Archive of UserLand's first discussion group, started October 5, 1998.
Re: Why copyright is really-really-really dead
Author: Paul Snively Posted: 7/3/2000; 5:20:29 PM Topic: Why copyright is really-really-really dead Msg #: 18319 (In response to 18317) Prev/Next: 18318 / 18320
Robert Cassidy: http://partners.nytimes.com/library/tech/00/07/biztech/articles/03pate.htmlWhile not foolproof, the concept sounds very difficult to hack and would probably cause most people not to bother...
From the superficial coverage in the article, this just sounds like a slight variation on CSS. The way I read the article, they're talking about devices having a fixed key of some kind and the server conjuring up some appropriate session key based on the receiving device's key, encrypting the data, and sending it to the device. Done correctly, only that device will be able to decrypt the data anytime this century or so.
OK, fair enough... but remember, CSS wasn't cracked due to the fact that materials playable through it weren't encrypted on a per-device basis; it was cracked because someone (Xing, as I recall) left the decryption key in a software DVD player unprotected, and once one of those keys fell, they all fell, and the result was DeCSS.
Some folks still don't want to hear the lesson: the difference between silicon and software is totally arbitrary and, when it comes to encryption, totally meaningless. If you place a key that allows protected content to be played into the hands of the people who wish to play the content without such inconvenient constraints, that key will fall. It might not fall to one person, a dozen, or even a hundred; it might instead fall to the combined computing power of tens or hundreds of thousands of idle computers sitting on the Internet, but it will fall. It might even fall like CSS fell: due to carelessness on an implementor's part rather than cleverness or persistence or good social engineering on the part of a cracker's.
The absolute most the industry can hope for is tamper-resistant hardware a la Dallas Semiconductor's crypto iButton, but even then I doubt cracking the chip will be necessary; someone will manage to flub a protocol that's external to the chip in such a way that the system is insecure without breaking open the chip. After all, so far, there's no reason to believe that the entertainment industry has been hiring competent security people to design these protocols in the first place, otherwise a debacle (from their POV) like DeCSS wouldn't have been feasible.
These folks are making the classic error of assuming that a really good crypto algorithm is all you need, and ignoring the fact that the protocol(s) involved are absolutely crucial, too. I can hear Bruce Schneier first chuckling, then rolling his eyes, all the way from LA.
This page was archived on 6/13/2001; 4:55:34 PM.
© Copyright 1998-2001 UserLand Software, Inc.