Allen <[EMAIL PROTECTED]> writes: > I know I'm in over my head on this so my apologies, but if the > key is used in one machine in a product line - Sony DVD players > say - then if they find the one machine that it came from and > disable it, wouldn't figuring out the key for the next machine in > the production run be relatively trivial as the algorithm and > hardware implementation used by all machines of a give run be the > same? Therefore, couldn't one buy several of them and use them > one after another as they are discovered and disabled?
Perhaps so, depending on the nature of the crack. It may require unsoldering chips from the machine motherboard or other rather difficult to perform operations that would not be possible for average users. Keep in mind that each machine costs several hundred dollars, and they will be turned into bricks once revoked. This raises the question of who is bankrolling this effort and what his motivations are. > So, in order to prevent any of those machines from being used > they'd have to disable a whole lot of machines owned by ordinary > individuals, right? What are the downside risks for Sony in doing > this? I imagine it is safe to say that this is not a step that AACSLA would take lightly. If they ever did this then I suppose the machine manufacturer would have to provide owners of the affected models with upgrades to newer machines. It's very hard to predict the future and it is not clear to me that we will get into a scenario where a very small number of "sacrificial" machines are the source of every HD movie being uploaded to the pirate nets, such that when these few machines are revoked, immediately another few machines are swapped in to replace them. It would require a relatively large degree of coordination among what I would imagine is a generally loose affiliation of attackers with diverse motivations. But as I said, my crystal ball is foggy. Hal Finney --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]