[WikiEN-l] Newsflash, David, AACS isn't broken

Gregory Maxwell gmaxwell at gmail.com
Fri May 4 22:32:22 UTC 2007 

On 5/4/07, David Gerard <dgerard at gmail.com> wrote:
> I am cognizant of the fact that we are not actually dealing with
> rational actors here. They have the corporate equivalent of batshit
> crazy right now because their *one dream* has been revealed to be
> snake oil yet again. They're angry, in denial and blaming and lashing
> out at everyone in the world except themselves. That's another reason
> I want to wait a few weeks so that someone else can spend the effort
> to deal them the smackdown if they don't back down.

O_0

AACS was specifically designed with the expectation of key leaks
exactly like this. Such leaks pretty much impossible to completely
avoid, ... since the keys must be placed in devices that people own.

AACS-LC might, be surprised at the intensity of the Internet
reaction... but there is no reason to say that the cryptosystem isn't
working exactly as designed nor is there any reason for them to be
panicked from a security perspective.

CSS, used with classic DVD, was also designed to be key-leak
resistant. However, that resistance failed because the system relied
on a cryptographic algorithm which was novel, secret, subject to US
export control key length limits, and not subject to extensive peer
review. Shortly after the CSS algorithms were made public, Frank
Stevenson released a pair of cryptographic attacks against CSS which
made knowledge secret keys completely unnecessary.

No such attack exists against AACS. The secret keys are still needed
and can be changed for  future releases.  The developers of AACS
clearly learned from the mistakes of CSS. The few novel cryptographic
primitives used in AACS are well isolated and have been published for
years, the rest is bog standard crypto stuff. The entire system has
been extensively reviewed. There is no reason to expect a true
complete crack, like that of CSS, for AACS will be  forthcoming in the
near future.

... and any such crack with be of a mathematical nature. ... The
released disk and product keys do little to nothing to further an
actual complete crack.

Perhaps people might understand some of the nuance here if they
weren't too busy declaring victory over The Man?

More information about the WikiEN-l mailing list