From tmilker@radiks.net Thu, 07 Oct 1999 18:35:44 -0500 Date: Thu, 07 Oct 1999 18:35:44 -0500 From: Ted Milker tmilker@radiks.net Subject: [Livid-dev] DeCSS source The DeCSS source code is available on the DeCSS homepage at: http://mmadb.no/hwplus/____MMSystem_275____/Decss.zip Ted
From crow@debian.org Thu, 7 Oct 1999 19:33:33 -0500 Date: Thu, 7 Oct 1999 19:33:33 -0500 From: Stephen Crowley crow@debian.org Subject: [Livid-dev] DeCSS source Hmm, this doesn't look like the source, just binaries. On Thu, Oct 07, 1999 at 06:35:44PM -0500, Ted Milker wrote: > The DeCSS source code is available on the DeCSS homepage at: > > http://mmadb.no/hwplus/____MMSystem_275____/Decss.zip > > Ted > > > _______________________________________________ > Livid-dev maillist - Livid-dev@livid.on.openprojects.net > http://livid.on.openprojects.net/mailman/listinfo/livid-dev > -- Stephen Crowley
From jak@xmmoms.physics.ucsb.edu Thu, 7 Oct 1999 17:55:08 -0700 (PDT) Date: Thu, 7 Oct 1999 17:55:08 -0700 (PDT) From: Jamie Kennea jak@xmmoms.physics.ucsb.edu Subject: [Livid-dev] DeCSS source On Thu, 7 Oct 1999, Ted Milker wrote: > The DeCSS source code is available on the DeCSS homepage at: > > http://mmadb.no/hwplus/____MMSystem_275____/Decss.zip For the words "source code" read "binary" here. No source code on that page. Jamie
From tmilker@radiks.net Thu, 07 Oct 1999 20:07:11 -0500 Date: Thu, 07 Oct 1999 20:07:11 -0500 From: Ted Milker tmilker@radiks.net Subject: [Livid-dev] DeCSS source Jamie Kennea wrote: > > On Thu, 7 Oct 1999, Ted Milker wrote: > > > The DeCSS source code is available on the DeCSS homepage at: > > > > http://mmadb.no/hwplus/____MMSystem_275____/Decss.zip > > For the words "source code" read "binary" here. No source code on that > page. Oh it was there, he deleted it after I posted to the mailing list. I know its the source because I have it. I think some other people might have snagged it before he deleted it though. Ted
From jak@xmmoms.physics.ucsb.edu Thu, 7 Oct 1999 18:46:03 -0700 (PDT) Date: Thu, 7 Oct 1999 18:46:03 -0700 (PDT) From: Jamie Kennea jak@xmmoms.physics.ucsb.edu Subject: [Livid-dev] DeCSS source On Thu, 7 Oct 1999, Ted Milker wrote: > Oh it was there, he deleted it after I posted to the mailing list. I > know > its the source because I have it. I think some other people might have > snagged it before he deleted it though. Hey - why not scan it for GPL'd code and if it's there - you can release it to the world :o) Jamie
From dvd@bdemskysgi.mit.edu Thu, 7 Oct 1999 21:38:19 -0400 (EDT) Date: Thu, 7 Oct 1999 21:38:19 -0400 (EDT) From: dvd@bdemskysgi.mit.edu dvd@bdemskysgi.mit.edu Subject: [Livid-dev] DeCSS source Not quite true... If all the author of the GPL'd part gives permission for a person to use the code under a different license, it doesn't matter that part of the code was once released under GPL. For instance, kaffe. Brian
From ccheney@cheney.cx Thu, 7 Oct 1999 21:10:25 -0500 Date: Thu, 7 Oct 1999 21:10:25 -0500 From: Chris Cheney ccheney@cheney.cx Subject: [Livid-dev] DeCSS source Jamie, Even if it contains code that appears to be gpl'd, if the author(s) of the code granted permission to use it under a different license then it would be you breaking the law by releasing the code. Thought you might want to think about that. Chris On Thu, Oct 07, 1999 at 06:46:03PM -0700, Jamie Kennea wrote: > On Thu, 7 Oct 1999, Ted Milker wrote: > > > Oh it was there, he deleted it after I posted to the mailing list. I > > know > > its the source because I have it. I think some other people might have > > snagged it before he deleted it though. > > Hey - why not scan it for GPL'd code and if it's there - you can release > it to the world :o) > > Jamie > > > > _______________________________________________ > Livid-dev maillist - Livid-dev@livid.on.openprojects.net > http://livid.on.openprojects.net/mailman/listinfo/livid-dev
From laredo@gnu.org Fri, 8 Oct 1999 00:08:03 -0400 (EDT) Date: Fri, 8 Oct 1999 00:08:03 -0400 (EDT) From: laredo@gnu.org laredo@gnu.org Subject: [Livid-dev] DeCSS source > On Thu, 7 Oct 1999, Ted Milker wrote: > > > Oh it was there, he deleted it after I posted to the mailing list. I > > know > > its the source because I have it. I think some other people might have > > snagged it before he deleted it though. > > Hey - why not scan it for GPL'd code and if it's there - you can release > it to the world :o) #1, this would presume the author didn't have other permission to use the source code from the original author. #2, it would be VERY VERY bad to release full source code to such a thing. the company that produced the player that was cracked will be liable for $1M in damages and have their keys revoked from all future dvd pressings breaking their player and the cracked code. This is not a good way to make friends. Ideally, someone would instead analyze the algorithm and post an analysis without tables or secrets to some place like sci.crypt. This keeps almost everyone happy and presents the opportunity for many people to work on finding a hole in the algorithm that would allow a purely mathematical attack rather than brute force to retreive the other 400something potential disc keys and the proper math to initialize the tables used for decryption. Anyone who has access to source code to decrypt CSS would be wise to keep it to himself, and at worst make a binary only release that's so obfuscated that the origin can be well-hidden. A little birdie tells me that the author of dodsrip will be releasing a linux binary very soon. This could just be piped through NIST-0.6 and then everyone could finally play dvds in linux. -- Nathan Laredo laredo@gnu.org
From digitech@mmadb.no Fri, 8 Oct 1999 11:56:01 +0200 Date: Fri, 8 Oct 1999 11:56:01 +0200 From: Jon Johansen digitech@mmadb.no Subject: [Livid-dev] DeCSS source Thank you very much for bringing the matter up. We have in fact been granted a special license. Anyone who might wish to confirm that, could just email Derek. And as Nathan Laredo stated: >#2, it would be VERY VERY bad to release full source code to such a thing. >the company that produced the player that was cracked will be liable for >$1M in damages and have their keys revoked from all future dvd pressings >breaking their player and the cracked code. This is not a good way to >make friends. He has got a very good point there, and the ones of you who want the source right away, should think about that. - Jon http://mmadb.no/hwplus ----- Original Message ----- From: "Chris Cheney" <ccheney@cheney.cx> To: <livid-dev@livid.on.openprojects.net> Sent: Friday, October 08, 1999 4:10 AM Subject: Re: [Livid-dev] DeCSS source > Jamie, > > Even if it contains code that appears to be gpl'd, if the author(s) of the code granted permission to use it under a different license then it would be you breaking the law by releasing the code. > > Thought you might want to think about that. > > Chris > > On Thu, Oct 07, 1999 at 06:46:03PM -0700, Jamie Kennea wrote: > > On Thu, 7 Oct 1999, Ted Milker wrote: > > > > > Oh it was there, he deleted it after I posted to the mailing list. I > > > know > > > its the source because I have it. I think some other people might have > > > snagged it before he deleted it though. > > > > Hey - why not scan it for GPL'd code and if it's there - you can release > > it to the world :o) > > > > Jamie > > > > > > > > _______________________________________________ > > Livid-dev maillist - Livid-dev@livid.on.openprojects.net > > http://livid.on.openprojects.net/mailman/listinfo/livid-dev > > > _______________________________________________ > Livid-dev maillist - Livid-dev@livid.on.openprojects.net > http://livid.on.openprojects.net/mailman/listinfo/livid-dev > >
From bolson@certicom.com Fri, 8 Oct 1999 12:04:25 -0700 Date: Fri, 8 Oct 1999 12:04:25 -0700 From: Bryan Olson bolson@certicom.com Subject: [Livid-dev] DeCSS source laredo wrote: > #2, it would be VERY VERY bad to release full source > code to such a thing. the company that produced the > player that was cracked will be liable for $1M in > damages and have their keys revoked from all future > dvd pressings breaking their player and the cracked > code. This is not a good way to make friends. A binary release is about as bad. There's no way we can hide from the DVD consortium which key(s) a ripper uses. They know _all_ the keys, and can burn disks that only allow access with subsets of the player keys. If the ripper works, then it holds one of the keys from the disk's subset. The problem is especially easy if the ripper only uses one key - a simple binary search reveals which one. I expect the DVD establishment was already set up to carry out such tests. The problem has been fairly well studied within the crypto community. European pay-TV systems are occasionally faced with cracker boxes that hold maybe a dozen out of several million subscriber keys. Can you cite a reference for the $1M in damages claim? --Bryan
From laredo@gnu.org Fri, 8 Oct 1999 15:18:36 -0400 (EDT) Date: Fri, 8 Oct 1999 15:18:36 -0400 (EDT) From: laredo@gnu.org laredo@gnu.org Subject: [Livid-dev] DeCSS source > > #2, it would be VERY VERY bad to release full source > > code to such a thing. the company that produced the > > player that was cracked will be liable for $1M in > > damages and have their keys revoked from all future > > dvd pressings breaking their player and the cracked > > code. This is not a good way to make friends. > > A binary release is about as bad. There's no way > we can hide from the DVD consortium which key(s) a > ripper uses. They know _all_ the keys, and can > burn disks that only allow access with subsets of > the player keys. If the ripper works, then it > holds one of the keys from the disk's subset. The > problem is especially easy if the ripper only uses > one key - a simple binary search reveals which > one. > > I expect the DVD establishment was already set up > to carry out such tests. The problem has been > fairly well studied within the crypto community. > European pay-TV systems are occasionally faced with > cracker boxes that hold maybe a dozen out of > several million subscriber keys. > > Can you cite a reference for the $1M in damages > claim? See the CSS licence agreement. It is available from MEI. It would appear as though we may soon have about 40 secret keys at our disposal. I cannot confirm this yet, but I did hear a rumor of something to the effect. -- Nathan Laredo laredo@gnu.org
From bolson@certicom.com Fri, 8 Oct 1999 13:04:46 -0700 Date: Fri, 8 Oct 1999 13:04:46 -0700 From: Bryan Olson bolson@certicom.com Subject: [Livid-dev] DeCSS source Nathan Laredo: > > > the company that produced the > > > player that was cracked will be liable for $1M in > > > damages Bryan Olson: > > Can you cite a reference for the $1M in damages > > claim? Nathan: > See the CSS licence agreement. It is available from MEI. I think you have misunderstood. The damages are based on material breaches of the agreement, not whether the required mechanisms are effective. --Bryan