"Jay D. Dyson" <jdysonat_private> writes: > As Weld Pond of @stake (formerly the l0pht) has noted, the dire > predictions made on the quality of digital content protection in the > age of DMCA have come to fruition. Where there could have been honest and > accurate peer review, we now have little but more snake oil being pawned > off as "secure." > > To review Sklyarov's presentation on how trivial it is to bust > Adobe's "encryption," please see the following URL: > > http://www.treachery.net/~jdyson/ebooks/ > > Take a look at the findings there. You will be amazed as well as > sickened that any self-respecting company could call this tripe > "protection." > > It's a sad day when it's cheaper to make a shoddy product and rely > on law enforcement to protect your product than it is to make a decent > product in the first place. Bottom line is thus: all of us -- regardless > of whether we use Adobe's products -- are now paying fees (taxes) to > assure that their product is protected. It seems to me that the quality of the encryption is a side issue in this case. In general, DRM systems of this type need to be concerned with two classes of attacks: (1) content recovery by unauthorized users (i.e. random individuals who get access to the encrypted content) (2) content recovery by authorized users (i.e. people who are authorized to view the content in some authorized device but not to extract the raw plaintext, etc.) The quality of the encryption being used only applies to attackers of type (1) since attackers who have the key will be able to recover the plaintext no matter what the encryption algorithm is, provided that they know the algorithm. It's not in principle any more difficult to reverse engineer a binary implementing a strong algorithm than one implementing a weak one. As far as I can tell, ElcomSoft's decryption utility requires the user to input the password. Therefore it would only be of use to attackers in class (2). While the encryption is admittedly bad the situation wouldn't be any better from Adobe's perspective if the encryption were good. Similar comments apply to CSS--although it uses a weak algorithm which could in principle be exhaustively searched, this isn't necessary since a key has been recovered by reverse engineering an authorized decoder. Why bother to make this distinction? Because eventually we'll run into a DRM system which uses a strong encryption algorithm. It will still be breakable since we don't know how to protect against attackers of class (2) but we won't be able to say "hey, these losers are using ROT13". We might as well start fighting that battle because we'll need to soon enough in any case. -Ekr ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 02:41:50 PDT