From mamueller@topmail.de 1 Oct 1999 17:02:50 -0000 Date: 1 Oct 1999 17:02:50 -0000 From: Martin Mueller mamueller@topmail.de Subject: [Livid-dev] c't writes about css Hi, the german computer magazine c't http://www.heise.de/ct (no. 20, 27/9/99) has some articels about DVD, linuxtv.org and livid are mentioned with links. There is a text about css. They say that the 40bit title key is encrypted with the disc key and the disc key itself is encrypted. Every decoder has it's own key to decrypt the disc key. If a decoder is cracked, they simply remove the decoders key from the list for the new DVDs. In there newsticker they say the DoD crack is not teh end of DVD because it is only one key cracked that way (remember the readme). BTW, the randomly tested LBAs of my encrypted DVDs all had the same title key. Martin ___________________________________________________________ TopMail - Jetzt kostenlos anmelden - http://www.topmail.de *** com!online: Jetzt 2 Ausgaben kostenlos testen unter *** ------- http://www.com-online.de/service/index6.html ------
From pvolcko@concentric.net Fri, 1 Oct 1999 14:04:16 -0400 (EDT) Date: Fri, 1 Oct 1999 14:04:16 -0400 (EDT) From: pvolcko@concentric.net pvolcko@concentric.net Subject: [Livid-dev] c't writes about css This is interesting. I'd love to know where they got the bits of information about the title keys being encrypted with the disc keys and especially the bit about each css decrypter having it's own escrowed secret key which somehow figures into the creation of each disc key. I don't know all that much about encryption, but it would seem to me that this would quickly become a very daunting task to create each new DVD's disc key as more and more licensed decrypters are added to the list. Likewise brute forcing the decryption key of all the licensed decrypters would seem to be a relatively easy task assuming a 40 bit decrypter secret key. Just doesn't seem to make the least bit of sense, from a business or security stand point. They used a small key length and due to this made it very easy to brute force keys. Because of this and their supposed policy of removing a key from the enabled decrypter of disc keys list once the player's secret key is public, it seems feasible that someone (even acting alone) could start putting companies out of business by simply releasing the player secret keys. Single handedly making a significant portion of the installed player base useless on new dvd titles. I can't see a group so well funded and powerful making such a stupid technology move. Stranger things have happened though... Paul Volcko LSDVD On 1 Oct 1999, Martin Mueller wrote: > Hi, > > the german computer magazine c't http://www.heise.de/ct > (no. 20, 27/9/99) has some articels about DVD, linuxtv.org > and livid are mentioned with links. There is a text about css. > They say that the 40bit title key is encrypted with the disc > key and the disc key itself is encrypted. Every decoder has it's > own key to decrypt the disc key. If a decoder is cracked, they > simply remove the decoders key from the list for the new DVDs. In > there newsticker they say the DoD crack is not teh end of DVD > because it is only one key cracked that way (remember the readme). > > BTW, the randomly tested LBAs of my encrypted DVDs all had the > same title key. > > Martin > > ___________________________________________________________ > TopMail - Jetzt kostenlos anmelden - http://www.topmail.de > *** com!online: Jetzt 2 Ausgaben kostenlos testen unter *** > ------- http://www.com-online.de/service/index6.html ------ > > > _______________________________________________ > Livid-dev maillist - Livid-dev@livid.on.openprojects.net > http://livid.on.openprojects.net/mailman/listinfo/livid-dev >
From mamueller@topmail.de 1 Oct 1999 18:28:23 -0000 Date: 1 Oct 1999 18:28:23 -0000 From: Martin Mueller mamueller@topmail.de Subject: [Livid-dev] c't writes about css Hi, > This is interesting. I'd love to know where they got the bits of information usually they know what they are writing, I guess. One thing that speaks for the 'each decoder one key' is the pretty long disc key. It should be easy to hide a lot of information in it. > putting companies out of business by simply releasing the player secret keys. > Single handedly making a significant portion of the installed player base > useless on new dvd titles. > > I can't see a group so well funded and powerful making such a stupid > technology move. The stuff sounds like the http://www.dtcp.com way of crypting digital video (eg on firewire). On their webpage they speak about putting cracked equipment on black lists. Woosh - your $1000 digital video recorder is trash. Martin ___________________________________________________________ TopMail - Jetzt kostenlos anmelden - http://www.topmail.de *** com!online: Jetzt 2 Ausgaben kostenlos testen unter *** ------- http://www.com-online.de/service/index6.html ------
From pvolcko@concentric.net Fri, 1 Oct 1999 14:54:08 -0400 (EDT) Date: Fri, 1 Oct 1999 14:54:08 -0400 (EDT) From: pvolcko@concentric.net pvolcko@concentric.net Subject: [Livid-dev] c't writes about css > usually they know what they are writing, I guess. One thing that > speaks for the 'each decoder one key' is the pretty long disc key. > It should be easy to hide a lot of information in it. It also goes with the information that I've read and heard said in many places that it is rather difficult to get a CSS license. They tend to only give them out to companies that have some very solid financial footing. Also that they don't charge for the licensing (who the hell wants to pay for something that they may loose due to someone else being just a bit more clever than the CSS team). Jeez. It's probably true. What a crack dream system. > > putting companies out of business by simply releasing the player secret keys. > > Single handedly making a significant portion of the installed player base > > useless on new dvd titles. > > > > I can't see a group so well funded and powerful making such a stupid > > technology move. > > The stuff sounds like the http://www.dtcp.com way of crypting > digital video (eg on firewire). On their webpage they speak about > putting cracked equipment on black lists. Woosh - your $1000 > digital video recorder is trash. I can't believe anyone would knowingly put that kind of system in place. Worse yet, that anyone would actually use that kind of a system. It's really sad that DVD is linked to this apparently piss poor encryption methodology. If it weren't for the 5.1 surround sound and high quality video there is no way I could recommend DVD to anyone. The IFO file format is deeply flawed (not the encoding formats). The encryption seems to be very ill conceived and fairly weak. It's a step above what DIVX was, but not that much of a step. Paul Volcko LSDVD