On 5/4/07, David Gerard dgerard@gmail.com wrote:
I am cognizant of the fact that we are not actually dealing with rational actors here. They have the corporate equivalent of batshit crazy right now because their *one dream* has been revealed to be snake oil yet again. They're angry, in denial and blaming and lashing out at everyone in the world except themselves. That's another reason I want to wait a few weeks so that someone else can spend the effort to deal them the smackdown if they don't back down.
O_0
AACS was specifically designed with the expectation of key leaks exactly like this. Such leaks pretty much impossible to completely avoid, ... since the keys must be placed in devices that people own.
AACS-LC might, be surprised at the intensity of the Internet reaction... but there is no reason to say that the cryptosystem isn't working exactly as designed nor is there any reason for them to be panicked from a security perspective.
CSS, used with classic DVD, was also designed to be key-leak resistant. However, that resistance failed because the system relied on a cryptographic algorithm which was novel, secret, subject to US export control key length limits, and not subject to extensive peer review. Shortly after the CSS algorithms were made public, Frank Stevenson released a pair of cryptographic attacks against CSS which made knowledge secret keys completely unnecessary.
No such attack exists against AACS. The secret keys are still needed and can be changed for future releases. The developers of AACS clearly learned from the mistakes of CSS. The few novel cryptographic primitives used in AACS are well isolated and have been published for years, the rest is bog standard crypto stuff. The entire system has been extensively reviewed. There is no reason to expect a true complete crack, like that of CSS, for AACS will be forthcoming in the near future.
... and any such crack with be of a mathematical nature. ... The released disk and product keys do little to nothing to further an actual complete crack.
Perhaps people might understand some of the nuance here if they weren't too busy declaring victory over The Man?