padlock[2] Although this story is not directly related to e-books, it serves to show the untenability of DRM schemes in general in the long term and as such is important and worth repeating. Engadget reports that a putative “HDCP master key” has been found and released.

It hasn’t been confirmed yet whether this key actually is what it claims to be, but if true, this would render the protection scheme used to protect Blu-Ray, in which individual players’ keys could be revoked if compromised, obsolete—this is the key that is used to generate those keys, and the release also includes a description of how to use it to do just that.

It might also throw a kink into the MPAA’s plans to stream movies to customers at home while they’re still in theaters, for which they got the FCC to allow them to send content only through secured HDMI connections rather than through any of the other, recordable analog ones.

It’s unclear who released this key or how it was found. The key, which was uploaded to Pastebin and by now is presumably being mirrored all over the place, is being publicized by a twitter account called “Intel Global PR”.

It is apparently theoretically possible to derive the master key from fifty individual keys, but Cory Doctorow posts on BoingBoing that he suspects it happened via a plain old leak. If “three can keep a secret if two of them are dead” then something like a security key that would have had to be in the possession of a number of people was doomed sooner or later. It’s yet another proof that “security through obscurity” just doesn’t work. (Security researcher Niels Ferguson, who wrote the first paper proposing the fifty-key method, suspects it was a hybrid approach.)

HDCP DRM is used to implement the controversial HDMI connection scheme, in which high-definition content would be degraded unless output specifically through a secured HDMI connection that would prevent it from being intercepted and recorded along the way. The controversy arises because this would prevent high-definition sets that are too old to have HDMI but are still technically capable of displaying the content at its full resolution from doing so.

The leak is reminiscent of the early discovery through a compromised DVD player’s key that DVDs’ encryption, CSS, relied on remarkably weak encryption, which subsequently led to DeCSS and the ability to play DVDs through countless unlicensed Linux player applications. Will a “DeHDCP” soon follow? Will the motion picture industry try as fruitlessly to quash this key as they tried to quash DeCSS?

I now have a picture in my head of all the previously-cracked encryption schemes welcoming HDCP to their club. Not just CSS, but also all the e-book schemes: Microsoft Reader, Adobe, eReader, Mobipocket/Kindle, and so on. More proof that all DRM schemes will eventually fall wasn’t necessary, but it certainly is nice to have.

4 COMMENTS

  1. [sarcasm] This is why we need tougher laws. The technology clearly doesn’t work.

    We need laws that force internet service providers to wade through everyone internet traffic searching for anyone transmitting this master key. It could be hidden anywhere, personal emails, business agreements, bank transactions. The ISP’s have to scan continuously without a warrant. These laws need to be entrenched in international trade agreements so they can’t be changed. [/sarcasm]

    It’s not surprising and will probably increase blu-ray sales.

  2. HDCP never really prevented anyone from copying content, and even if it had been easier to crack than say AACS, the problem with it is that it contains uncompressed audio and video data. It takes up too much space and bandwidth to be useful for the majority of applications where you’d want to access content. The only thing it effectively did is force electronics manufacturers to pay for a HDCP license.

    The immediate consequence of this is that we’ll probably see some of the more shadier asian electronics companies sell equipment that supports HDCP, but using their own generated key. In the longer term there’ll probably be DIY projects that utilize it and cheap HDCP strippers.

  3. We’re (the public at large & puter geeks) gonna find a way come Hell
    or high water to either defeat or work around this silly, stupid stuff. I mean,
    why shouldn’t people be allowed to throw their BD movie on their DVR and then
    put the disc in a safe place!? Answer, they SHOULD be able to! Stupid Hollywood!
    Pay nearly half a hundred dollars for a bluray movie, ($40 for that Avatar 3
    disc set) you want to keep it in a safe place! I’ve got quite a tiddy sum
    invested in BD movies whether bought new or from a closing Blockbuster store. At
    least $200! If they’d just sell these things for $9.99, ($4.99 for DVDs) they’d
    not only stop the pirating but they’d sell more in the long haul to make a decent
    profit. But, there’s the RUB! Hollywood types and their ilk are IN-decent,
    stupid bastards!

The TeleRead community values your civil and thoughtful comments. We use a cache, so expect a delay. Problems? E-mail newteleread@gmail.com.