Description of the "High-Bandwidth Digital Content Protection" scheme: http://www.dvddemystified.com/dvdfaq.html#1.11 >The HDCP key exchange process verifies that a receiving device is >authorized to display or record video. It uses an array of forty 56-bit >secret device keys and a 40-bit key selection vector -- all supplied by >the HDCP licensing entity... Once the authority of the receiving device >has been established, the video is encrypted by an exclusive-or operation >with a stream cipher generated from keys exchanged during the >authentication process. If a display device with no decryption ability >attempts to display encrypted content, it appears as random noise. This may be the spec itself, though I couldn't actually get to it: http://www.ddwg.org/data/dvi_10.pdf More background on HDCP: http://www.wired.com/news/print/0,1294,41045,00.html >The content is encrypted with a High Definition Copy Protection (HDCP) >system JVC developed that is similar in function to the Content Scrambling >System (CSS) on a DVD. The HDCP system can't be broken, however, because >only high definition sets will have the HDCP decoder, according to Dan >McCarron, national product specialist in JVC's color TV division... DVI >ports on PCs will not have the HDCP decoder, so PCs can't be used to break >HDCP like it did with CSS. -Declan ******* Date: Tue, 14 Aug 2001 13:18:26 -0700 From: Gabriel Rocha <grochaat_private> To: Declan McCullagh <declanat_private> http://www.securityfocus.com/templates/article.html?id=236 Video crypto standard cracked? Noted cryptographer Niels Ferguson says he's broken Intel's vaunted HDCP Digital Video Encryption System, but fear of U.S. law is keeping him silent on the details. By Ann Harrison August 13, 2001 10:14 PM PT ENSCHEDE, NETHERLANDS--A Dutch cryptographer who claims to have broken Intel Corp.'s encryption system for digital video says he will not publish his results because he fears being prosecuted or sued under the Digital Millennium Copyright Act. Niels Ferguson announced last weekend that he has successfully defeated the High-bandwidth Digital Content Protection (HDCP) specification, an encryption and authentication system for the DVI interface used to connect digital cameras, high-definition televisions, cable boxes and video disks players. "An experienced IT person could recover the master key in two weeks given four standard PCs and fifty HDCP displays," said Ferguson. "The master key allows you to recover every other key in the system and lets you decrypt [HDCP video content], impersonate a device, or create new displays and start selling HDCP compatible devices." Ferguson, who announced his results at the Hackers At Large 2001 (HAL) security conference, is not providing details of how he defeated HDCP. [...] Intel has not threatened him in any way, says Ferguson. But he says he was informed by a lawyer from the San Francisco-based Electronic Frontier Foundation (EFF) that he could be sued or prosecuted under the DMCA for publishing his research, even on his own Web site. And if Intel chooses not to sue, Ferguson fears that the motion picture industry, whose movies are encrypted with HDCP, may haul him into court. [...] ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 13:59:18 PDT