From derek@spider.com Mon, 11 Oct 1999 19:27:45 +0100 Date: Mon, 11 Oct 1999 19:27:45 +0100 From: Derek Fawcus derek@spider.com Subject: [Livid-dev] CSS Status Hi all, I wander off for the weekend and all hell breaks loose... Well some people have been wondering when I'll release the decryption code, and what happened with last Monday. Well it was a combination: - after I said I'd release it I was given an update to the code (the reason that DeCSS can rip more than dodsrip). - I wanted to tidy the code a bit - i.e. make it a bit more high level, with explanations of what was going on. I didn't get around to that. - It was a busy week, so I didn't do much on this during the week (except get swamped in email). - I was away visiting relatives from Thursday 'til today (I occasionally do have a real life). So my plan at the moment is to try again. I'm going to go through the algorithm and see if I can generate the higher level description, comments, etc. This is once again provisionally scheduled for a weeks time. Something that may be of interest to people in the states is that I've had an offer of help to produce a specification of the algorithm - from which a third party could produce an implementation. i.e. proper clean room approach. This doesn't really matter from my point of view (or in my opinion most Europeans) but may be of use to the Yanks. In terms of what was happening with DeCSS: Well Jon was giving out the facts. The sequence of events was that someone supplied me with the decryption code a few weeks ago, and after about another couple of weeks I got around to trying it, then mentioned it on this list (together with my intention to relase the info). I was given this code, with no strings attached. It later transpired that it actually came from one of the people involved in DeCSS being produced. Someone else then supplied me with the source to DeCSS, since it had accidentally escaped, and while reading through it I found my code. The only reason I posted my comment was that my name wasn't mentioned in the source file. (I couldn't care less about the algorithm - simply that my expression of it was uncredited). That caused the author of DeCSS to contact me and after a discussion, I gave him permission to use my code without worrying about the GPL - i.e. different licence conditions. So while this was all going on, others have acuired the decryption algorithm - I know of around around 5 others who have it. All are quite capable of releasing the same info to the public - so far none have (that I know of). I suspect that some of this is simply caution. Anyway those people that I know of are interested in players, and since there isn't yet a Linux one... Now one _can_ simply view the streamed data, but thats not what one ultimatly wants. As part of this, at least 2 people have brute forced the DVD encrption algorithm to allow the keys to be extracted. You'd have seen one posting to the list. This all falls quite simply out of having the algorithm and a little bit of knowledge. This development is potentially more serious in terms of it's implications fro DVD. It may not have any effect - I don't know. We'll find out when the info is released. Now I'll speak to these people and find out just what they intend to do - but I rather suspect that that once I release the algorithm, the brute force code and keys will follow quite rapidly. The authors should contact me if they wish me to put them in touch with each other so they can coordinate efforts. DF -- Derek Fawcus derek@spider.com Spider Software Ltd. +44 (0) 131 475 7034