why would they?

are you kidding me? It's part of the specification. That's the whole reason I made this post.

Basically, every HD DVD model will have a cryptographic private key embedded in the firmware. When the DVD is pressed, it will be pressed with a public-key version of every valid key in the keyspace (a key takes what, 1 kb? Even with 10,000 keys you're looking at a very small footprint on a 50-60 GB disc). Now, six months down the line, someone cracks that player and extracts the private key. They can now use a computer to decrypt the HD-DVD and get the raw movie data directly from the disc and make a perfect reproduction to either distribute via the internet or make pirate movies and sell. What can the company do? The next run of that movie (or any other movie made after that) has every valid key in that keyspace except for the one for your DVD player. Now your DVD player lacks the capability to decrypt that movie. You're fucked. You either have to get a new DVD player or accept that you won't play new movies. I don't know how this will mesh with consumer protection laws, but I expect it to get really ugly.

Wedge - the Betamax case is entirely different. Stop bringing it up. It was dealing with copying analog broadcast signals over the air for time sharing, and has no bearing on digital protected content. You need to remember that under the DMCA technically copying a CSS-protected DVD is a crime.

 

[darscot]

Now I see what you meant but it's still pointless. I thought you were saying they could some how magically kill your player with some kind of ECM. The stupidity of this still amazes me. If player X has been cracked whats the point of trying to tell it not to play in that player. It's been CRACKED they'll just change the ID of the player to one that hasn't been cracked. If they have a cracked the player they can read right of the disk what players are not allowed and return a different one. This kind of shit always makes me laugh.

One more thing the last thing a company is going to do is tell the world exactly what players have been hacked.

 

[Nerevar]

Now I see what you meant but it's still pointless. I thought you were saying they could some how magically kill your player with some kind of ECM. The stupidity of this still amazes me. If player X has been cracked whats the point of trying to tell it not to play in that player. It's been CRACKED they'll just change the ID of the player to one that hasn't been cracked. If they have a cracked the player they can read right of the disk what players are not allowed and return a different one. This kind of shit always makes me laugh.

One more thing the last thing a company is going to do is tell the world exactly what players have been hacked.

You miss a few key points:

1) You can't easily change the ID of the player. You would need to extract the EEPROM of your DVD player and replace it with the EEPROM of another player (as that is the hardware that contains the identy). And then you're back at square one - you need to extract the protected key from a different piece of hadware. It's pointless.

2) Everyone will know what DVD playes are cracked. It doesn't matter if the movie industry has a list of cracked players, because of course any player that is cracked will be on the net (hell, just go to www.videohelp.com right now for information on it). That information will be distributed anyway.r. Once the private key has been compromised, anyone can use it, which is why that player will no longer be able to decrypt the video stream.

3) Just because you have access to the public keys doesn't mean you know the private keys. I suggest you do some research on asymmetric encryption.

4) You're ignoring a potentially powerful part of this that Hollywood could try to enforce. Say you have a player, and you put in a disc that has the AACS encryption but your player can't play it. They could include something in the firmware that then permanently shuts down your player (as that has been "compromised") and not allow it to play anything protected. There's nothing stopping them from making that part of the firmware standard. Now there's no risk in having a publicly available list of cracked players.

 

[Zelda-Bitch]

Lame attempt at piracy control. No hope of working.

 

[darscot]

1. Oh no not the EEPROM how will anyone ever manage that. Giggles like mad scientist at dish on house.

2. Net nerds are not everyone. You ban a player from the next pixar movie and boom you on the evening news and now everybody knows. No compnay wants that kind of publicity.

3. Oh no not the keys how will anyone ever manage that. Giggles like mad scientist at dish on house.

4. Yadda, yadda, yadda. Sony pictures is going to shutdown a sony player? Not in this life time?

You can ease up with the sky is falling routine. They will always come with new ideas to protect digital media. Some will work for a while some will work for a long time but they all will fall its the nature of the beast. All it takes is one pissed off janitor and its all over.

 

[Nerevar]

darscot, no offense, but so far you have shown no understanding of how asymmetric encryption works. But, for short, if you have the public key for a product you have no information about the private key. You need both to encrypt or decrypt something. So once one player has been compromised you are not losing control of every key. So, yes, you can play old movies, but you can't play new ones. That's the basis for this technology, and it is very real. You can keep denying it all you want, but it's been put in the standard because the movie studios want to avoid exactly what happened to CSS (which is very similar to this except for the whole key revocation deal and stronger encryption).

 

[chinch]

that's NEVER gonna be implimented.

 

[darscot]

Yes this technolgy is possible, but what is the point? You seem to have no understanding of common sense. Sony pictures will never block a movie from one of its players. Yes technically they could block it for a period of time even a very long period of time. Let just pose an example in the real world. One of Sony's players gets comprimised and they've sold 5 million of them. Do honestly believe Sony is going tell 5 million customers you need to go buy a new player? And you probable going to want to do that from Toshiba? Sony wouldn't even bother sending out a firmware upgrade as it just wouln't be cost effective. If you player is PC based they may require you to download a firmware upgrade. Even this is very unlikely as the firmware patch is just a big fat clue to all the hackers out there.

 

[Nerevar]

Yes this technolgy is possible, but what is the point? You seem to have no understanding of common sense. Sony pictures will never block a movie from one of its players. Yes technically they could block it for a period of time even a very long period of time. Let just pose an example in the real world. One of Sony's players gets comprimised and they've sold 5 million of them. Do honestly believe Sony is going tell 5 million customers you need to go buy a new player? And you probable going to want to do that from Toshiba? Sony wouldn't even bother sending out a firmware upgrade as it just wouln't be cost effective. If you player is PC based they may require you to download a firmware upgrade. Even this is very unlikely as the firmware patch is just a big fat clue to all the hackers out there.

Besides being technically impossible (you can't patch the firmware of a compromised system, the firmware has to be either encrypted with the very same key which is already compromised or available in plain text - both of which are very obviously bad ideas and would lead to the new key being easy to read). The issue then becomes "which issue is worth - leaving all new releases open to piracy and free distribution or forcing a recall of all players". It's a bean counter issue at that point, but it's purposely put in there so that HD-DVD won't have the same piracy issues as DVDs currently have. And besides, Sony pictures doesn't make all the movies in the world. I doubt Disney cares if their new movies don't work in old Sony players - that's the fault of Sony for letting their keys get compromised, not Disney's. The issue then is the public relations worth it? Who knows, no one's tried it yet.

 

[Doth Togo]

So? Just mod chip your DVD player. The Asian community will make a fortune from mod chipping.

 

[borghe]

nerevar - a couple of points. first, as many are pointing out, if Player A sells 5 million units, you better believe there will be a class action lawsuit if all future discs from Warner Bors. stop playing on it. and at minimum you are looking at replacement units for 5 million people PLUS attorney fees.. we could be talking over a billion dollars to settle. especially if most of those 5 million units were sold before the date of the crack.

next, I don't get why everyone is fretting about a player being hacked.. the only real and useful hacks out right now for any player are region free codes and on a few old apex's macrovision defeat.. and on players with region free codes they still have to pass CSS encryption. the problem with DVD copying is that it's easy to get the CSS key.. but you can't really do that with a player. pretty much only a dvd-rom and an application. so cracking a player really won't do much.. it is the discs themselves that need to be cracked.

I am not worried about this. The only thing I think hollywood even cares about right now are maybe region free players and maybe macrovision free players. but those are minor. the main thorn in hollywoods side right now is dvddecrypter and the like. and being able to ban players has nothing to do with that.

we'll see, but really this provision sounds pretty meaningless...

 

[darscot]

Nerevar, learn to add. You seem to have advance understanding of ecyryption based mathmatics but you can't add up some simple numbers. This is stupidity and just because some guy dreamed this up and put it in the spec does not mean it will ever happen. No one is ever going to make a player that can get screwed over. How many companies do you think would even bother to make players if at anytime the compition could fuck them over. Do you think Toshiba is going to make players knowing full well Sony could ban all movies from working in them. I know you going to go on and on untill that blue brick bounces off your melon but I'm done.

 

[Nerevar]

Nerevar, learn to add. You seem to have advance understanding of ecyryption based mathmatics but you can't add up some simple numbers. This is stupidity and just because some guy dreamed this up and put it in the spec does not mean it will ever happen. No one is ever going to make a player that can get screwed over. How many companies do you think would even bother to make players if at anytime the compition could fuck them over. Do you think Toshiba is going to make players knowing full well Sony could ban all movies from working in them. I know you going to go on and on untill that blue brick bounces off your melon but I'm done.

The only one who needs to "learn" anything is you, and that's to read. It is in the specification right now. That means in order to build a DVD player that plays HD-DVD movies it must implement this encryption and key-restriction system. Toshiba and Sony dont' have a choice. The only issue is whether or not movie studios actually use it. You can rant on and on that you don't think it will happen, but that doesn't change the fact that the possibility for it happening is now there when it wasn't there for regular DVD players. So stop arguing about whether or not it's technically possible, because you clearly don't have a clue as to what is technically part of the specification and what isn't.

next, I don't get why everyone is fretting about a player being hacked.. the only real and useful hacks out right now for any player are region free codes and on a few old apex's macrovision defeat.. and on players with region free codes they still have to pass CSS encryption. the problem with DVD copying is that it's easy to get the CSS key.. but you can't really do that with a player.

The studios are worried that once a player key gets out software can be easily made that uses that player's key to "fool" an HD-DVD into thinking the computer drive it's inserted into is a real HD-DVD player. DeCSS basically works in this way, using a publically available key to fool the DVD into thinking it's on a real, licensed DVD player and then extracting the appropriate disk key (which is then used to decrypt the title key, which allows the DVD to play). The DVD consortium wants to avoid this, and added it in. Like I said, the issue now is whether the bean counters think it's practical to disable new DVDs from working on hacked players.

 

[borghe]

ok, but this is what I'm not getting... So the key is hacked, at which point they can ban that player. however it is still then possible to pirate all existing discs prior to that hack. and when hackers come up with a new one, they can hack discs and copy them, all discs prior to that hack...

the bottom line is that without any sort of DRM in place, no matter what the studios try to come up with it is only a matter of time before it is hacked. even this only works on an after the fact basis, which still means all glass masters pressed before the ban change is made are still susceptible. and all future discs are susceptible as soon as another key is compromised.

this really stops nothing. it is a deterent and definitely can potentially make it more challenging, but as darscott is saying, for it to even work they have to fuck over thousands, possibly even millions, of users to implement it.. so because DVDJon decides to use a Sony NX-HD150 to pirate HD-DVDs, those 2 million users are out $500-1000????? I'm not thinking so. I get that it is already in there (though it is only version .9 so things can still change), but it comes down to the practicality of executing it.

about the only thing I see this defeating is Chinese manufacturers who release questionable players (*coughApexcough*) that are only popular/bought because of their workarounds (aka the infamous Apex AD600 or whatever the model number was). But if a Sony NX-HD150's key is compromised (no people, it is a made up model number) and used to start hacking HD-DVDs ala DeCSS, I can't see the DVD consortium blacklisting that player and its 2 million users worldwide, lest the DVD consortium wants to face a classaction lawsuit on the magnitude of 2 million people who shelled out $500 a pop for the player. $1B before legal fees even get involved...

 

[darscot]

Ok so basically what you saying is the disk will say what players it can play in? So what about new players how will old disks work in them? So you player only works with movies older then it is? How many models of DVD players are there it has to be at least several 100,000. You either missing something in how this works or its utter nonsense.

 

[border]

I doubt Disney cares if their new movies don't work in old Sony players - that's the fault of Sony for letting their keys get compromised, not Disney's.

Geez, just think about it for more than 2 seconds -- of course Disney cares. If they lock out 5 million players then that's 5 million HD-DVDs they cannot sell to people and 5 million furious households. That's a ton of lost revenue and a huge loss of consumer goodwill to stop a handful of nutters on the internet who are probably going to get a copy anyway.

This whole concept is theoretically possible, but so nightmarish when you think about it in a practical sense that it's hardly even worth discussing. Nobody is going to start locking out players.

 

[Joe]

FUCKIN NORWEIGANS

 

[Nerevar]

Ok so basically what you saying is the disk will say what players it can play in? So what about new players how will old disks work in them? So you player only works with movies older then it is? How many models of DVD players are there it has to be at least several 100,000. You either missing something in how this works or its utter nonsense.

They key space is 2^256 (256 bit encryption). That's a very large number of keys. I believe the idea is to generate an incredibly large number of valid keys (100,000+) and store all those on the actual disk. As I said, you're looking at roughly 100 MB of encryption data on a disc that is 50-60 GB. Not that big (for reference, xbox 360 is taking roughly 2 GB of data to encrypt their disks). I think with 100,000 keys (or they might even do more, who knows) they would be safe for all future releases of DVD players (this is what is at the heart of getting a license from the consortium to make a commercial player - you're getting a valid key pair from them to make the player).

 

[borghe]

not to mention, like I first said.. 5 million players get locked out.. let's go through this:

User A goes to stick in his copy of Lion King and the Goat of Malice (User A is obviously thus stupid and has no taste). Disc doesn't work.

User A takes the disc back to the store for a new one. Gets home and puts it in. Disc doesn't work.

User A then calls Sony and asks what happened. Sony tells them tha no future DVDs will work on their system. User A asks why. Sony tells them that some user broke DVD security and they need to buy a new player. Sony will send them a rebate for $50 off of a $300 player.

At this point I think it is safe to say that User A will not be buying a new DVD player. I also think it is safe to say that User A will never buy another Disney disc. Stupid User A is now worried about what happens if they buy a new player and someone compromises security with that.

As border said, Disney absolutely cares. Because now that user, and the other 5 million users of the player, likely won't be buying any more disney discs.

What I personally believe is there has to be more to the spec than what we are reading here. Because as it is shown in the article it doesn't make sense. The studios would potentially be commiting suicide by such a move (executing it I mean, not just including it)

Personally at this point I think it falls one step below the "Analog hole" in terms of worrying about it. Broadcasters won't shut out 10 million existing sets, and movie studios won't shut down 5 million players, most of which are entirely innocent movie buying users.

 

[darscot]

100,000 HD DVD players is no where near enough. Just think about how different models of CD players or VCRS there are it has to be millions.

 

[borghe]

100,000 HD DVD players is no where near enough. Just think about how different models of CD players or VCRS there are it has to be millions.

there are not millions of models of cd players.. there are probably not even half a million models of DVD players.

CD players have been around for 22 years. 1000000/22=45,454 models per year. There have not been 45,000 different models released per year, especially considering the first few years there were probably fewer than 50 different models worldwide.

DVD players, even including DVD-ROM drives, there have probably been fewer than 2000 models released total. They have been around for 8 years, that would mean 250 models a year. while there might be that many released a year now, for the first two years or so there were less than 60 different models released in either year. I believe 1997 only had around 20 models released throughout the entire world.

 

[darscot]

Yah I guess you right. But when you think of all the home systems, portable, PC drives, car systems, GPS systems, game consoles.... You roll into an electronics shop in japan they have several hundred models in stock at any time. Globaly the number has to be getting up there.