Hi,

On 2006-03-09 10:37, Hetz Ben Hamo wrote:
> Both formats WILL be cracked. It's only a matter of time and stupidity
> of those companies. Last time it was because none of the DVD forum
> companies had any support for Linux, until "DVD Jon" came with DeCSS
> and from there, the rest is history.

Yes, these DRMs schemes will probably eventually be cracked, to some
extent, and it's indeed only a matter of resources and luck. Which means
that to make DRM systems effective, the DRM vendors just have to raise
the bar on required resources and luck sufficiently -- and at this, they
are hard at work. I doubt the presently introduced generation of DRM
achieves it quite yet, but it would be rather imprudent to take this as
an article of faith and expect a modern Prometheus, incarnated as a DVD
Jon du jour, to descend the cryptographic Olympus and bring the gift of
de-DRM whenever hardship befalls consumers. There are several factors at
play here, which render this increasingly unlikely.

1. The DRM standard and vendors are starting to employ more advanced
cryptographic algorithms both because they learned their lessons and
because  performance constraints, previously a major cause of
weaknesses, are becoming less of a concern. I've talked to some of the
people developing the new DRM schemes, and I can tell you it would be
foolish to expect them to be foolish -- do not confuse momentum with
blindness! Now, these more advanced algorithms take longer to analyze,
and the attack code takes longer to run. If the analogue of DeCSS takes
a decade to write, and a month to run per title, would it be useful to
consumers?

2. New DRM standard include revocation techniques that give the DRM
vendors the ability to cope with partial compromise of their schemes, by
effectively "blacklisting" the cracked players and those derived from
them. And even when this revocation can be circumvented, it is not
trivial: for example, the revocation technique of the HDCP standard was
broken by many people (myself included) within hours of the release of
its specifications, but the attack requires extracting the secret keys
from a few dozen devices -- not a trivial task. Again, this means a much
longer delay until working cracking code gets into the hand of
consumers. Moreover, if the DRM vendors employed certain well-known
cryptographic revocation schemes (at some expense, of course), they
could make the revocation component safe from all known cryptanalytic
attacks. If any crack in the scheme would be effectively closed in a few
days, and the cracks are sufficiently expensive to find, then what are
the chances of a typical consumer actually taking advantage of a crack?

3. Some proposed DRM techniques employ physical barriers to cracking in
the form of tamper-proof components, either in the player itself or on
the motherboard. This raises the barrier, and hence the time frame for
crackers. But moreover, coupled with the revocation techniques, it means
you may have to carry out complex physical surgery on chips, separately,
for each consumer who wishes to de-DRM his content! This is,
essentially, already the case for some presently deployed broadcast
television DRM schemes. How accessible are these cracks, for the typical
consumer?

4. The analog hole is being sewn shut by various industry standard, some
emerging and some already deployed, that essentially encrypt the data
flow throughout the path from the media to the internals of the LCD/CRT.
This means tapping a raw signal and de-DRMing it becomes increasingly
difficult, and will soon require special equipment and expert knowledge
not available to most consumers and, ultimately, not even to the
darknet's data suppliers.

5. Lastly, legislation such as DMCA, and its emerging analogues in
Europe and elsewhere, is decreasing the extent and dissemination of
pertinent cryptanalytic research. It also firmly and extensively forbids
de-DRMing by consumers. Where eagles dwell, our modern Prometheus had
better watch out for his liver.

To conclude, while perfect DRM is not achievable in principle, effective
DRM may very well be achievable in practice, and is plausibly imminent.
The cargo cult of "if we need it bad enough then DVD Jon will bestow a
crack upon us" is a poor and dangerous model of reality; as the DRM war
is drawn to conclusion on the technical and legislative battlefronts,
de-DRMing gifts will no longer be dropped upon consumers' feet. Fair use
rights will be regained, if ever, only the hard way: through consumer
awareness, political lobbying and economical pressure.

  Eran

=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Reply via email to