AACS devices won't require dedicated net connection

Then it will much easyer for DVD John to crack this too

I read somewhere that new Blu-ray or HD-DVD movie releases will contain updated keys or on the disks and they will be installed when the movie is inserted.

I don't think DVD Jon I going to have time to work on this one. We need a new DVD-cracking star. :)

"what's their grand countermeasure to prevent AACS from being singularly cracked like CSS?"

Probably the same way the PSP does it, forced firmware upgrades as new software launches.

"wrought with difficulties" ?

Maybe, but I think you mean "fraught".


// obligatory lexical nazi post

The above comment was accurate. As far as I recall the whole scheme is based off a concept called "broadcast encryption". The basic idea is that all players are given a set of unique keys. Discs that are pressed at the factory are basically encrypted under a key that can be derived using the player keys. However, if a specific player has been compromised in some way the broadcast crypto scheme allows for revocation. This revocation list is then placed on new discs from then on. In theory the revocation list could get huge, but the broadcast crypto scheme uses a tree key derivation structure that allows for efficient revocation. Also, so as to dispell another myth I hear now and again....revocation can happen on a individual player basis. I've heard people say, "oh, if they revoke my model I'll be left unable to play discs". This is simply not true. The revocation scheme allows revocation at the individual player level. That being said, if a given player is found to have flaw, and a key is leaked, the same flaw will obviously exist on all others in the field. Thus, said attack would be repeatable. I think the goal here is not to eliminate the piracy, but to at least make a given attack not scale well.

Don't buy into the MPAA's crap:
http://fuckbluray.com/boycott

Interesting, patrick. If that's true, I wonder if it might be possible write software to intentionally report a huge series of numbers into the system. This could take the form of an application--or even a virus to get the numbers reported from different IPs. Even if you couldn't make the list so huge that the system would break, you might eventually hit numbers of valid players--preventing legitimate users from using their players, and generally causing chaos. Of course, that would be wrong.

Excellent point, patrick! I remember reading about in-disc revocation lists... good call, looks like their butts are covered.

Best, Ryan

Why does Patrick have no stars???

Dave, while I'm not familiar with their schema, most likely the IDs are at LEAST 128 bit. That means there are over 3x10^38 possible IDs.
If there are a billion players on the market (10^9), and you manage to invalidate a trillion codes (10^12), the chances of invalidating even a single player are... (Dang, someone help me out here, I took statistics far too long ago) Very unlikely.

So attacking valid players from afar isn't really in the realm of possibility, unless I've horribly mangled my guesstimates.

There has been a lot of speculation about what AACS is or is not. Also there is so much bluster about how "DVD John" or some other hacker is going to crack it.

Unlike DVD's CSS specifications - which were so flimsy they were supposed to keep it secret, the companies behind AACS are confident enough in AACS's robustness to actually publish the implementation specifications.

See here: http://www.aacsla.com/specifications/

Those of you who think this will be easy to crack should think again ... 128 bit AES, eliptic curve digital signatures, revocation, renewability, etc.

Chapter 4 of the Introduction and Common Cryptographic Elements spec spells out the various authentication, key exchange, revocation list update mechanisms, etc. in great detail.

As to Internet capabilities and requirements, see Chapter 5 of the Introduction and Common Cryptographic Elements spec. It is clearly stated that on-line connectivity is not required of devices.

Furthermore, AACS defines four "enhanced modes" associated with using AACS content with online connections. From the specs:

� AACS Network Download Content. This on-line content is intended to be recorded on AACS-protected media. An on-line transaction serves to bind the content to a particular piece of media.

� AACS On-line Enabled Content. This content is pre-recorded on pre-recorded media, or part of the initial download in AACS Network Download content, but only made playable by an on-line transaction.

� AACS Streamed Content. This is stream content logically associated with pre-recorded or AACS Network Download Content, but delivered on demand across the Internet.

� AACS Managed Copy. Content protected by AACS and contained on Pre-recorded Media includes an offer to allow at least one copy of that title onto alternative media such as a Home Media Server. The device performing the Managed Copy will need to obtain authorization from a Remote Server as a part of making this copy. The requirements to support AACS Managed Copy are defined in the Prerecorded Video book.


Perhaps more interesting to look at is the various ways that AACS can "bind content" (see section 5.5). From that section, content can be:

� Media Binding - content is bound to the specific recordable media

� Content Binding - downloaded content can be bound to any copy of a specific AACS content item

� Device/Content Binding - downloaded content is bound to a specific device and any copy of the specific AACS content item

+ Device/Media Binding - downloaded content is bound to a specific device on specific recordable media


So ... there is a lot to AACS - and hacking it will not be easy. There may be momentary security breaches - but these will be difficult to exploit in the long run because compromised devices can be revoked and security holes can be fixed through renewability (e.g., required firmware updates).

Some of the online options kind of suck ... if I buy a movie online and burn it to AACS media, I might not be able to watch it on anything but the device that burned the AACS media.

And such decisions are up to the content publishers who will probably all adopt different policies here. Which means confusion - this is a film from studio X, which I can only play on my PC, but studio Y's movies can be played on my equipment as well as my friends and family's AACS compliant equipment.

Confusion could reign supreme ==> consumer frustration.

Just wait, even though there is a huge number of possible device codes, if someone figures out how to discover the "master list", then essentially software decryption will be undefeatable. You cant invalidate all of the codes, so wouldnt that end it there? Anyways, keep an eye on deaacs.com, Jon's newest site.

I sometimes wonder if I'm living in the same universe as everyone else, or people just don't rememeber things...

the network connection requirement for the new copy control systems has been long known. not for playback, but at least for monitoring copies and for updating the software everytime the system gets cracked. welcome to decss that the vendors change when a key gets loose.

and decss was cracked when a device manufacturer accidently left a key unencrypted, not because of genius hacking. i assume the death penalty awaits he who forgets to encrypt the key this time. besides, as i said, the who purpose of the net connection for hd devices is the enable the copy control lords to change the keys/whatever they like when a DVD Jon and company crack it in the future. just like iTunes or the PSP, expect forced updates of your copy control or you can say goodbye to your devices's ability to function.