[lug] dvd encryption hacked
Ferdinand P. Schmid
fschmid at archenergy.com
Fri Nov 5 12:20:14 MST 1999
HI,
This message found its way to my computer this morning. Quite
interesting - and proof that proprietary software is no warranty for
security (NT vs. Linux).
http://www.cnn.com/TECH/computing/9911/05/dvd.hack.idg/index.html
DVD encryption hacked
November 5, 1999
Web posted at: 9:56 a.m. EST (1456 GMT)
by Mathew Schwartz
(IDG) -- After the motion picture industry spent years negotiating
the encryption standard for digital video discs (DVD), a small group
of Norwegian hackers recently released a program, called DeCSS, that
can break the encryption on almost any DVD disk.
"This is a troubling situation," said Rick Clancy, a spokesman at Sony
Corporation of America. He said Sony is still gathering information on
the purported hack and added that "Sony is of course a strong advocate
of content protection."
Every DVD disk has about 400 keys on it to make the disk readable to
all of the various DVD players on the market. The players, in turn,
also have the 400 keys licensed and encrypted in their hardware or
software playback systems. But apparently one program, the XingDVD
Player, from RealNetworks Inc. subsidiary Xing Technologies, didn't
have its keys adequately safeguarded. The hackers were thus able to
deduce how to crack DVDs and released the DeCSS program, which will do
it automatically.
According to CNN, the group was attempting to reverse-engineer a
software DVD player in order to create one compatible with the Linux
operating system. There is currently no Linux-compatible player.
DeCSS is reported to be circulating the Internet on Web sites and
newsgroups. The program allows users to copy the contents of a DVD
onto the user's hard drive.
Officials from RealNetworks weren't available for comment Thursday
morning.
The hackers are claiming that the DVDs only have 40-bit encryption. By
contrast, Netscape 4.7, the company's most recent exportable version,
has 56-bit encryption. The secure version of Internet Explorer 5.0 has
128-bit encryption.
This isn't the first DVD encryption to be broken. DVDs already have
regional codes so that they can only be played on players bought in
that region. This helps the movie industry distribute DVDs in the same
pattern as films: premiere it in one market, then gradually release it
in other markets. But movie producers often don't use the codes, and
players have sprung up that can play DVDs with any of the various
regional codes.
--
Ferdinand Schmid
(Staff Engineer)
Architectural Energy Corporation
http://www.archenergy.com
2540 Frontier Avenue, Suite 201
Boulder, CO 80301
Phone: (303) 444-4149
Fax: (303) 444-4304
e-mail: mailto:fschmid at archenergy.com
More information about the LUG
mailing list