On 05/05/07, Gregory Maxwell gmaxwell@gmail.com wrote:
On 5/4/07, David Gerard dgerard@gmail.com wrote:
I am cognizant of the fact that we are not actually dealing with rational actors here. They have the corporate equivalent of batshit crazy right now because their *one dream* has been revealed to be snake oil yet again. They're angry, in denial and blaming and lashing out at everyone in the world except themselves. That's another reason I want to wait a few weeks so that someone else can spend the effort to deal them the smackdown if they don't back down.
O_0
AACS was specifically designed with the expectation of key leaks exactly like this. Such leaks pretty much impossible to completely avoid, ... since the keys must be placed in devices that people own.
AACS-LC might, be surprised at the intensity of the Internet reaction... but there is no reason to say that the cryptosystem isn't working exactly as designed nor is there any reason for them to be panicked from a security perspective.
CSS, used with classic DVD, was also designed to be key-leak resistant. However, that resistance failed because the system relied on a cryptographic algorithm which was novel, secret, subject to US export control key length limits, and not subject to extensive peer review. Shortly after the CSS algorithms were made public, Frank Stevenson released a pair of cryptographic attacks against CSS which made knowledge secret keys completely unnecessary.
No such attack exists against AACS. The secret keys are still needed and can be changed for future releases. The developers of AACS clearly learned from the mistakes of CSS. The few novel cryptographic primitives used in AACS are well isolated and have been published for years, the rest is bog standard crypto stuff. The entire system has been extensively reviewed. There is no reason to expect a true complete crack, like that of CSS, for AACS will be forthcoming in the near future.
... and any such crack with be of a mathematical nature. ... The released disk and product keys do little to nothing to further an actual complete crack.
Perhaps people might understand some of the nuance here if they weren't too busy declaring victory over The Man?
Of course to do this they need to invalidate machines which were coded with the old keys, or risk giving the keys to an architecture which is considered unsafe. If I really wanted to upgrade my physical box of a HDDVD player each time one of these attacks occured I might think about it. But I would rather be able to purchase content which works, and will work in the future, on multiple machines. I am surprised that the whole sony copy protected CD thing hasn't come up yet. Sony were told they weren't allowed to restrict who could play what CD's to their special players, and it will only be time before the same control restrictions are taken off and keys must be kept continuously in order for people to continually be able to use the content that they purchased legally.
May not happen tommorrow, but it will happen.
Peter