[WikiEN-l] Newsflash, David, AACS isn't broken

[Peter Ansell]

On 05/05/07, Gregory Maxwell <gmaxwell at gmail.com> wrote:
> On 5/4/07, David Gerard <dgerard at gmail.com> wrote:
> > I am cognizant of the fact that we are not actually dealing with
> > rational actors here. They have the corporate equivalent of batshit
> > crazy right now because their *one dream* has been revealed to be
> > snake oil yet again. They're angry, in denial and blaming and lashing
> > out at everyone in the world except themselves. That's another reason
> > I want to wait a few weeks so that someone else can spend the effort
> > to deal them the smackdown if they don't back down.
>
> O_0
>
> AACS was specifically designed with the expectation of key leaks
> exactly like this. Such leaks pretty much impossible to completely
> avoid, ... since the keys must be placed in devices that people own.
>
> AACS-LC might, be surprised at the intensity of the Internet
> reaction... but there is no reason to say that the cryptosystem isn't
> working exactly as designed nor is there any reason for them to be
> panicked from a security perspective.
>
> CSS, used with classic DVD, was also designed to be key-leak
> resistant. However, that resistance failed because the system relied
> on a cryptographic algorithm which was novel, secret, subject to US
> export control key length limits, and not subject to extensive peer
> review. Shortly after the CSS algorithms were made public, Frank
> Stevenson released a pair of cryptographic attacks against CSS which
> made knowledge secret keys completely unnecessary.
>
> No such attack exists against AACS. The secret keys are still needed
> and can be changed for  future releases.  The developers of AACS
> clearly learned from the mistakes of CSS. The few novel cryptographic
> primitives used in AACS are well isolated and have been published for
> years, the rest is bog standard crypto stuff. The entire system has
> been extensively reviewed. There is no reason to expect a true
> complete crack, like that of CSS, for AACS will be  forthcoming in the
> near future.
>
> ... and any such crack with be of a mathematical nature. ... The
> released disk and product keys do little to nothing to further an
> actual complete crack.
>
> Perhaps people might understand some of the nuance here if they
> weren't too busy declaring victory over The Man?
>

Of course to do this they need to invalidate machines which were coded
with the old keys, or risk giving the keys to an architecture which is
considered unsafe. If I really wanted to upgrade my physical box of a
HDDVD player each time one of these attacks occured I might think
about it. But I would rather be able to purchase content which works,
and will work in the future, on multiple machines. I am surprised that
the whole sony copy protected CD thing hasn't come up yet. Sony were
told they weren't allowed to restrict who could play what CD's to
their special players, and it will only be time before the same
control restrictions are taken off and keys must be kept continuously
in order for people to continually be able to use the content that
they purchased legally.

May not happen tommorrow, but it will happen.

Peter