May 03 2007
Joining The AACS Fiasco
Surely most people must by now know that the processing key for the DRM system used by HD-DVDs and Bluray DVDs has been broken and has been circulating wildly on the internet (thanks to the actions of Digg).
I read today on Wired.com the following statement released by the AACS-LA:
“it has taken action, in cooperation with relevant manufacturers, to expire the encryption keys associated with the specific implementations of AACS-enabled software. Consumers can continue to enjoy content that is protected by the AACS technology by refreshing the encryption keys associated with their HD DVD and Blu-ray software players. This refresh process is accomplished via a straightforward online update.”
Well thats great, they built into AACS the ability to send out new decryption keys should a key be compromised. All users need to do is complete a simple online update of their players and everything continues as normal.
Well, hang on a minute. Old DVD produced with the compromised processing key will sure need that old key in order to be decrypted and played. However new DVDs will require the new processing key in order to be played. What happens when a player is updated to get the new processing key? Is the old processing key removed from the player? If this is the case is then is it still possible to play the old discs?
I assume that the designers of AACS would make it impossible to play of DVDs should the processing key need to be revoked, unless they think they can keep reselling the same DVDs to consumers. But then again they were foolish enough to think that they could implement a content protection system that wouldn’t one day be broken.
Surely now that hackers know how to extract the processing key it will only be a matter of time until the new processing key is compromised. Does this mean that new processing keys are going to be released daily until one side of the war gets bored and gives up? I suspect that the first side to give in may well be the consumers, at which point the losers by default will be the movie studios that thought they could pull one over on the consumers.
More of this story on:
Digg
Slashdot
BoingBoing
Wired.com
Google
Technorati Tags: Crack, Decryption, HDDVD, Blueray
If it’s anything like DVD then the content is encrypted with a ‘volume’ key that changes per disc. The volume key is on the disc a few hundred times, each encrypted with a ‘vendor’ key.
The idea was that should a vendor key become compromised then they would pull it from future discs and issue the vendor with one of the new spare keys already in use on all the discs.
The upshot would be that discs would continue to play everywhere except new discs would not play in compromised players. Obviously updating PowerDVD and WinDVD to use new keys is a lot easier than shipping a firmware update to thousands of set-top player owners so I’m not sure they ever revoked those keys.
The problem with the DVD hack is that they broke the encryption in such a way that they uncovered *all* the vendor keys.
I would imagine the situation is similar with AACS.
[)amien
[...] As I previously blogged, the AACS-LA has a 128bit hex number that they call their own, and nobody else can use it without their expressed permission. If anyone does use it then the AACS-LA can use the power of the DMCA to stop its use and sue the people that used it, if they so wish. What gives the AACS-LA the rights to do this is that the number is used for the encryption of data (on HD-DVD and Blueray discs). [...]