Technology and Trends
 Linux Video & DVD Project Mailing List Archives
  
From mamueller@topmail.de 1 Oct 1999 17:02:50 -0000
Date: 1 Oct 1999 17:02:50 -0000
From: Martin Mueller mamueller@topmail.de
Subject: [Livid-dev] c't writes about css

Hi,

the german computer magazine c't http://www.heise.de/ct 
(no. 20, 27/9/99) has some articels about DVD, linuxtv.org 
and livid are mentioned with links. There is a text about css.
They say that the 40bit title key is encrypted with the disc
key and the disc key itself is encrypted. Every decoder has it's 
own key to decrypt the disc key. If a decoder is cracked, they
simply remove the decoders key from the list for the new DVDs. In
there newsticker they say the DoD crack is not teh end of DVD
because it is only one key cracked that way (remember the readme).

BTW, the randomly tested LBAs of my encrypted DVDs all had the
same title key.

Martin

___________________________________________________________
TopMail - Jetzt kostenlos anmelden - http://www.topmail.de
*** com!online: Jetzt 2 Ausgaben kostenlos testen unter ***
------- http://www.com-online.de/service/index6.html ------

From pvolcko@concentric.net Fri, 1 Oct 1999 14:04:16 -0400 (EDT)
Date: Fri, 1 Oct 1999 14:04:16 -0400 (EDT)
From: pvolcko@concentric.net pvolcko@concentric.net
Subject: [Livid-dev] c't writes about css

This is interesting. I'd love to know where they got the bits of information
about the title keys being encrypted with the disc keys and especially the bit
about each css decrypter having it's own escrowed secret key which somehow
figures into the creation of each disc key. I don't know all that much about
encryption, but it would seem to me that this would quickly become a very
daunting task to create each new DVD's disc key as more and more licensed
decrypters are added to the list. Likewise brute forcing the decryption key
of all the licensed decrypters would seem to be a relatively easy task
assuming a 40 bit decrypter secret key. 

Just doesn't seem to make the least bit of sense, from a business or security
stand point. They used a small key length and due to this made it very easy
to brute force keys. Because of this and their supposed policy of removing a
key from the enabled decrypter of disc keys list once the player's secret key
is public, it seems feasible that someone (even acting alone) could start
putting companies out of business by simply releasing the player secret keys.
Single handedly making a significant portion of the installed player base
useless on new dvd titles. 

I can't see a group so well funded and powerful making such a stupid
technology move.

Stranger things have happened though... 

Paul Volcko
LSDVD

On 1 Oct 1999, Martin Mueller wrote:

> Hi,
> 
> the german computer magazine c't http://www.heise.de/ct 
> (no. 20, 27/9/99) has some articels about DVD, linuxtv.org 
> and livid are mentioned with links. There is a text about css.
> They say that the 40bit title key is encrypted with the disc
> key and the disc key itself is encrypted. Every decoder has it's 
> own key to decrypt the disc key. If a decoder is cracked, they
> simply remove the decoders key from the list for the new DVDs. In
> there newsticker they say the DoD crack is not teh end of DVD
> because it is only one key cracked that way (remember the readme).
> 
> BTW, the randomly tested LBAs of my encrypted DVDs all had the
> same title key.
> 
> Martin
> 
> ___________________________________________________________
> TopMail - Jetzt kostenlos anmelden - http://www.topmail.de
> *** com!online: Jetzt 2 Ausgaben kostenlos testen unter ***
> ------- http://www.com-online.de/service/index6.html ------
> 
> 
> _______________________________________________
> Livid-dev maillist - Livid-dev@livid.on.openprojects.net
> http://livid.on.openprojects.net/mailman/listinfo/livid-dev
> 

From mamueller@topmail.de 1 Oct 1999 18:28:23 -0000
Date: 1 Oct 1999 18:28:23 -0000
From: Martin Mueller mamueller@topmail.de
Subject: [Livid-dev] c't writes about css

Hi,

> This is interesting. I'd love to know where they got the bits of information

usually they know what they are writing, I guess. One thing that
speaks for the 'each decoder one key' is the pretty long disc key.
It should be easy to hide a lot of information in it.

> putting companies out of business by simply releasing the player secret keys.
> Single handedly making a significant portion of the installed player base
> useless on new dvd titles. 
> 
> I can't see a group so well funded and powerful making such a stupid
> technology move.

The stuff sounds like the http://www.dtcp.com way of crypting 
digital video (eg on firewire). On their webpage they speak about
putting cracked equipment on black lists. Woosh - your $1000
digital video recorder is trash.

Martin

___________________________________________________________
TopMail - Jetzt kostenlos anmelden - http://www.topmail.de
*** com!online: Jetzt 2 Ausgaben kostenlos testen unter ***
------- http://www.com-online.de/service/index6.html ------

From pvolcko@concentric.net Fri, 1 Oct 1999 14:54:08 -0400 (EDT)
Date: Fri, 1 Oct 1999 14:54:08 -0400 (EDT)
From: pvolcko@concentric.net pvolcko@concentric.net
Subject: [Livid-dev] c't writes about css

> usually they know what they are writing, I guess. One thing that
> speaks for the 'each decoder one key' is the pretty long disc key.
> It should be easy to hide a lot of information in it.

It also goes with the information that I've read and heard said in many places
that it is rather difficult to get a CSS license. They tend to only give them
out to companies that have some very solid financial footing. Also that they
don't charge for the licensing (who the hell wants to pay for something that
they may loose due to someone else being just a bit more clever than the CSS
team). Jeez. It's probably true. What a crack dream system. 

> > putting companies out of business by simply releasing the player secret keys.
> > Single handedly making a significant portion of the installed player base
> > useless on new dvd titles. 
> > 
> > I can't see a group so well funded and powerful making such a stupid
> > technology move.
> 
> The stuff sounds like the http://www.dtcp.com way of crypting 
> digital video (eg on firewire). On their webpage they speak about
> putting cracked equipment on black lists. Woosh - your $1000
> digital video recorder is trash.

I can't believe anyone would knowingly put that kind of system in place.
Worse yet, that anyone would actually use that kind of a system.

It's really sad that DVD is linked to this apparently piss poor encryption
methodology. If it weren't for the 5.1 surround sound and high quality video
there is no way I could recommend DVD to anyone. The IFO file format is
deeply flawed (not the encoding formats). The encryption seems to be very ill
conceived and fairly weak. It's a step above what DIVX was, but not that much
of a step.

Paul Volcko
LSDVD