Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Encryption Security

SDMI *NOT* Cracked!? 108

Posted by Hemos from the who-to-believe? dept.
StoryMan writes "Inside.com is reporting that Salon jumped the gun when it reported that SDMI had been cracked. I think this is fascinating. There's obviously a faction within SDMI that doesn't want this thing to fly. (I say this because I'm assuming Salon's 'anonymous' tipster must have been someone within the working group.)"
This discussion has been archived. No new comments can be posted.

SDMI *NOT* Cracked!? More

SDMI *NOT* Cracked!?

Comments Filter:

  • Re:Nothing to worry about (Score:1)

    by Anonymous Coward
    the square root of -1 is well defined, its not "imaginary" as many "I dont understand mathematics but I'll pretend to because its hip to know this shit" people seem to imply. (-1)^(1/2) is just as well defined as 1 or 1^2 and so on... its a rather unfortunate choice of names...

    its actually quite a bit of a joke you see... if you have used up all the 'real' numbers, what numbers are left? well, imaginary ones of course! Of course the name does not actually mean that the number is imaginary... its just our 1dimentional definition of a number line is inadequte in many different areas.

  • Wouldn't it be more fun... (Score:1)

    by Anonymous Coward
    to wait until they adopt it as standard (and have spent lots of money on implementing it) and then tell them it was cracked?

  • Re:Most likely explanation (Score:1)

    by Anonymous Coward
    I read the article. The head of the SDMI is slandering Salon.com because he says *only* the SDMI can determine whether their encryption has been cracked. He forsakes the notion that whomever has cracked their encryption can also claim that the encryption has been cracked all without the SDMI blessing.

    The first paragraph of the Salon.com report [salon.com] even says: "A spokesperson for SDMI has denied the reports".

  • Re:It's libel, not slander (Score:1)

    by Anonymous Coward
    Quote from the Salon.com article: "A spokesperson for SDMI has denied the reports."

  • Re:Thread on vuln-dev (Score:1)

    by Anonymous Coward
    somebody at Salon probably read it

    I think you just put the ass in assume here. Gotta love irresponsible reporting.
  • The article was quite explicit about the fact that all the reports were unconfirmed. Shame on the `readers' who never read it!
  • I think the question here is not whether or not SDMI has been cracked, but how the SDMI will choose to define "cracked".

    As anyone who has studied advertising knows, a company will always make the strongest possible statement about a product they can, without breaking the law. For example, a company will say "no one else's window cleaner cleans better than ours", while in fact five other products clean just as well (but not better!) but may cost less, be more environmentally friendly, etc. So the statement is true, but misleading.

    If SDMI hadn't been broken, they would have explicitly said "No, it hasn't been broken." The fact that they didn't means it probably has, but they're going to try to spin it, and redefine what they meant by "cracking" it, and just do a lot of hand waving.
  • So what if all 450 uploads haven't been verified; all it takes is one with the watermark removed, and the rest don't matter. It's quite possible that one of the first few uploads they checked was successful, and hence made checking the rest not necessary. That would explain the leak was so soon after the closing of the contest.

  • Well, I think excellence is gonna be in the eye of the beholder, so that's why I didn't really focus on that part. Ethically, I think they're rotten at the core, but that's pretty unavoidable when you have someone like David Talbot as Editor in Chief (I'm assuming that he still is) — and I'm just talking their journalistic ethics here, not their history of sketchy business ethics. As far as excellence, it's a total judgement call, but I think they have a lot of things worth reading there, especially Camille Paglia, some good in-depth articles (when they're not mired in shallow/sloppy academic left thinking) and their Survivor and Big Brother recaps were a riot.


    Cheers,

  • Unfortunately, Inside.com was wrong (or you're at least misinterpreting). Not only is the prize money split between successful hacks, but the conditions for a successful hack were never really laid out by SDMI. If you read over SDMI's rhetoric you'll realize that it will be a cold day in hell before they pay anyone anything.
  • I found that interview very enlightening. What, Salon shouldn't publish the interviews they do with stupid people? Exposing the thoughts of the people behind SDMI is useful--- Salon certainly can't be held responsible for those stupid opinions.

    Would you raise the same objections to an interview with Jack Valenti because he also said things you know to be untrue and misleading?
  • I know this is a nitpick, but this should read:

    It is illegal to sell a CONSUMER GRADE VCR which can record Macrovosion infested signals without degradation.

    Similar to the whole hubub around DAT, there is professional gear that can get around the "protection". (heck, there's even some non-pro gear that has hidden "menus"... heh heh)

  • Check out the site
    http://www.cyberdeck.org/countzero/techa.html
    It has some spectral analysis.
  • There is a thread entitled "hacksdmi" going on security focus' vuln-dev list, somebody at Salon probably read it and saw some of it and just assumed.

    In any case, they put the ass in assume here. Gotta love irresponsible reporting.
  • ...until it becomes illegal to manufacture and sell non-SDMI-compliant devices. (hint: VCRs and MacroVision)

    -c
  • touche...
    I seam to slaughter homonyms when I type to fast.

  • (Score:1)

    by tomita ( 36970 )
    There's obviously a faction within SDMI that doesn't want this thing to fly. (I say this because I'm assuming Salon's 'anonymous' tipster must have been someone within the working group.)"

    You know what happens when you assume?

  • I think the idea behind SDMI is to use the watermark + SDMI compliant hardware/software to keep the music from being duplicated (though I don't know how a watermark is going to stop 'cp'). Removing the watermark would allow you to copy the music.

    I really don't know why this crack SDMI thing is going to matter anyways. I was looking at some sony hardware this morning and it all claimed to be SDMI compliant, so it seems to me that SDMI in it's current state is going to be the official SDMI (or else anyone buying sony hardware is going to have fun upgrading it). I think the SDMI people planned on what we know now as SDMI being the final version, whether it gets cracked or not, and they were not planning on informing anyone if it did get cracked.

    Sorry about the double post.

  • It's a ploy to flush out all the people who were working on the crack with the intention of releasing it after SDMI launched -- once the cat was (apparently) out of the bag, they'd have nothing to lose by bragging.

    Hey, somebody had to say it....
    /.

  • If you are out there and you cracked all of it, how about just posting the plaintext of these puppies somewhere and that will eliminate any possibility of a 'cover-up'.

    While we're at it, :-), got any bodies from Area 51 too?

  • "It's simply not true, because we, ourselves, don't have that information."

    Hello, this is your wakeup call. Its morning and the sun is shining.
    "It's simply not true, because we, ourselves, don't have that information."

    What a lamer.
  • I'm sort of confused. I may be on crack, but I was always under the impression that any encryption or watermarking method could be cracked, given enough computing time (linear or aggregate).

    So, given this and Mr. Chiariglione's comment, "... the fact that somebody has found a hole is good information, because then you could put a patch to it and you can make your algorithm much more robust", it seems that the SDMI ideal is simply a compilation of patches, plugs, and fixes.

    Is this a fair assumption? Does this mean that SDMI-capable devices will need to be constantly upgraded as new patches are implemented? Can we say "losing battle"?

  • From the inside.com article, "a $10,000 prize was offered for each successful hack".

    Phillip.
  • Only buy devices that are not SDMI compliant and spread the word about the availability of such devices.
  • How are they going to force people to use SDMI? ...

    No one will buy a SDMI file.

    No one will buy a SDMI Player.

    No one will run SDMI software.

    No one needs to crack SDMI ... The same content will be avaliable as cds.

    Artists who release music only on SDMI will be hurt financially.

    Hardware manufacturers who use "mp3 timebombs" will be liable in class action lawsuits.

  • I don't think thier goal was to look good from the get go... They are trying to protect thier profits. What would they gain by hiding the fact that it was cracked?
  • $10,000 isn't really all that much to a huge corperation, they probably make that much every few hours. And im pretty sure they knew how unpopular they were goign to look to begin with by trying something like this, so they can't really come out looking any worse.
  • Well, what do you expect the higher-ups at the SDMI to say? "Yep, it's all over folks, we're going home!"
    That seems hardly likely. Instead, this will be dragged out as long as possible by denying, hiding "evidence", and downright lying whenever possible. They know an anonymous source will always raise doubts, so as long as it is unconfirmed (and no one is willing to come forward -- which would be professional suicide), they're home free... Besdies, if they really want to continue, they can always they they "have no record" of the successful crack methods that Salon claims. It's just that easy...
    They would have plenty of possible reasons to deny everything, not the least of which is that once they fail they may or may not be paid to keep going on the same track...
    Of course, that is just IMHO. Take with a grain of salt.
    Peace!
    ------
  • Or maybe it is just an attempt at damage control... Salon said it was cracked with ease, SDMI say no such thing happened. The truth is probably somewhere in between...
  • We have about 450 files, with 450 descriptions of methods -- you know, our testing managing committee started working on this Wednesday morning, and it's simply impossible to say whether this is true or this is false. Nobody knows! And when I say nobody, I mean nobody, because it's 450 music files that have yet to be tested.

    It may be true that they have not yet tested all of the entries, but they don't have to do that to say whether or not every watermark has been cracked. Didn't they have around 6 watermarking schemes? That would mean that a minimum of 6 potential cracks have to be verified. If a watermark was cracked, it was cracked. There is no need to wait and see if 50 other people also found the hole before you know it's there. The hole is just as real if one person found it as it is if 500 found it. This sounds like stalling to me.

  • "I seam to slaughter homonyms when I type to fast."

    Did you do that on purpose? If so, it's not funny. If not, it's pretty funny.

    --
  • I must admit, the idea of watching the RIAA spend billions implementing a system which then immediately crashes and burns is attractive. The problem is that it would end up hurting all the wrong people.

    The implementation costs for any system the RIAA ultimately imposes will be passed on to consumers and hardware manufacturers in the form of higher CD prices and burdensome licensing fees (which will also be passed on to the consumer), and consumers will be forced to adopt a technology which, though not technically secure, will nonetheless manage to inconvenience hundreds of millions of music lovers globally. Waiting until after the fact to crack that system would simply be a case of adding stink to the shitpile. Then it becomes not just a case of onerously burdening the consumer, but -- worse -- onerously burdening him with a system which is useless even for the purpose for which it was created. Which means a new system will be developed and implemented, with yet more implementation costs futilely ripped from consumer wallets.

    No. Better to break the watermarks now and let the SDMI implode from the political backlash. It's not about helping the RIAA. It's about protecting ourselves from stupid, bull-headed money-changers who are concerned about anything but our welfare.

    Lee Kai Wen -- Taiwan, ROC

  • "Telling hobbyists how to make their own electronic devices would be illegal - declared as trafficing in devices which allow avoiding (which includes more than circumvention) of copy protection."

    Thats pretty heavy shit.. :-( Just another reason to hate the DMCA

    Jeremy
  • What, Salon shouldn't publish the interviews they do with stupid people?

    No, quite the contrary. Salon should definately publish the interviews which they do with stupid people. But perhaps they should also do one of the following:

    Challenge it during the interview. The person doing the interview should have some clue about the topics.

    Make a mention of how it was incorrect in the article.

    But yes, Salon should definately publish interviews with stupid people. Stupid people aren't quite like cockroaches, in that when the light comes on they fight rather than run, but they're certaintly as disgusting and as numerous.

  • ...and the winner having to sign over rights to the crack.

    Would this have any bearing on the "illegal" use of the crack in the future? If the RIAA owns the rights to the crack, and the DMCA is bound to be shot to heck, couldn't they use other means (i.e. copyright protection) to keep the crack from being distributed?

  • Didn't PeeWee Herman offer $10,000 for the safe return of his bike? With the plan of not giving the reward because the returner obviously was the guilty party? I think the sample song for technology D was "Tequila".
  • I know a Doctor from Cornell and he is an idiot. How that for slander?
  • Here's why?
    1. I don't think this technology could ever work. It takes to much effort on the end consumer to have SDMI complient software and hardware.

    2. The fact that there was a boycott AND that if the schemes were all cracked that should make an even stronger statement.

    3. If SDMI decided to implement a scheme even after all of this hoopla then I believe they will be wasting a lot of time and money. This is also good in that it keeps them occupied chasing rabbits rather than doing something bad that is actually possible.
  • Heh, I agree...I'm sure there's alot of Label big-shots breathing down their necks..
    BUT the director or some guy in charge (can't remember name,morning coffee didn't kick in)over at SDMI said that they had seriously considered the possibility of them being cracked and have a plan in place in case that were to happen.
    Whats that plan? To take all your vacation time now while you can? :)
    I'm interested in seeing what exactly the status is...even though it will be cracked if it hasn't in fact been already.
  • You may not have noticed but many people and especially corporate-style groups are not good at admitting they're wrong. They've received 450 submissions. I'd say the chances are that the 6 SDMI technologies have been cracked. The first question they'll ask themselves is "can we cover it up?". Otherwise they'll probably have to throw out a lot of work, and suffer the bad PR that will result.
  • the money is peanuts compared to the pr.

    eudas
  • The question, of course, is how big those two "ifs" actually are.

    My guess is that they are pretty big "ifs". Assuming that the technology isn't patented (this is a big "if" too), someone is certain to fill a market niche by providing a player that doesn't give a rat's ass about watermarks. OTOH, I said this in another thread and someone pointed out that even on PCs, this protection is starting to be implemented in hardware: someone is making a soundcard that scans for watermarks. If you manage to make a copy and run it through an open source, watermark-ignoring player, it will still fail when pumped through your sound card. They can certainly make it inconvenient to make copies for reasons of fair use.

    BTW, does anyone know if the SDMI technology, in whatever form it finally manifests itself around our throats, will be patented?

  • If they want a real conservative, they should hire Cal Thomas. This guy actually called the public schools PAGAN!
  • As a quote from the article "When a publication makes such a completely wrong, unfounded, anonymous slander, I think it deserves a very strong answer,'' Chariglione told Inside"
  • I never knew that mis-reporting the possible end of a competition was slander.So,it looks like the SDMI will live after all.

    Even if there is a way to crack SDMI did anyone ever think that the SDMI group would admit that it's a lost cause, didn't think so. The claim that if they didn't hear about it first that it didn't happen is silly. If this logic wsa valid then then if you dont know something then it dosen't exist (remeber those cartoons where the person runs off the cliff but dosent fall because they didn't know what gravity was?).
  • They have an awful lot more to be afraid of than we do.

    No matter what, inevitably, they're going to be fighting people who are a lot smarter than they are. I have no doubt that no matter the technology they come up with a way to crack it.

    It's always a stupid idea to fight people that are smarter than you are.

  • Care to send a pointer to the "law" that states that? I don't think you can, because I don't believe there is such a law (at least none that I could find).

    -S

  • How do you get private information into the public record? By lawsuits!

    If some number of hackers believe they've been wronged, then they should take the SDMI group to court. SDMI will need to pay up the $10K or demonstrate in a public forum (the courts) that the hackers did not in fact break the watermarking. To do so, I think, would likely expose enough about how their watermarking works to make the information useful.

    An expensive way to get there though...

    -S

  • I don't think it's too strange.

    They could cover it up so that they won't have to pay a thing.
    Then they'd say "There were no holes, but just to be on the safe side we changed some things anyway"

    But let's wait with the conspiracy theory until after their review of the 450 entries. Reasonable doubt and stuff (you can find more than enough doubt around here, it's reason that's sometimes hard to get ;-)

  • Wow! That's 450 peope who hacked SDMI, because you know they wouldn't bother analyzing the losers. Man, does that mean SDMI owes $4.5 million to these people? If SDMI doesn't pay up, you can bet some of the these hackers will publish the crack and sue SDMI's ass.

    Either way, its gonna be public that SDMI was gang-hacked. Boom!

  • You're not kidding. Talk about the government overstepping the boundaries...
  • Wasn't the whole point of the contest to see HOW SDMI would be cracked? Hence the apparently-ineffective boycott and everything else... the SDMI corporations wanted to tap the collective brainpower of the geek scene...
  • Macrovision has always been a total joke anyway - just run the signal through a timebase corrector and it's gone, and you get better-quality dubs to boot!
  • Thank you for taking the time to share your side of the story. My extremly cynical view of the media still exists, but it appears you and Salon are welcome exceptions to the rule.

    Keep up the good work!


    -----------
  • Salon had this very interesting article [salon.com] saying that insiders do want to see SDMI cracled. The logic behind what they are saying is quite believable.

    Really, it looks like more people hate SDMI than even DiVX (the circuit city one). I know I'm not going to touch it with a ten foot pole even if it means I pull out all my old vinyl (or tape off the radio).

    The only ones that like it is the RIAA, who thinks that they can win a kind of "tech nuke race". Evrybody else knows that there is no such thing as "perfect encryption", legally enforced or not.
  • really.. didn't anyone else see this coming? I saw this all as an ego trip to begin with. "oo our stuff cant be cracked" and watch.. even once it is they will deny it because they are cheap bastards. anyone participating in this at all should see that.
  • I totally agree... didn't anyone else see this coming!
  • OK, maybe SDMI was cracked, maybe it wasn't. We'll find out soon enough. It's ridiculous how everytime people read something on slashdot they assume its the truth. First everybody was all bouncing around that it was cracked, and it was gonna die, and all that from an unconfirmed news story at salon.com, and now everybody is calling salon.com liars and assuming that it wasn't cracked. Before you all jump to conclusions you should wait until a few more facts come in. Let's not get all up in arms and start calling salon.com liars and slanderists and whatnot. Just be patient.
  • I really don't see where the libel (thanks, all you legal types) is! The title of the article says "SDMI cracked!", but that's actually the only place where the word "crack" is used. So, even leaving aside the the various and sundry possible definitions of "cracked", not to mention the fact that headlines hardly EVER reflect the actual content of an article, Salon clearly mentions in the first paragraph that (a) a spokesperson for SDMI has denied the reports (b) that three OFF-THE-RECORD sources provided the info (note that it's THREE - Hemos [slashdot.org] didn't even get the number right - does THAT qualify as libel?), and (c) "not one single watermark resisted attack." As many astute observers have already pointed out, "not resisting attack" is not quite the same thing as being "cracked", and still others have noticed that Mr. C. has NOT DENIED that either ("cracked" or "failed to resist attack") is true. How could this POSSIBLY be libel/slander/whatever? He's obviously just blowing smoke out of his (rather well-defined) anus.
  • Or slashdot jumped the gun when reporting that Salon reported that SDMI was cracked? It's a moot point, though, since it's bound to fall eventually.

  • Re:*someone* probably knows. (Score:2)

    by Anonymous Coward
    Well, no, actually. HackSDMI was a ploy by them to see how SDMI would be cracked if released, so now they can pretend as if nobody cracked it, but still alter SDMI to not be crackable anymore.
    I can't believe people fell for it.
    Stupid, stupid ...

  • It's WIN-WIN either way... (Score:2)

    by Anonymous Coward
    If Salon is right and all watermarks are cracked, then the SDMI can hang its head in shame and admit it is a flop and a failure.

    If Salon is wrong and ther watermarkes haven't been cracked by the oh-so-short deadline, then SDMI can get the royal screw over once it reaches the marketplace and the full 100% of the hacker community is dedicated to cracking it instead of holding back due to some notion of protesting.

    Either way SDMI is screwed because they first screwed their customers.
  • If I was a webzine whose stock price was $1 I would publish an article stating SDMI was cracked. No doubt about it. Then I would start inverviewing presidential candidates like a bat out of hell. Funnily enough salon.com seems to fit the picture perfectly.

  • SDMI holds a $10,000 contest to crack it's encryption.

    SDMI gets cracked.

    SDMI responds by.....covering it up?

    Um, First Posters sure do come up with some strange conspiracies, don't they?

    -- Give him Head? Be a Beacon?

  • Why do you have to analyze all the results? If the first file you check has had the watermark removed, and sounds fine, you can bet you are screwed. The files are all independent. The extent to which the first file has been cracked does not depend on the next 449 files.

    If I recall correctly, the hacksdmi.org website said that they would be performing some sort of quantitative test to determine how much the uploaded song differs from the original. Given that this test and the test for the watermark can both be easily automated, they have a pretty good idea of how "cracked" their algorithms are.

    Sure, they will still want to do more analysis of the samples. Any they probably want to try and wrangle the details out of the people who submitted the samples. But they know. And that's why they're pissed. They know which uploads have the watermark, and they know how similar to the original they all are. If this crap worked at all, they would have said something positive.

    Curiously, at almost the same time, the RIAA announced a new program to prevent piracy. See the C|Net story here [cnet.com]. The idea is to create a "digital bar code" for songs to allow tracking of copyright information, etc. On the face of it, this sounds like a whole new tack for the RIAA. Any maybe it is. However, the article says:

    Nevertheless, if it proves to be difficult to tamper with, the system could be a potential way of identifying authorized and unauthorized songs being traded through services such as Napster.


    It sounds to me like the exec's at the RIAA know that their SDMI scheme is going down in flames, and are looking for a backup. However, it sounds like they are going to head right back down the watermark path. Only this time, instead of trying to encode a single bit (play / don't play), they will be trying to encode hundreds or thousands of bits. Whoever brought up Don Quixote in an earlier SDMI thread was right on the money. These folks aren't ever going to learn.

    Who ever decided to call this technology watermarking anyway? It's really a horribly inaccurate name. The whole point to a real watermark is that it's difficult to create, and easy for everyone to see. But with "digital watermarks" the idea is to make it invisible. An invisible watermark it what they should call it. Maybe then people would understand what a stupid idea it is.
  • Remind me... The prize was $10,000 split between all "winners", yes?

    And there's possibly 450 valid entries?

    Each perhaps winning $22 for their work?

    Hope they enjoyed it. They obviously didn't do it for the money :-)

  • Even if it wasn't cracked yet, these people seem to be in too much denial to admit it's even possible, let alone inevitable, and if they "manage" hard enough, they can make their echnology do anything they want, including dividing by zero and taking the square root of negative numbers. The results, of course, would be nonexistant and imaginary.
  • before I make any judgments on who is telling us the truth...
  • .. I mean, think about it. You're working on a CD encryption scheme for 2 years, and proclaim it completely secure. To prove it, you announce a contest to crack it, all the while comfortable with the fact that nobody will be able to do so. Then somebody does. Uhho, now what? If you admit it, you look foolish, having wasted time and money.

    That's what I would do..


    ------------
    CitizenC
  • That's the thing... WE NEED TO INSURE THAT PEOPLE WON'T BUY IT. How?

    Yell, Speak, Protest, Get on the News... Whatever to let the Common Consumer( CC ) know what is going on. Most of them don't give a flying rat's ---- what the --- is going on. They see new technology - go Gee, This looks neat and buy.

    We, who ( mostly ) know better, ( at least about this sorta stuff ), need to educate them. Protest, Scream, Bug sales-people about how bad SDMI is. They may convey that to the end-user. Word of mouth sells - so does word of math discourage sells. ( Eggh, Word of mouth - I like that word of math phrase.. anyway.. ).

  • You should definitely print a response to Mr. Chiariglione's comments referring to your story as slander.

    As other posters have pointed out, all you did was report the news. If Chiariglione has a problem with that, too bad. He should take it up with the people who leaked the story, not the people who printed it.

  • In general, I'm impressed by the quality of Salon reporting. I don't know much about this particular case, but when I've seen their reports on events that I've attended (for example, Ralph Nader rallies), they've been accurate and got their quotes exactly right. This is in contrast to every other news item that I've been involved in or knew something about. I've seen my own numbers embellished (this turned out in my favor actually), quotes from people who never talked to the reporter (obvious quotes that you'd expect someone to say), and various careless blunders as well as other blatant lies. As long as they qualify their stories with "an anonymous source said..." then I don't have a major problem it. You have to be skeptical anyway.

  • In a Salon interview dated 07/31/2000, Talal Shamoon, a "key technologist for the SDMI," has this pearl of wisdom to share with us, found here [salon.com]:

    Do I think that Gnutella will move in where Napster stopped? I personally don't, the reason being that Gnutella requires you to set up a direct connection with an individual you've never met. So while the dangers surrounding Napster, regarding viruses and child molesters, were moderately nebulous, they're going to be very severe with Gnutella.

    Napster also makes a direct connection to transfer the files. In reality, even if it was routed through a third party it wouldn't make any difference, unless the third party somehow scanned the files being transfered, undoing whatever packaging someone had done, etc..

    What the hell does either Gnutella or Napster have to do with child molesters?

    If someone runs files from an untrusted source in an account which can do anything other than play in a very contained environment, they deserve what they get. (Yes, with Windows everything is root. They deserve what they get too if they do this.)

    Oh, and this "key technologist" has a doctoral degree from Cornell.

    I can only conclude, given Shamoon's qualifications and educational background, and the fact that Salon [salon.com] posted this and still expects to be taken as a credible news source, that Shamoon knows something that I don't. I can only surmise, therefore, that Shamoon knows of some group of child molesting virus writers out there who are involved in creating subliminal messages to embed in the music which will mind control any children listening to it to have sex.

    Oh, wait, SDMI is embedded in the content...Nah.

  • Maybe, Salon was cracked..to post the SDMI cracked story, which slashdot posted, and now refutes that SDMI was cracked, which points to Slashdot's credibility to posting the story that SDMI was indeed cracked.
  • "As for the suspicions raised by members of the digital community as to the rationale behind the contest, Chariglione -- a widely experienced technologist and veteran of standard-making bodies including the Moving Pictures Expert Group (MPEG) and the Open Platform Initiative for Multimedia Access (OPIMA) -- is unconcerned."

    He's very concerned.

    "This is common practice. We are talking about extremely sophisticated technology," (DVD CCA) "and the best brains in the world" (MPAA) "cannot think of all possible holes" (MP3). So let the public at large" (Jack Valenti) "describe the hole, if there is a hole."

    "And what if it does turn out to be an across-the-board win for the hackers? "I really hate to give an opinion on something that at the moment is very hypothetical," (We're up the creek) "he says, "but you know, if the technology has been defeated, it doesn't mean anything. (We're like a one-legged man in an ass-kicking contest) Actually, the fact that somebody has found a hole is good information," (Like WWII) because then you could put a patch to it" (Yeah, that's the ticket) "and you can make your algorithm much more robust." We have no idea what to do next.
  • I would be very surprised if the "inside sources" weren't simply acting on educated guesses based on preliminary findings.
    I agree, although the number of entries makes it likely (IMHO) that some of them are very good cracks. Contrast it with some of the "real" crypto challenges reported here lately like the E. A. Poe challange (one or two solutions submitted), and the Code Book competition (one correct result after a year).
    A crack may slightly degrade the quality of the audio but leave it sufficiently intact that your average MP3 listener isn't going to mind. By a techincal "all-or-nothing" definition, this is NOT a successful crack, but it's still enough to send them back to the drawing board I'm sure...
    But not enough for them to pay the money, I'm guessing. This whole competition has looked fixed from the start - very vague statements about just what the winning conditions and prizes are, a ridiculously short amount of time for a crypto challenge, and the winner having to sign over rights to the crack.
  • Now that would really be something...
  • Boy isn't that the truth - The best thing in any arms race is to get your opponent to spend all their resources on technology that is obsolete before its even fielded. I am sure that the life expectancy of SDMI will probably only be a couple of weeks any way, if that. After that its too late and we win !
  • maybe it has been cracked, but SDMI doesn't want to admit it, because they'd have to
    1) give up $10,000
    2) look like a complete ass

    btw, did you notice that the form on the SDMI page had said that the cracker -MAY- win $10,000?

    hmmm, so what's that supposed to mean?
    --------------
  • Maybe Salon created/embellished a story that wasn't really there? Kinda an out-there therory, I know. One wouldn't expect that type of thing from journalists.

    Now if you'll excuse me I have to go watch a very special "It Could Kill Your Children" on Dateline NBC and read up on the start of the Spanish-American War.


    -----------
  • Good point, and you know that's what they are going to try to do. It has already been widely noted that they will be trying to "marginalize" MP3s.

    The first players that come out will be "backward compatible" to your MP3 library. Then along the way they will make a "new and better" player and drop MP3 support all together.

    Also, because of the DMCA, you put yourself at risk if you opened a player (even if it was to reverse engineer/make modifications so your new player can play MP3s). Copyright violation is now a federal criminal offense instead of just of a civil one. Which means you could do jail time while your neighbor is listening to some new tunes Sony let them download for turning you in!

    That's why you have David Corwin, senior counsel for the Motion Picture Association of America, saying [wired.com] that the Digital Millennium Copyright Act (DMCA) is "near and dear to our heart."

    Sick stuff..

  • Slander is by definition oral. Once it's written down (as publications do by publishing it), it becomes libel. It's an incredibly important distinction, and it further undermines the consortium's credibility for failing to make it.
  • I know this post is a little redundant, but a while back I emailed them asking when results could be expected and they replied with this:

    "Date: Sun, 15 Oct 2000 14:28:48 -070
    From: contact <contact@hacksdmi.org>
    Subject: RE: When can we expect official results?

    Submissions from the public challenge are still being analyzed. Thanks for
    your interest."

    Nobody can give a "cracked"/"not cracked" answer until all the results have been analyzed. (Although, I suppose they could give a "cracked" answer if their system REALLY sucks...)

    Aaron Plattner
  • http://www.cyberdeck.org/countzero/techa.html is very good for analysis and i appreciate the reply so fast. but a "spectrogram" is not a way of zooming in and looking at a tiny sample of the wave like that website does, it's a view of the entire wave with elapsed time on the X axis and frequency response on the Y axis and is far more revealing about things like watermarks and inaudible data added to sound. with a spectrogram we could make many more educated assumptions about these watermarks, the formula behind them if any, etc. without doing wav>mp3>wav or digital>analog>digital conversions and merely hoping for the best, so if someone has a spectrogram of the original HackSDMI wav files, or if someone has the actual wav files where i can download them, please let me know either way. thanks.

  • Re:And this contradicts Salon's story how? (Score:3)

    by SEE ( 7681 ) on Sunday October 15, 2000 @01:01PM (#704582) Homepage
    Thank you from saving me from having to make that point.

    Imagine Salon said movie studio insiders had declared that FooBar: The Movie was going to be a bomb, and that the studio replied that

    "When a publication makes such a completely wrong, unfounded, anonymous slander, I think it deserves a very strong answer. It's simply not true, because we, ourselves, don't have that information. Our test marketing committee started working on the test screenings Wednesday morning, and it's simply impossible to say whether this is true or this is false."

    Now, sure, the insiders might be wrong; after all, the cracks/movie haven't been fully evaluated. But it's the way to guess.

    Steven E. Ehrbar

  • What is deserved here. (Score:3)

    by Thagg ( 9904 ) <thadbeier@gmail.com> on Sunday October 15, 2000 @01:21PM (#704583) Journal
    'When a publication makes such a completely wrong, unfounded, anonymous slander, I think it deserves a very strong answer,' Chariglione told Inside.

    And bluster like this deserves nothing. Janelle Brown and Salon put their individual and corporate necks on the line; and all Chariglione does is spew hot air. If they've published something inaccurate, then you know that they'd be sued in a hot minute -- we know just how fast the music industry sues anything that crosses their lawyers hair-trigger gunsights.

    I am certain that it is possible to crack the SDMI watermarking, but I am surprised that it was done so easily.

    More power to Brown and Salon for having the guts to publish this article. We need more of that kind of courage.

    thad

  • Yes, it probably was cracked... (Score:3)

    by crt ( 44106 ) on Sunday October 15, 2000 @12:11PM (#704584)
    The way the "contest" worked, you got 3 sound files for each set, 2 of them were the same segment (one with watermark, one without) for you to analyze, the 3rd is a segment with the watermark that you were supposed to remove, then re-upload. The upload server automatically checks the files for the precense of the watermark, and rejects them if its not found.

    The fact that they've got 450 files to analyze means that at least that many files were succesfully uploaded. Now, it's possible that a bunch of people uploaded random noise or badly distorted versions of the sample (I'm not sure whether the upload server checked that), in which case it's not really a "break" - but I suspect at least a few of the uploads were real breaks.

    ...and as for the idea that it wouldn't be broken because a bunch of internet hackers decided to boycott it.. well, most software or system crackers out there probably wouldn't know where to begin to crack something like a audio watermark (unless they had the watermarking source to disassemble) - if there were successful breaks made, it was probably by audio stenography experts that already had a good understanding of how the process works and what its shortcomings are.

  • The official word... (Score:3)

    by ca1v1n ( 135902 ) <{moc.cinortonaug} {ta} {koons}> on Sunday October 15, 2000 @03:16PM (#704585)
    If you read carefully, they're saying "Since it hasn't yet been proven beyond a shadow of a doubt that it wasn't hacked, as of this moment, it wasn't hacked." Corporate denial at its finest.

    Their accusations against Salon are pretty extreme, considering that they themselves don't know that Salon was wrong. They're just pissed that Salon got someone on the inside to talk, and messed up their chance for a damage control press release. Salon was perfectly ethical. The article mentions that it's an anonymous source and not the official word. The article simply makes it clear that there are forces within SDMI that want it to die, and who assert that it will. That there is no uncrackable watermark is common sense, so I don't think Salon went too far.

  • Re:Mr. Chiariglione and Encryption/Watermarking (Score:3)

    by Pig Bodine ( 195211 ) on Sunday October 15, 2000 @04:08PM (#704586)

    I don't know if you are on crack (you don't sound like you are, but who can tell on the internet?), but cracking an encryption scheme is a much better defined problem than removing a watermark. You have a reasonable standard to decide if you have succeeded. A watermark, on the other hand, introduces some distortion in the music and removing it is going to result in more distortion. Removing it is always possible in the trivial sense that you can write a program to take a music file and output all zeros; it will be a "distortion" of the original music with no watermark. The point of this observation: there is some ambiguity about how good the cracked music has to sound before you call it a legitimate crack. No matter what hackers come up with, these guys are going to swear with their hands on their wallets that cracked music has shitty sound quality and that their watermark doesn't harm the sound quality at all.

    The guy in the link mentioned this fact. I'm betting it's something they'll hide behind, even if all their schemes are cracked.

  • Whoa watch it about Salon (Score:3)

    by eeks ( 243210 ) on Sunday October 15, 2000 @11:34AM (#704587) Homepage
    Watch it - Salon is one of the most ethical and excellent news magazines on the Web. Let's see how this pans out then judge.

  • Re:Don't dismiss watermarking too fast... :-( (Score:3)

    by kizz ( 244020 ) on Sunday October 15, 2000 @06:59PM (#704588)
    Let me try to explain why watermarks will fail: JPEG and MP3 are both streaming formats. Consider an ID3 tag on an MP3 file. An ID3 tag is 128 plaintext bytes of data added to the end of an MP3 file so you can fill in the song's title, artist, album, etc. The ID3 tag is totally separate from the audio itself, since it comes at the end, and it does not change the audio one bit. This is very similar to the way GIF89a images can have text inside them; text which is totally separate from the image data because it comes separately at the beginning or end of the image data. In stark contrast, a SDMI watermark is NOT separate from the audio itself. It is actual changes to the audio file itself interleaved throughout the audio data from beginning, to middle, to end. It is a series of actual frequency changes IN the audio, not outside of it at the beginning or end. It's a series of very slight changes, designed to be so small that they're inaudible but can be picked up by a watermark detector. The bottom line is that SDMI watermark DOES alter audio since it's PART OF the audio data and is not separate from it. Also above you provided a link to a site about JPEG watermarking and the claim is that the watermark does not affect the JPEG image. JPEG and MP3 are very close relatives. JPEG watermarks DO affect the image data, ever so slightly, if it's interleaved. You can't see it because it might be a difference of 1 or 2 shades per pixel on a palette of 16777216 colors (JPEGs are 24-bit by default). a JPG with a non-altering plaintext watermark inside it would be invalid and unviewable, since you'd have image data and non-image data together. Like, the image would cut off where the watermark is, and start off further down out of alignment. It's the same concept behind skips in MP3s. If you miss 10kb or so due to a bad download, you'll be able to hear the rest of the song but there are frames missing and there is a loud glitch. So SDMI is a data-altering watermark which alters the audio and is not the audio the artist intended his audience to hear. It's amazingly close, but it's not the same. Anyway, i don't know yet about 100% eradication of music watermarks, but when it comes to killing image watermarks, this works great for me: Just open the watermarked image in your favorite photo editor, highlight the entire image from very top left to very bottom right, and copy&paste that as a new image. Don't just copy&paste the whole image .. actually highlight from top left to bottom right and paste as a new image, new selection. There goes the watermark! Poof.. gone.

  • Re:Watermarks don't work (Score:4)

    by Frank T. Lofaro Jr. ( 142215 ) on Sunday October 15, 2000 @02:18PM (#704589) Homepage
    Even the DMCA doesn't force hardware manufacturers to use protection technologies.

    Wrong. It is illegal to sell a VCR which can record Macrovision infested signals without degradation. This is part of the DMCA [cornell.edu]. If the VCR's electronics are not confused by a Macrovision signal (e.g. due to automatic gain control), the manufacturer has to intentionally add electronics that recognize Macrovision and deny or screw up the recording.

    All the content industry has to do is buy some more Congresspeople and get that restriction to apply to every technology. I.E. if a protection technology gets more than x% of the market, it would be illegal for a device to record or retransmit in spite of it.

    No longer will active circumvention be required to prove an offense, but merely not recognizing/being affected by protection will be illegal, As will giving any info that could aid in the construction of such a device.

    Telling hobbyists how to make their own electronic devices would be illegal - declared as trafficing in devices which allow avoiding (which includes more than circumvention) of copy protection.

  • Re:Salon responds (Score:4)

    by Jon O'Hara ( 244418 ) on Monday October 16, 2000 @11:36AM (#704590)
    Just wanted to say that the Inside piece wasn't meant to pass judgement on Salon's story (or Salon itself) -- we just presented Leonardo Chiariglioni's position, in his words, as the head of SDMI. As has been pointed out, he didn't say the six technologies hadn't been hacked, just that no one knows for sure yet, since the review process is ongoing. (Personally, I would be surprised if the hacks weren't successful, given what people have been saying about digital security.) But just to be clear, it was Chiariglioni who characterized the Salon report as wrong, unfounded, etc., not Inside. And I don't think it would be fair to say we "bought" his spin by publishing his words -- I did my best to raise in the story the significant doubts people have about digital security in general and the enormous, perhaps impossible task the SDMI has set for itself, and if you check Inside's coverage of SDMI and the major labels' pretty lame attempts at public secure-music trials so far, I don't think we've been coddling anyone. At any rate, having Chiariglione's words out there complements Salon's piece (IMO), and we'll have to see how SDMI handles it from here. (email: johara@inside.com)

  • Salon responds (Score:5)

    by Andrew Leonard ( 4372 ) on Sunday October 15, 2000 @12:46PM (#704591) Homepage
    We checked out the story with three members of the coalition, all of whom confirmed it. They did so off the record, of course, which puts us in a vulnerable position. But all I see in the inside.com article is one source, the executive director, who has every reason to be unhappy with Salon, not just for this story, but for previous stories in Salon that painted him in an unflattering light.

    We printed their denial, we checked it out as best we could. I won't respond to larger questions about Salon's "ethics" but I'll defend Salon's technology coverage to the DEATH.

  • A very politic answer (Score:5)

    by K8Fan ( 37875 ) on Sunday October 15, 2000 @11:51AM (#704592) Journal

    He's denying it, but he has not said that it has not been cracked. It was a very careful, political statment.

    ...it's simply impossible to say whether this is true or this is false.

    What he didn't say is if the group that reportedly cracked it provided the "plaintext" of the watermark. If they managed to extract that, then all his bluster is about evaluating how well they removed the watermark and eliminated the damage the watermark caused.

    ...an evalution of whether the proposed technologies were affected in such a way as to avoid the intended effect, whether the results can be replicated, and whether in attacking the technology the music quality was degraded.

    ...as opposed to the degradation caused by a watermarking system designed to be detectable even after passing through an MPEG decoder -> encoder -> decoder cycle? After being recorded to analog cassette? After being compressed for FM transmission? That kind of degradation?

    The Inside.com reporter did not understand enough about the technology to ask the right questions, and let him/her self be snowed.

  • Re:*someone* probably knows. (Score:5)

    by CountZer0 ( 60549 ) on Sunday October 15, 2000 @03:23PM (#704593) Homepage
    Thing is, hackSDMI is holding all the eggs. The contest was rigged from the start, which is why I attacked Technology A and then stopped.

    It's pretty funny actually. They give you some files, two are the "Same" one with watermark, one without, then a third with the watermark, and ya gotta remove the watermark from the third and send it in. So I did that. Pretty damn sure I removed the watermark... Sent it in. Ya know what I got... here you go:

    --- Begin Quote ---

    Dear hacksdmi@cyberdeck.org:

    Thank you for taking part in the open public challenge of proposed Secure Digital Music Initiative (SDMI) technologies. We have received your submission, and we appreciate the enthusiasm with which you have responded.

    However, we were unable to process this submission because:
    Status message: N/A
    Score: 0.889
    Remark: The watermark was not completely removed.

    Please refer to the guidelines at www.hacksdmi.org for details about the requirements.

    You are invited to resubmit a new proposal prior to the closing date of this challenge.

    Your participation in this historic challenge is appreciated, and even if you do not resubmit, please be assured that your enthusiasm and participation have helped us as we all work together to develop the digital music economy.

    --- End Quote ---

    That was in response to my first attempt...

    So I got a score of 88.9% Does this mean I removed 88.9% of the watermark? or that I removed 11.1%? or is it even a percentage? Does it mean a damn thing at all? Hell no. Also, if SDMI devices are so picky that 11.1% of a "watermark" is enough to cause them to not play a song, dont you think that will cause a ton of "false positives" ??? Pretty lame sounding to me...

    I got no less than 8... yes EIGHT copies of this letter from them. Talk about a spamfest.

    Actually, I got 2 copies of the .889 letter, then six (6) copies of the following letter:

    --- Begin Quote ---

    Dear hacksdmi@cyberdeck.org:

    Thank you for taking part in the open public challenge of proposed Secure Digital Music Initiative (SDMI) technologies. We appreciate your interest, the time you invested in this effort and the creativity you applied to this project.

    Unfortunately, our analysis indicates that your challenge did not succeed. As you may recall, in order to be successful an effort had to disable the proposed copyright protection system without adversely affecting the underlying music. Your effort was not able to meet these tests.

    Nonetheless, we appreciate your interest in this challenge. Your efforts as well as the efforts of other potential challengers have helped us tremendously, and we thank you very much for your hard work.

    --- End Quote ---

    Herm, they say that they have analysed my submission. So, what are these 450 submissions that are still being analysed? Those must be the ones that really DID "hack" SDMI... hehe Someone somewhere is lying...

    Now, talk about "plausible deniability" They simply send out the same form letter to EVERYONE who submits anything. Then they NEVER admit that anyone "hacked" it. Of course, I bet they where ALL cracked. Will HackSDMI ever admit it? NO of course not, then they have no product to sell. And then, when SDMI compliant devices come out, and they are worthless, cause all the hacks DO work, the joke will be on them.

  • Watermarks don't work (Score:5)

    by Gorobei ( 127755 ) on Sunday October 15, 2000 @12:36PM (#704594)
    Watermarks are an inherently flawed proposition. They will never work because they are the direct opposite of compression (i.e. compression attempts to remove unimportant information, and watermarks are, by definition, unimportant information.) By important information, I mean the actual audio.

    Watermarks are only useful for one thing: tracking the original source of a piece of information.

    If the goal is to nail the original poster of a copyright work, watermarking will fail: as compression technology improves, watermarking information will automatically be stripped out as it is non-important information.

    If the goal is to allow buyers to time, space, and media shift a copyright work, it will also fail: users will buy players that don't require the music to be encoded with some realbits+watermarkbits = bigprime scheme. Even the DMCA doesn't force hardware manufacturers to use protection technologies.

    Watermarking only works if a) the end user devices are all SDMI compliant, b) the end user devices refuse to play anything but compliant audio, and c) no one bothers to break positive watermarking (i.e. if no watermark, you don't play.)

    Point b is possible but not likely. Point c will happen rapidly if point b comes to pass.

  • Don't dismiss watermarking too fast... :-( (Score:5)

    by e_lehman ( 143896 ) on Sunday October 15, 2000 @03:21PM (#704595)

    I've been looking into watermarking a bit, and I'm less confident about such assertions than I was a few days ago.

    In particular, there's this awesome paper online [nec.com]. (Click .pdf or .ps in the upper right corner of the page.) It's remarkable stuff, even if you just look at the pictures. For example, they show a photo before and after watermarking. As you flip back and forth, it's as if the shadows have somehow subtly changed. They do all sorts of crazy stuff like JPEG encode/decode, cutting off parts of the picture, adding noise, photocopying, multiple-watermarking. But none of that destroys the original mark.

    Frankly, I'm QUITE surprised that anyone could break watermarks under the conditions of the hacksdmi contest. (Come to think of it, the proposed "technologies" were not all watermarks, right?) My feeling is that if SDMI keeps the watermark verifier in hardware, cracking their scheme could be a real bear.

    At least, until some community-friendly engineer anonymously posts details of the verification process on USENET from a public-access terminal. :-)

  • And this contradicts Salon's story how? (Score:5)

    by ravi_n ( 175591 ) on Sunday October 15, 2000 @12:22PM (#704596)
    Quoting from Salon's article:
    One SDMI participant predicted: "They are going to try to keep it quiet -- the official word will be that the testing company is still analyzing the results. They will try to skate out of this without releasing the information that it's all broken."

    Quoting from Inside's article:
    'When a publication makes such a completely wrong, unfounded, anonymous slander, I think it deserves a very strong answer,'' Chariglione told Inside, referring to a report appearing on Salon.com Thursday citing anonymous sources that claimed each of the six technologies offered up for hacking by the SDMI had been compromised. ''It's simply not true, because we, ourselves, don't have that information. We have about 450 files, with 450 descriptions of methods -- you know, our testing managing committee started working on this Wednesday morning, and it's simply impossible to say whether this is true or this is false. Nobody knows! And when I say nobody, I mean nobody, because it's 450 music files that have yet to be tested.''

  • Uh-Oh, Watch Out! The C-guy's on the warpath! (Score:5)

    by yamutt ( 237300 ) on Sunday October 15, 2000 @12:07PM (#704597)
    Considering that it was their idea to make this an OPEN challenge, I'd have difficulty in feeling any sympathy, even if I agreed with their philosophy and approach (which I don't). Just another example of "we want to take advantage of the open approach, but only up to where WE draw the line of openness".

    IF it had been an entirely internal affair, I MIGHT sympathize (nah, probably not!) But in either case, the C-man's wrath is misplaced. He should be angry at the leakers, not at Salon. What he's really saying is "You had no right to report this until *I* said it was OK, because I'm the head honcho." That thinking may apply to whatever underlings leaked the info, but not to the independent media! Salon was carrying out their journalistic duty to REPORT NEWS, and I don't see this as being sensationalist. They presented all the (available) facts, they included both sides (i.e. the fact that the "official report" from SDMI was still forthcoming), and they didn't over-exaggerate the importance or significance of what they were reporting.

    One thing I'll buy - he's probably not lying when he says they don't know. I would be very surprised if the "inside sources" weren't simply acting on educated guesses based on preliminary findings. They haven't had enough time to do an in-depth study yet, so it's unlikely that any results are %100 conclusive yet (it couldn't be THAT bad... could it?) On the other hand, educated guesses are often VERY close to the mark, and I suspect some people who know what they're talking about were doing the leaking. And as the C-man points out, it's not a cut-and-dried "it's cracked or it isn't" judgement. A crack may slightly degrade the quality of the audio but leave it sufficiently intact that your average MP3 listener isn't going to mind. By a techincal "all-or-nothing" definition, this is NOT a successful crack, but it's still enough to send them back to the drawing board I'm sure...

Slashdot Top Deals

The hardest part of climbing the ladder of success is getting through the crowd at the bottom.

Close