HDCP Master Key Revealed 747
solafide writes "The HDCP Master Key has allegedly been revealed. If true, this information will allow anyone to create their own source or sink keys, essentially making HDCP useless for content protection permanently. No word yet on how it was obtained, but if true, this is a great day for content freedom around the world!"
Re:Isn't this like AACS (Score:5, Informative)
Re:Clever idea to slashdot the site with the key.. (Score:5, Informative)
Here you go:
HDCP MASTER KEY (MIRROR THIS TEXT!)
This is a forty times forty element matrix of fifty-six bit
hexadecimal numbers.
To generate a source key, take a forty-bit number that (in
binary) consists of twenty ones and twenty zeroes; this is
the source KSV. Add together those twenty rows of the matrix
that correspond to the ones in the KSV (with the lowest bit
in the KSV corresponding to the first row), taking all elements
modulo two to the power of fifty-six; this is the source
private key.
To generate a sink key, do the same, but with the transposed
matrix.
6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9
82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6
1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39
b3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e
2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378
672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d
07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc32c7e63
1d6b501ae0f003 f5a8fcecb28092 854349337aa99e 9c669367e08bf1 d9c23474e09f70
3c901d46bada9a 40981ffcfa376f a4b686ca8fb039 63f2ce16b91863 1bade89cc52ca2
4552921af8efd2 fe8ac96a02a6f9 9248b8894b23bd 17535dbff93d56 94bdc32a095df2
cd247c6d30286e d2212f9d8ce80a dc55bdc2a6962c bcabf9b5fcbe6f c2cfc78f5fdafa
80e32223b9feab f1fa23f5b0bf0d ab6bf4b5b698ae d960315753d36f 424701e5a944ed
10f61245ebe788 f57a17fc53a314 00e22e88911d9e 76575e18c7956e c1ef4eee022e38
f5459f177591d9 08748f861098ef 287d2c63bd809e e6a28a6f5d000c 7ae5964a663c1b
0f15f7167f56c6 d6c05b2bbe8800 544a49be026410 d9f3f08602517f 74878dc02827f7
d72ef3ea24b7c8 717c7afc0b55a5 0be2a582516d08 202ded173a5428 9b71e35e45943f
9e7cd2c8789c99 1b590a91f1cffd 903dca7c36d298 52ad58ddcc1861 56dd3acba0d9c5
c76254c1be9ed1 06ecb6ae8ff373 cfcc1afcbc80a4 30eba7ac19308c d6e20ae760c986
c0d1e59db1075f 8933d5d8284b92 9280d9a3faa716 8386984f92bfd6 be56cd7c4bfa59
16593d2aa598a6 d62534326a40ee 0c1f1919936667 acbaf0eefdd395 36dbfdbf9e1439
0bd7c7e683d280 54759e16cfd9ea cac9029104bd51 436d1dca1371d3 ca2f808654cdb2
7d6923e47f97b5 70e256b741910c 7dd466ed5fff2e 26bec4a28e8cc4 5754ea7219d4eb
75270aa4d3cc8d e0ae1d1897b7f4 4fe5663e8cb342 05a80e4a1a950d 66b4eb6ed4c99e
3d7e9d469c6165 81677af04a2e15 ada4be60bc348d dfdfbbad739248 98ad5986f3ca1f
971d02ada31b46 2adab96f7b15da 9855f01b9b7b94 6cef0f65663fbf eb328e8a3c6c5d
e29f0f0b1ef2bf e4a30b29047d31 52250e7ae3a4ac fe3efc3b8c2df1 8c997d15d6078b
49da8b4611ff9f b1e061bc9be995 31fd68c4ad6dc6 fd8974f0c506dd 90421c1cd2b26c
53eec84c91ed17 5159ba3711173b 25e318ddceea6a 98a14125755955 2bb97fd341cea2
3f8404769a0a8e bce5c7a45fb5d4 9608307b43f785 2a98e5856afe75 b4dbead4815cac
d1118af62c964a 3142667a5b0d14 6c6f90933acd3d 6b14a0052e2be4 1b1811fda0f554
12300aa7f10405 1919ca0bff56ea d3e2f3aad5250c 4aeeea5101d2ec 377fc499c07057
6cb1a90cdb7b11 3c839d47a4b814 25c5ac14b5ec28 4ef18646d5b9c2 95a98cc51ebd3b
310e98028e24de 092ffc76b79f44 0740a1ca2d4737 b9f38966257c99 a75afc7454abe4
a6dd815be8ccbf ec2cac2df0c675 41f7636aa4080f 30e87b712520fd d5dfdc6d3266ac
ee28f5479f836f 0bf8ee2112173f 43ae802fa8d52d 4e0dffd36c1eac 3cbda974bb7585
fb60a4700470e3 d9f6b6083ef13d 4a5840f02d0130 6c20ef5e35e2bf dad2f85c745b5b
61c5ddc65d3fc9 7f6ec395d4ae22 2b8906fb3996e2 e4110f59eb92ac 1cb212b44128bb
545afda80a4fd1 b1ffea547eab6b fac3d9166afce8 3fe35fe17586f2 9d082667026a4c
17ffaf1cb50145 24f27b316acfff b6bb758ec4ad60 995e8726359ef7 c44952cb424035
5ec53461dbd248 40a1586f04aee7 49ea3fa4474e52 c13e8f52c51562 30a1a70162cfb8
ccbada27b91c33 33661064d05759 3388bb6315b036 0380a6b43851fb 0228dadb44ad3d
b732565bc37841 993c0d383cfaae 0bea49476758ac accc69dbfcde8b f416ab0474f022
2b7dbcc3002502 20dc4e67289e50 0068424fde9515 64806d59eb0c18 9cf08fb2abc362
8d0ee78a6cace9 b6781bd504d105 af65fab8ee6252 64a8f8dd8e2d14 cb9d3354e06b5b
53082840d3c011 8e08
Re:Proof? (Score:5, Informative)
1. HDCP MASTER KEY (MIRROR THIS TEXT!)
2.
3. This is a forty times forty element matrix of fifty-six bit
4. hexadecimal numbers.
5.
6. To generate a source key, take a forty-bit number that (in
7. binary) consists of twenty ones and twenty zeroes; this is
8. the source KSV. Add together those twenty rows of the matrix
9. that correspond to the ones in the KSV (with the lowest bit
10. in the KSV corresponding to the first row), taking all elements
11. modulo two to the power of fifty-six; this is the source
12. private key.
13.
14. To generate a sink key, do the same, but with the transposed
15. matrix.
16.
17.
18. 6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9
19. 82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6
20. 1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39
21. b3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e
22. 2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378
23. 672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d
24. 07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc32c7e63
25. 1d6b501ae0f003 f5a8fcecb28092 854349337aa99e 9c669367e08bf1 d9c23474e09f70
26.
27. 3c901d46bada9a 40981ffcfa376f a4b686ca8fb039 63f2ce16b91863 1bade89cc52ca2
28. 4552921af8efd2 fe8ac96a02a6f9 9248b8894b23bd 17535dbff93d56 94bdc32a095df2
29. cd247c6d30286e d2212f9d8ce80a dc55bdc2a6962c bcabf9b5fcbe6f c2cfc78f5fdafa
30. 80e32223b9feab f1fa23f5b0bf0d ab6bf4b5b698ae d960315753d36f 424701e5a944ed
31. 10f61245ebe788 f57a17fc53a314 00e22e88911d9e 76575e18c7956e c1ef4eee022e38
32. f5459f177591d9 08748f861098ef 287d2c63bd809e e6a28a6f5d000c 7ae5964a663c1b
33. 0f15f7167f56c6 d6c05b2bbe8800 544a49be026410 d9f3f08602517f 74878dc02827f7
34. d72ef3ea24b7c8 717c7afc0b55a5 0be2a582516d08 202ded173a5428 9b71e35e45943f
35.
36. 9e7cd2c8789c99 1b590a91f1cffd 903dca7c36d298 52ad58ddcc1861 56dd3acba0d9c5
37. c76254c1be9ed1 06ecb6ae8ff373 cfcc1afcbc80a4 30eba7ac19308c d6e20ae760c986
38. c0d1e59db1075f 8933d5d8284b92 9280d9a3faa716 8386984f92bfd6 be56cd7c4bfa59
39. 16593d2aa598a6 d62534326a40ee 0c1f1919936667 acbaf0eefdd395 36dbfdbf9e1439
40. 0bd7c7e683d280 54759e16cfd9ea cac9029104bd51 436d1dca1371d3 ca2f808654cdb2
41. 7d6923e47f97b5 70e256b741910c 7dd466ed5fff2e 26bec4a28e8cc4 5754ea7219d4eb
42. 75270aa4d3cc8d e0ae1d1897b7f4 4fe5663e8cb342 05a80e4a1a950d 66b4eb6ed4c99e
43. 3d7e9d469c6165 81677af04a2e15 ada4be60bc348d dfdfbbad739248 98ad5986f3ca1f
44.
45. 971d02ad
Re:Who revealed it (Score:5, Informative)
Nobody had to give it out. The encryption is weak, and it has been known for a long time that it would be possible to derive the master key given data from a sufficient number of devices. I'm surprised it took this long for someone to actually do it.
Re:Hooray for freedom (Score:4, Informative)
What other for profit industries can we attack? Maybe someone could come up with a universal electronic key so you can drive any car you want.
Electronic unlock devices already exist. They can be used by locksmiths or other authorized personnel for good. You can buy a variety of security-defeating devices on dealextreme. Have a nice day.
Re:Complete fail. (Score:5, Informative)
Like all encryption systems - if you learn enough about the keys, you can crack them and recover the original keys. In this case, just 40 devices with HDCP and a lot of mathematics is virtually guaranteed to recover the master key.
Don't use encryption to secure a digital product. It *will* fail because, at some point, you have to give people a key to access that product - thus they have access to the decrypted stream and to a number which is reliant on the private key. Encryption does NOT take account of protecting against an authorised user with a valid decryption key, or numbers of those users working in a concerted effort to crack your encryption. It's a misuse of the technology and any company that claims the opposite (e.g. all DRM companies) are lying to you.
Re:Hooray for freedom (Score:3, Informative)
Also the 'crimes' being committed are merely civil offenses.
Ah, the classic slashdot myth, repeated so many times that most people here actually believe it. However, the United States criminal code would beg to differ. Ever download $1,000 worth of material in 6 months? Guess what, you committed a crime.
506. Criminal offenses6
(a) Criminal Infringement. —
(1) In general. — Any person who willfully infringes a copyright shall be punished as provided under section 2319 of title 18, if the infringement was committed —
(A) for purposes of commercial advantage or private financial gain;
(B) by the reproduction or distribution, including by electronic means, during any 180-day period, of 1 or more copies or phonorecords of 1 or more copyrighted works, which have a total retail value of more than $1,000; or
(C) by the distribution of a work being prepared for commercial distribution, by making it available on a computer network accessible to members of the public, if such person knew or should have known that the work was intended for commercial distribution.
(2) Evidence. — For purposes of this subsection, evidence of reproduction or distribution of a copyrighted work, by itself, shall not be sufficient to establish willful infringement of a copyright.
(3) Definition. — In this subsection, the term “work being prepared for commercial distribution” means —
(A) a computer program, a musical work, a motion picture or other audiovisual work, or a sound recording, if, at the time of unauthorized distribution —
(i) the copyright owner has a reasonable expectation of commercial distribution; and
(ii) the copies or phonorecords of the work have not been commercially distributed; or
(B) a motion picture, if, at the time of unauthorized distribution, the motion picture —
(i) has been made available for viewing in a motion picture exhibition facility; and
(ii) has not been made available in copies for sale to the general public in the United States in a format intended to permit viewing outside a motion picture exhibition facility.
(b)(b) Forfeiture, Destruction, and Restitution.—Forfeiture, destruction, and restitution relating to this section shall be subject to section 2323 of title 18, to the extent provided in that section, in addition to any other similar remedies provided by law.
(c) Fraudulent Copyright Notice. — Any person who, with fraudulent intent, places on any article a notice of copyright or words of the same purport that such person knows to be false, or who, with fraudulent intent, publicly distributes or imports for public distribution any article bearing such notice or words that such person knows to be false, shall be fined not more than $2,500.
(d) Fraudulent Removal of Copyright Notice. — Any person who, with fraudulent intent, removes or alters any notice of copyright appearing on a copy of a copyrighted work shall be fined not more than $2,500.
(e) False Representation. — Any person who knowingly makes a false representation of a material fact in the application for copyright registration provided for by section 409, or in any written statement filed in connection with the application, shall be fined not more than $2,500.
(f) Rights of Attribution and Integrity. — Nothing in this section applies to infringement of the rights conferred by section 106A(a).
Re:The viewpoint from two worlds (Score:5, Informative)
It gets worse actually, with HDCP you cannot use signal splitters or other devices like scalers or converters that are frequently used in professional projection and scientific setups. If you do, you will get snow (not immediately, just sometime down the road when somebody has loaded HDCP protected content) on the whole display (not just the content) making those things useless. If you use a splitter for example, you have to go out of your way and buy another device ($80) to sit on the primary channel to make sure it can't negotiate the HDCP encryption. But HD content will still play even if you don't have an HDCP-compatible setup (as there is no content I know off yet that forcefully locks people out of their Chinese/Wal-Mart TV/Blu-Ray el-cheapo knockoff setup), it's just that if you do have an HDCP-compatible setup (and you paid good money for eg. Dual-DVI KVM, splitter, displays and projectors with high-res 120Hz signals for scientific research), it will malfunction.
Read beyond the summary. (Score:5, Informative)
In particular, read
http://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection [wikipedia.org]
and
http://en.wikipedia.org/wiki/Blom's_scheme [wikipedia.org]
Some key (heh) facts:
* This key is not stored in high-def devices themselves, nor does any manufacturer possess it. This is the key used to *make* individual manufacturers' keys.
* The generated manufacturers' keys are set up in a way that device A and B can communicate secretly without knowing each others' keys.
* Because of the way this system works, if enough individual manufacturers' keys are known, one can figure out the master key. In this case, "enough" is 40.
Important point: it's not like some random tech at Sony got fired and decided to blow the whole thing wide open. If it's a leak, it's a leak from just one or two specific keyholders at Intel, who developed the system. But it doesn't have to be: any random person with 40 different Blu-Ray players and a whole lot of cleverness could potentially figure this out.
Re:Proof? (Score:5, Informative)
Cryptome has an interesting reading on the weakness of the key [cryptome.org]
Re:Isn't this like AACS (Score:3, Informative)
If i look at the pastbin post this is just a complex way to publish 40 keys, not ONE master key
It's the master key matrix - not an HDCP key by itself, but THE key to generate all valid HDCP keys.
Re:I AM THE GOD OF HELLFILE AND I BRING YOU ... (Score:3, Informative)
fire?
Well, whether he meant Fire or File, it's still a pretty funny use of Arthur Brown's FIRE.
Re:Hooray for freedom (Score:5, Informative)
At some point, lawmakers will be from the generation that also posts on forums, that downloaded mp3's when they were younger (or still do), and that watched 2 or 3 movies illegally when they were students.
Current lawmakers all smoked dope when they were students. That doesn't mean that they are all in favor of legalizing marihuana.
And the "flower power" generation had, during 60-ies [wikipedia.org] - 70-ies [wikipedia.org], some pretty liberal idea [allmusicals.com] about sex ... FF 40 years (they should be in their 60 now) and... try singing that in public, you'll see it's almost as illegal as marijuana.
Re:Your tv manufacture can now get it. (Score:1, Informative)
The HDCP is for communicating over HDMI links. Blue ray uses ACCS and some other protections. "the" blue ray protection is not broken cryptographically.
But now you can at least create an open source tv that can play HDCP content.
and a device that pretends to obey the content restrictions - about sending to unprotected outputs, but doesnt - thus can be recorded from easily.
Your blu-ray player can decode the aacs content and send it over what it thinks is a secure link.
More info here (Score:2, Informative)
Re:Hooray for freedom (Score:1, Informative)
This is true. Most people I know think that when they get a new computer they have to re-buy all their tracks from iTunes again. It doens't even register on their minds that there is a discrete file that could theoretically be moved onto another device (other than their iTunes paired iPod) and that they have the right to do this. So long as it works at *that* moment they don't care. These are mostly the same people who will buy all their movies over again on a new format whenever a new one is released every 5 or so years.
Re:Hooray for freedom (Score:3, Informative)
Probably not. But many did.
That doesn't mean that they are all in favor of legalizing marihuana.
Probably not. But many are.
Re:Hooray for freedom (Score:5, Informative)
Well, uh... for starters, it's nothing to do with DVDs. HDCP is the copy protection mechanism for display interfaces. The copy protection for DVDs is CSS, which was broken over a decade ago. HDCP is a ridiculous system which makes a display authenticate itself against the playback device before a high definition picture will be displayed. This is purportedly to prevent piracy, however most piracy takes place by decrypting the information on the disk before it's ever output to the display, and copying the raw data.
All HDCP does is limit the freedom of the end user in choosing their display device(s) and creates the risk that a device's key might be revoked. Traditional uses of display equipment, e.g. multiple displays in bars, places of worship, retail etc., is made much more difficult because of the handshaking and key exchanging involved. All HDCP really does is placate ignorant studio bosses whilst making things more costly for the consumer. The 'professional' pirates don't care about it at all.
Re:This is premature (Score:2, Informative)
What do you mean with "not widespread enough"? If I'd have to guess than there are easily more than a hundred million devices with HDCP out there. It's in everything that has a HDMI or DVI connector that was released in the last couple of years. Every HD-DVD and Blu-Ray player. Most HD TVs and LCD Computer monitors. Most XBox 360s and every PS3.
The reason people don't currently complain about HDCP is that the complaining phase is already over. Look at any video enthusiast forum about four years ago and you'll find plenty of complaints about incompatibility and things simply not working as they should, but today these problems are largely gone. If you wanted to get rid of HDCP devices stripping the protection have been available for years. They are mainly used to make newer players and consoles work with older displays. They aren't commonly used for ripping or recording since it is usually less of a hassle just to circumvent the DRM on the source.
Apart from that keeping quiet about the break was not an option since again it's been known for years that the master key could be generated out of 39+ device keys. It was just a question of someone investing the time and money to actually do it.
Re:Isn't this like AACS (Score:3, Informative)
It is the master key from which all others are generated.
You can already record HDCP protected video via a USB converter that uses a legit manufacturer's key, but in theory they can ban that key on future discs. With the master key that isn't a problem, you just generate a new device key and issue a firmware update.
Re:Isn't this like AACS (Score:3, Informative)
... but since the source matrix is 40x40, if you know 40 linearly independent identifier/key pairs, you can deduce the entire matrix.
As I understand it, the only way to avoid disclosure of the entire matrix is to avoid releasing more than 40 keys ... so of those 147,846,528,820 possible keys, only 40 are useable. So it really is a complex way to publish 40 keys.
Re:The viewpoint from two worlds (Score:1, Informative)
It's even more basic than that. You don't have to want to do anything geeky at all to be hobbled by HDCP. Here's an example...
Let's say you have a bluray player connected to your 60" 1080p TV with an HDMI connection so that you can enjoy that awesome high-def picture. Now let's say you have your TV connected to your Dolby Digital capable receiver/amplifier with an optical (toslink) cable.
Do you think you are going to get to enjoy that rich 5.1 sound track to go along with your nice high-def picture? Think again. You won't. You will get, at most, a stereo (2.0) downmix of the audio.
Does that seem fair? You paid for your legitimate bluray player and the legitimate bluray disc and the legitimate television and the legitimate receiver. Everything you have done is by the book and all legal and above board (the copyright consortium would be tickled pink with you) and yet all you get is a 2.0 version of the soundtrack. Why? Because the copyright consortium just assumes you are going to be a criminal and copy the movie even though all you want to do is watch it, so they make sure that all you get a copy of is a 2.0 downmix of the soundtrack.
Has this crippling of the end-user experience resulted in any less pirating going on? I don't think so. So once again, DRM harms the legitimate users without hindering the illegitimate users.
Having this master HDCP key is going to have no other impact (i.e. it won't actually increase piracy, that's already rampant) other than to provide the capability of some to restore the enjoyment-level of the media that people have legitimately paid for.
Re:Hooray for freedom (Score:4, Informative)
Get this through your head: The cost of maintaining a distribution network -- be it servers in a data center, theaters in malls across the country, or warehouses and trucks -- far exceeds the cost of manufacturing a physical article in bulk. And the cost of CREATING content exceeds them both.
Uhh...I thought the big advantage of electronic distribution was that it's far cheaper than creating physical articles. I can get a server with 100mbit bandwidth + 10TB monthly transfer for $350/mo -- that will let me distribute 300K albums (at 30MB each). Or, one tenth of a cent each. Even if I hosted on Amazon EC2, my costs would be around 0.6 cents per CD.
I don't think you can press a CD for that little, even if you're buying 10 million of them at a time. I'd bet that the setup fee for a big CD run costs more than hosting the website for 6 months or a year.
Whether or not the cost of creating the content costs more than that depends on who the artist is and why they are creating it and what costs are included -- I have friends that burn CD's and give them out for free because they create music for the fun of it. I think their "recording studio" (including hardware and software) cost less than $500.
Re:Hooray for freedom (Score:3, Informative)
Get this through your head: The cost of maintaining a distribution network -- be it servers in a data center, theaters in malls across the country, or warehouses and trucks -- far exceeds the cost of manufacturing a physical article in bulk. And the cost of CREATING content exceeds them both.
Well, you're half right: the cost of *both* is actually surprisingly cheap, and is just a small percentage of the total cost of a piece of media.
Re:Hooray for freedom (Score:5, Informative)
to date, I think I've grossed about ~$3000, having done about twenty or so live shows at $150 a night. production quality if a lot better than the bands expect, and for the cost of my internet connection a month, they get a torrent seed to give away a link to for free copies of the production.
in either case, the total production cost for a band to release a private CD of pretty close to record industry quality, would run about $1200 for 500 discs (including the cost of the venue, mastering, discs, burning, printing, and jewel case construction/design/printing.) with additional discs running about $0.65/disc.
even at $5 a disk, that's still a HUGE profit margin. (assuming instruments and any other equipment needed to preform was already paid for. though not often the case, a few shows and a few happy buyers quickly take care of that)
you are not entirely correct (Score:3, Informative)
Actually, you will get 5.1 over the optical cable. You won't get 7.1, you won't get 96KHz sampling rate, and you won't get lossless bitstream. But basic Dolby Digital and DTS 5.1 work just fine.
Re:Read beyond the summary. (Score:3, Informative)
I was using shorthand: by "40 different players" I meant 40 different keys.
It's not clear from what I've read whether these keys are distributed 1 per manufacturer, 1 per device model, or god forbid one per device. It is clear that revoked / deleted keys can still be used to help decipher the master key.
Re:Hooray for freedom (Score:4, Informative)
It is only negligible if your time has no value, or the time of the other people involved in making the music has no value. Most people are not born musical savants - they must learn to play their instrument, they must practice their instrument, they must purchase an instrument (or multiple instruments) to play. To record, they must purchase a powerbook (or a cheap dell), they must purchase the recording software, and they must learn how to use the recording software. They must also then actually get around to *writing their own* music. And while you're doing that, you have to earn money to meet the million other obligations of daily existence - food, clothing, shelter, utilities, transportation... all of this costs money and/or time.
To suggest that the process of making music is more or less zero-cost - "cost of creation is negligible" is either willfuly ignorant or absurdly naive. It requires a lot more than patience. And the ultra-rich rock stars are the exception, not the rule. You'll find a lot more musicians that work shitty waiter and retail jobs to pay the bills while they work on their music, and for whom that $100 they could have brought in off 5-10 CD sales would mean one less shitty double-shift.
Production AND distribution are a very small portion of "content creation," whether it be a P2P distribution scheme, or shipping by trucks to hundreds of stores around the country. If you place any sort of value on the work of the musicians whose music you love, then paying them $10-15 to support their work and help them continue to make music is not an unreasonable expectation. Make an effort to find music produced by independent artists, who market directly to their audience, and support those people.
Re:Hooray for freedom (Score:4, Informative)
No one who is complaining about HDCP is trying to pirate. Cracking HDCP is utterly useless for pirates, and HDCP doesn't stop anything they're trying to do.
The HDCP 'protection' was a delusional attempt by the content providers to get a step ahead of pirate-copy-makers. They fantasized that their current media protection was 'perfect', so figured pirates would start copying from the video connection.
Of course, their protection wasn't perfect, so copier have continued to just strip the DRM off the provided media instead of rigging weird setups to copy from a monitor cable.
Which copiers could do anyway, as HDCP decoders have existed forever. This crack was the master key...before that, you had to buy a 'licensed' piece of hardware that could strip HDCP, which is fairly easy to get, although you have to order from overseas. With this crack, now, you can simply record the encrypted signal and decode it, I guess. (Maybe not, though.)
But no copier did that, or will start doing that. They'll just remove the BlueRay or cable encryption instead, like they've been doing.
In short, HDCP was 'second-level' DRM, which required, as a base assumption, that no one would be able to decode DRM before it get outputted, so HDCP was an attempt to protect the output. As people can decode the DRM before output, it's, um, utterly pointless to crack.
Even if copiers were copying from there, none of that has anything to do with 99.9999% of pirates, who download copied movies,and thus could give a flying fuck where the copy came from. Any HDCP connections will display a pirated video as well anything else.
Re:Hooray for freedom (Score:3, Informative)
Just so you know
section 1 violation is A AND(B or C)
Re:The viewpoint from two worlds (Score:2, Informative)
That has nothing to do with HDCP.
It simply is a limit of toslink (optical digital connection).
Essentially toslink standard definies what your receiver "expects" to come down the pipe.
It expects (and thus can property handle)
DTS
Dolby Digital
2 channel stereo uncompressed
If something else (DTS-HD, Dolby TrueHD, 7.1 channel uncompressed) came down the pipe your receiver would simply not "understand" the data.
If you took the movie, stripped all the encryption off of it and played it on hardware without HDCP you would have the exact same limitation.
Re:HDCP really has no legit reason to exist (Score:2, Informative)
Firewire doesn't use HDCP. It uses a complete different encryption standard called DTCP (also know as 5C).
If the content is flagged as "do not record" the STB will shutdown/block the firewire port. The HDCP crack will do nothing to change this restriction.
Re:Hooray for freedom (Score:3, Informative)
Business.
No. Cost of development is a sunk cost. Once it's paid, there's nothing to do but to try and maximize your income. If the total income - number of units sold * (price per unit - cost per unit) - is less than price of development, then yes, the company will be running a deficit rather than profit on that product. That's precisely why they often conduct market surveys before investing in R&D.
It's math, and unless and until you understand it - and I mean really understand it - you better not try to run a company, for your own sake, because you will fail miserably.
To recap: profit = number_of_units_sold * (price_per_unit - cost_per_unit) - cost_of_development, where number_of_units_sold is a function of price_per_unit, benefit per unit to the buyer and human psychology.
Seriously, all aspiring businessmen: read this and understand it. If you can't, you can't succeed. There is no way around this.
Of course they do. That's perfectly in agreement with the equation and its implications. After all, they make the same profit with less (price_per_unit - cost_per_unit), since their cost_of_development is lower.
However, in the long run, for long-selling goods, the cost_per_unit is the dominating factor. That's why it's often a good idea to spend some extra R&D to make sure your manufacturing processes are as efficient as possible. Experience shows that this is especially true of goods with low cost_per_unit. In the bottom end are Internet-downlodable games, where all of the costs are in cost_of_development, and cost_per_unit is for all practical purposes zero; in such items, it's almost always beneficial to decrease the price, since it increases the sales a lot - a hundred times as many people pay for a $1 game than $10 one, adding up to 10-time profits.
In the very extreme end of this, Girl Genius [girlgeniusonline.com], Dwarf Fortress [bay12games.com] and The Freenet Project [freenetproject.org] seem to survive entirely on donations/auxiliary sells. But then again, they are bringing something valuable and wonderful to the Internet, unlike most corporations.
Re:Hooray for freedom (Score:3, Informative)
HDCP comes alongside HDMI,
Not necessarily. In fact, HDCP is independent of HDMI, and works just fine over DVI-D. The reverse is also true -- HDMI can work as essentially DVI + audio, without HDCP at all.
Re:Clever idea to slashdot the site with the key.. (Score:1, Informative)
It's only 89,600 digits in binary. That can easily be represented as a 300x300 b/w image (or, if you prefer perfect fits, 512x175)...
Re:New Prometheus all over again (Score:3, Informative)
My prediction is that media companies will start selling only executable packages that contain player-code, the movie itself, and rootkit, and the player program will erase the movie after it's been watched, leaving the rootkit installed, so they can monitor if the player program is altered by the user, or the movie is watched again.
That won't work at all.
1. some hard drives can be set to read only.
2. you can record the exe file to a WORM medium or just make a bunch of copies.
3. there's always analog hole.
4. virtual machines can be used.
5. I can make the image of my system drive before playing the movie and restore it after (removing the rootkit).
Also, this does not change the fact, that the exe file will contain: the encrypted content, the decryption algorithm and the key.
DRM for non-interactive media does not work.
Re:Hooray for freedom (Score:2, Informative)
How it works (Score:3, Informative)
I figured out the answer by reading the three short articles linked to from HDCP: Why So Weak? [freedom-to-tinker.com]. The deal is that they placed severe hardware constraints on themselves. They were only allowed to require devices to do addition, no multiplication. Therefore the implementation in the Wiki article was not acceptable.
The HDCP scheme only allows "sources" to create a shared private key with "sinks", not other sources. Each source (sink) gets a private key that is a sum of 20 rows (columns) of the master matrix mod(P) where P seems to be 2^56 (which is not prime). Their public key is not a vector of integers like in the Wiki article. It is a vector of 40 zeros or ones with a total of 20 zeros and 20 ones. It is the same vector that selected their 20 rows (columns).
If you look at how an arbitrary source's 20 rows overlap with an arbitrary sink's 20 columns in the master matrix, they will intersect at exactly 400 (= 20 x 20) numbers. The shared private key is the sum mod(P) of these 400 numbers. The source's private key is the 40 word vector containing the sum of its 20 rows. So the 400 numbers at the intersections have been summed into 20 numbers out of the 40 numbers of the source's private key. The sink tells the source which of the 20 of the 40 numbers in the source's private key to sum. These correspond to the 20 bits that were set (out of 40 bits) to select the 20 columns that make up the sink's private key. When the sources adds the 20 numbers from its private key it gets the sum of the 400 numbers in the intersection between the source's rows and the sinks columns.
The sink does the same thing. It gets told by the source which 20 of the 40 numbers in it's private key correspond to the sources 20 rows. The sink adds up these 20 numbers and it too gets the sum of the 400 numbers that are in the intersection of the sources rows and the sinks columns. This way each one uses their own private key (the sum of their 20 rows or columns which is a vector of 40 numbers) combined with the public key of the other (which 20 out of 40 numbers to sum) in order to find a shared private key. They both end up with the same number which is called the shared private key. It is the sum of the 400 numbers where the source's rows intersect the sink's columns in the master matrix.