On 05/05/07, Gregory Maxwell <gmaxwell(a)gmail.com> wrote:
On 5/4/07, David Gerard <dgerard(a)gmail.com>
wrote:
I am cognizant of the fact that we are not
actually dealing with
rational actors here. They have the corporate equivalent of batshit
crazy right now because their *one dream* has been revealed to be
snake oil yet again. They're angry, in denial and blaming and lashing
out at everyone in the world except themselves. That's another reason
I want to wait a few weeks so that someone else can spend the effort
to deal them the smackdown if they don't back down.
O_0
AACS was specifically designed with the expectation of key leaks
exactly like this. Such leaks pretty much impossible to completely
avoid, ... since the keys must be placed in devices that people own.
AACS-LC might, be surprised at the intensity of the Internet
reaction... but there is no reason to say that the cryptosystem isn't
working exactly as designed nor is there any reason for them to be
panicked from a security perspective.
CSS, used with classic DVD, was also designed to be key-leak
resistant. However, that resistance failed because the system relied
on a cryptographic algorithm which was novel, secret, subject to US
export control key length limits, and not subject to extensive peer
review. Shortly after the CSS algorithms were made public, Frank
Stevenson released a pair of cryptographic attacks against CSS which
made knowledge secret keys completely unnecessary.
No such attack exists against AACS. The secret keys are still needed
and can be changed for future releases. The developers of AACS
clearly learned from the mistakes of CSS. The few novel cryptographic
primitives used in AACS are well isolated and have been published for
years, the rest is bog standard crypto stuff. The entire system has
been extensively reviewed. There is no reason to expect a true
complete crack, like that of CSS, for AACS will be forthcoming in the
near future.
... and any such crack with be of a mathematical nature. ... The
released disk and product keys do little to nothing to further an
actual complete crack.
Perhaps people might understand some of the nuance here if they
weren't too busy declaring victory over The Man?
Of course to do this they need to invalidate machines which were coded
with the old keys, or risk giving the keys to an architecture which is
considered unsafe. If I really wanted to upgrade my physical box of a
HDDVD player each time one of these attacks occured I might think
about it. But I would rather be able to purchase content which works,
and will work in the future, on multiple machines. I am surprised that
the whole sony copy protected CD thing hasn't come up yet. Sony were
told they weren't allowed to restrict who could play what CD's to
their special players, and it will only be time before the same
control restrictions are taken off and keys must be kept continuously
in order for people to continually be able to use the content that
they purchased legally.
May not happen tommorrow, but it will happen.
Peter