AACS Specifications Released 486
An anonymous reader writes "AACS, the proposed key management scheme for HD DVD, has finally released preliminary (ver 0.9) specifications. The specs look like CSS on steroids: they use AES instead of proprietary crypto, but other than that they're basically the same. The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player."
Re:Manufacturers (Score:3, Interesting)
Re:Manufacturers (Score:5, Interesting)
If a set of Device Keys is compromised in a way that threatens the integrity of the system, an updated MKB can be released that causes a device with the compromised set of Device Keys to be unable to calculate the correct Km. In this way, the compromised Device Keys are "revoked" by the new MKB.
If I read this right (which is not guaranteed this early in the morning), only hacked devices would be revoked. So it wouldn't be insane for manufacturers to use this scheme, and in fact would make them discourage hacks rather than making them easy as they do with many DVD players. Bad for fair use, but no problem for manufacturers.
What will the packaging say? (Score:5, Interesting)
Now, how does this scale, suppose players AAA through ZZZ have been revoked. Do we need larger DVD cases just so we can fit a list of all the players that won't work on it?
Re:*sigh* (Score:2, Interesting)
Wrong...If it can be played back it can be captured . Ripping requires the DRM to be circumvented.
So I roll the dice (Score:2, Interesting)
This isn't new news... (Score:5, Interesting)
Re:Manufacturers (Score:4, Interesting)
The way this worked in CSS and probably works similarly here is that at the begining to the disk they encrypt a disk key with many different device keys. Then each device decrypts the disk key using their own device key.
However if you work out the math it simply isn't plausible to include a seperate key for every HD DVD player that might ever be sold (imagine 128 bits for an AES key). Instead each manufacturer, or perhaps even DVD player model in this new system, gets one key. They can then 'revoke' these keys by just refusing to encrypt future DVD keys with these device keys but since each DVD player doesn't have its own key they can't disable movies player by player.
On another point I would find it to be really unlikely that any major DVD player would truly get this penalty imposed against it. It would be a huge loss to be the first movie that doesn't work on sony blah players so no movie company is going to be the one who takes that first step.
Instead this is really a measure to deter manufacturers from 'accidently' making their DVD players ignore copy protection or otherwise violate their rules. Thus it is likely to be used when a player first hits the market or not at all.
SPYWARE ALERT (Score:1, Interesting)
Crazy.
Re:key revocation (Score:1, Interesting)
Re:Is this legal? (Score:2, Interesting)
First, Austrailia != USA
Second, blame the industry (i.e. MPAA et al.) for whining about "lost profits" due to pirated discs.
Third, G'day mate!
It doesn't suck - it's perfect! (Score:5, Interesting)
At that point the bottom will fall out of the market.
Proof: see what DVD players sell best: those with zone restrictions or those without. The irony is that that does not happen because of piracy (pirated DVD appear to be generally set to zone 0 so zone selection is irrelevant) but because of legitimate purchases made elsewhere in the world.
So, in summary, let them progress down this route. Eventually the market will die as alternatives pick up the revenue.
As an example: how many of you buy protected contents or media in non-Open formats?
I have looked at pirated DVDs and they are indeed not worth the money - if you're in a country with sane media prices. If they really, really, really wanted to address piracy all they need to do is become more sensible with the prices, that has already proved to work (hello MS, are you listening?). The increase in revenue more than offsets the expenditure they have to put in on lobbying, researching formats that don't work or get broken in a rainy weekend by a couple of bored teenagers.
Hell, it'll probably even keep them in cocaine and limos.
Re:Player Model? (Score:3, Interesting)
At the end of the day, the disc data is encrypted once and the disc must have a multiply encrypted key where every model can grab the read the contents. Cracking that first key might be tough, but there are plenty of distributed efforts that do just kind of thing already.
Besides most pirate DVDs I see have been recompressed anyway. Even if the crypto proves uncrackable, people will simply resample the disc contents and release them without any crypto.
Re:Manufacturers (Score:3, Interesting)
This is the manufacturer's fault. He provided you with faulty equipment and should repair it at his expense or refund your money.
(under most consumer laws)
Re:It's all about firmware? (Score:3, Interesting)
(EEPROM can be electrically erased, EPROM can't be reflashed by software). This depends on the ROM chip being a standard type rather than custom. Otherwise we're down to third-party modchips.
Extortion Opprotunity (Score:5, Interesting)
To me, this seems to be a golden opprotunity for organized crime, assuming they hire hackers good enough to reverse engineer a particular DVD player.
For example, say Sony make a really popular player, so organized crime get the AACS code hacked and then turn around and extort Sony - give us a lot of money or we'll release the key. If they release the key and this device blocking kicks in, Sony are going to have a lot of angry custumers demanding their money back.
Re:They aren't trying to stop piracy. (Score:2, Interesting)
There is no warranty on hardware in U.S.? (Score:4, Interesting)
So, that would be a legal massacre of retailers/vendors/manufacturers by consumers/consumers organisations.
Re:It's all about firmware? (Score:3, Interesting)
Re:Extortion Opprotunity (Score:4, Interesting)
Imagine if that got its keys revoked....