From owner-freebsd-hackers  Wed Feb 23 12:18:26 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from spirit.jaded.net (spirit.jaded.net [216.94.113.12])
	by hub.freebsd.org (Postfix) with ESMTP id 7132237B992
	for <hackers@FreeBSD.ORG>; Wed, 23 Feb 2000 12:18:22 -0800 (PST)
	(envelope-from dan@spirit.jaded.net)
Received: (from dan@localhost)
	by spirit.jaded.net (8.9.3/8.9.3) id PAA01950;
	Wed, 23 Feb 2000 15:17:19 -0500 (EST)
Date: Wed, 23 Feb 2000 15:17:18 -0500
From: Dan Moschuk <dan@FreeBSD.ORG>
To: Peter Wemm <peter@netplex.com.au>
Cc: Sergey Babkin <babkin@bellatlantic.net>, hackers@FreeBSD.ORG
Subject: Re: DeCSS
Message-ID: <20000223151718.A1731@spirit.jaded.net>
References: <babkin@bellatlantic.net> <20000223091808.979921CDF@overcee.netplex.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <20000223091808.979921CDF@overcee.netplex.com.au>; from peter@netplex.com.au on Wed, Feb 23, 2000 at 05:18:08PM +0800
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


| IMHO, what would be FAR better would be for things that use the Xing keys
| to go away, and something else used that exploited the weaknesses of the
| CSS system itself.  A couple of researchers have found that CSS is *SO
| PATHETICALLY WEAK* that it takes merely a few seconds on a reasonably quick
| computer to break the session key for the DVD without having *any*
| knowledge of the compromised Xing key.  That way the MPAA and CCA can't
| claim that you are using a stolen key, because you are not using any of the
| 512 player keys.  You are simply figuring out what the session key is.

Correct! CSS is so pathetic that breaking it in runtime is quite easily 
accomplished.  Each DVD has a disk key, which is stored in a five byte
hash on the disk.  The disk key is also stored encrypted with all the various
player keys.  The layout looks something like this:

5 byte disk key hash
Disk key encrypted with player key 1
Disk key encrypted with player key 2
...
Disk key encrypted with player key n

When a disk is inserted, the player decrypts the disk key with its assigned 
player key, then hashes it and compares it to the 5 byte hash.  Since CSS
is a 40bit cipher (something to do with US export regulations I'm sure), 
attacking the keyspace is quite trivial to do (about a complexity of
2^25).

Another interesting point is that with one player key compromised, one can
derive the rest of the player keys through a similar search.  

-- 
Dan Moschuk (TFreak!dan@freebsd.org)
"Waste not fresh tears on old griefs."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message