Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 23 Feb 2000 15:17:18 -0500
From:      Dan Moschuk <dan@FreeBSD.ORG>
To:        Peter Wemm <peter@netplex.com.au>
Cc:        Sergey Babkin <babkin@bellatlantic.net>, hackers@FreeBSD.ORG
Subject:   Re: DeCSS
Message-ID:  <20000223151718.A1731@spirit.jaded.net>
In-Reply-To: <20000223091808.979921CDF@overcee.netplex.com.au>; from peter@netplex.com.au on Wed, Feb 23, 2000 at 05:18:08PM %2B0800
References:  <babkin@bellatlantic.net> <20000223091808.979921CDF@overcee.netplex.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help 

| IMHO, what would be FAR better would be for things that use the Xing keys
| to go away, and something else used that exploited the weaknesses of the
| CSS system itself.  A couple of researchers have found that CSS is *SO
| PATHETICALLY WEAK* that it takes merely a few seconds on a reasonably quick
| computer to break the session key for the DVD without having *any*
| knowledge of the compromised Xing key.  That way the MPAA and CCA can't
| claim that you are using a stolen key, because you are not using any of the
| 512 player keys.  You are simply figuring out what the session key is.

Correct! CSS is so pathetic that breaking it in runtime is quite easily 
accomplished.  Each DVD has a disk key, which is stored in a five byte
hash on the disk.  The disk key is also stored encrypted with all the various
player keys.  The layout looks something like this:

5 byte disk key hash
Disk key encrypted with player key 1
Disk key encrypted with player key 2
...
Disk key encrypted with player key n

When a disk is inserted, the player decrypts the disk key with its assigned 
player key, then hashes it and compares it to the 5 byte hash.  Since CSS
is a 40bit cipher (something to do with US export regulations I'm sure), 
attacking the keyspace is quite trivial to do (about a complexity of
2^25).

Another interesting point is that with one player key compromised, one can
derive the rest of the player keys through a similar search.  

-- 
Dan Moschuk (TFreak!dan@freebsd.org)
"Waste not fresh tears on old griefs."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000223151718.A1731>