Date: Wed, 23 Feb 2000 17:18:08 +0800 From: Peter Wemm <peter@netplex.com.au> To: Sergey Babkin <babkin@bellatlantic.net> Cc: hackers@FreeBSD.ORG Subject: Re: DeCSS Message-ID: <20000223091808.979921CDF@overcee.netplex.com.au> In-Reply-To: Message from Sergey Babkin <babkin@bellatlantic.net> of "Mon, 21 Feb 2000 22:31:35 EST." <38B20317.8C63436C@bellatlantic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Sergey Babkin wrote:
> Peter Wemm wrote:
> >
> > I would love to make a port of this, for reasons that become obvious once y
ou
> > see the page. (Think of all the mailing list archives and mirrors)
> >
> > http://www.totse.com/DeCSS/
> >
> > Be sure to read it before commenting, it's not what you might think.
>
> I can't help keeping wondering if this MAA
> is missing the point completely: why would
> someone need the decryption to make a _copy_ ?
> A copy is a copy and it appears to me that
> the encrypted bits written on the disk surface
> could be copied just exactly as well as the
> decrypted bits. Probably the real reason they
> start this activity is because otherwise they
> would lose some kind of royalties from the
> DVD-players manufacturers.
As a diversion to the original topic, I'll comment on what the DVD CCA and
MPAA are doing.
First of all, decrypting the data is *NOT* required in order to copy the DVD.
This is how 99.99% of the copying is done presently - ie: a bit-by-bit copy
of the data and re-stamping a new DVD. css-auth and DeCSS are not required
for this. All you need is special hardware to read it - read: a DVD drive that
you have hacked the firmware in order to get at the raw bitstream.
What the MPAA and DVD CCA are really up to is trying to mantain a monopoly on
who can write or sell *players* of DVD's and keep those people under their
control.
There are 512 "player keys" that each DVD is encoded with. By licensing
the CSS code etc you are really buying into the key space. The intent is
that if one of the keys is compromised (eg: the Xing key) they can cease
mastering DVD's with that key. As a result, all new DVD's would no longer
work with that particular Xing player or things like css-auth etc which
have ripped off a copy of the key.
However, there is a darker side to it all. Part of the license conditions
to get your foot in the door is that your player *MUST* obey things like
region codes. It *MUST* play in normal speed the compulsory tracks. This
means that you cannot buy a DVD in europe and play it in the US. It means
you cannot fast-forward past things like piracy warnings and advertising.
(That's right, you have to sit and watch Disney's Trailers in full before
you can watch the rest of the DVD.) The manufacturers *MUST* include the
magnavision anti-VCR distortion to prevent recording on VCRs, etc.
The DVD CCA (copy control association) would probably be better named the
'content control association'. It prevents third parties from mastering
DVD's as they don't have the knowledge of the player keys. They probably can
make DVD's but they would be totally unprotected.
What is to stop a manufacturer taking the de-css or css-auth code and using
that instead of paying the fees (rumoured to be multiple millions of
dollars) to get a player key allocated to them - very little in theory.
The css algorithm and keys were a trade secret and it's been blown.
However, in practice, the moment a manufacturer thinks about doing this, you
can bet your last cent that no new DVD's will work on that machine.
IMHO, what would be FAR better would be for things that use the Xing keys
to go away, and something else used that exploited the weaknesses of the
CSS system itself. A couple of researchers have found that CSS is *SO
PATHETICALLY WEAK* that it takes merely a few seconds on a reasonably quick
computer to break the session key for the DVD without having *any*
knowledge of the compromised Xing key. That way the MPAA and CCA can't
claim that you are using a stolen key, because you are not using any of the
512 player keys. You are simply figuring out what the session key is.
The moment a hardware manufacturer (who isn't a CCA "subject") makes a DVD
player using the CSS weaknesses, then all bets are off. DeCSS and css-auth
will be obsolete overnight. MPAA can sue to their heart's content but will
not have a leg to stand on. They can't claim it's there to enable piracy as
the player does nothing but play the DVD. They can't claim the use of stolen
keys as none are being used. They can't claim trade secret violation as the
player manufacturer would not have been a party to he trade secret contracts.
The problem that the freeware players have is that the components (eg:
css-auth) are based on compromised keys and are used to decode the contents
of the DVD, which *could* allow piracy (but not very cost effective piracy,
as the space required to copy it costs far more than the original DVDs do).
That's the straw that seems to be within the reach of the MPAA/CCA at the
moment, apart from having lots of $$$$ to make it very hard for the average
person to fight. A binary "player program" that can't be used to
seperately decode the DVD's should be theoretically immune to even that
angle of attack, as long as you have the nerve and resources to stand up to
the legal harassment.
(Just my comments as an interested observer (from region 4) over the last
few months. IANAL etc)
Cheers,
-Peter
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000223091808.979921CDF>