DVD encryption, why so easy to crack?

Can someone please explain to me in everyday terms why DVD encryption was not particularly secure? I absolutely do not require information on the precise method of cracking it, or information on where to find software that will do that for me, really. I would just like to know, in general descriptive terms, why it was weak.

XingNetworks didn’t adequately safeguard one of the decryption keys in their decryption software, allowing a group of Norwegians to take the key and write the crack.

My very limited understanding is it wasn’t till someone cracked it and the solution got out. Once the ‘code’ was out DVD players were pretty common and changing the encryption would really p’ off many people with DVD players that couldn’t be updated to the new code.

CSS uses 2 linear feedback shift registers(LFSRs) to produce its keystream. LFSRs are very predictable and have certain mathematical properties that make it easy to break an encryption algorithm based on them.

However, the original break of the algorithm wasn’t based on this. In fact, I rather doubt that anyone has ever made use of the cryptographic weakness of CSS. The real problem is called the Trusted Client problem. DVD makers want to sell their movies to anyone. That means that they must include enough information on the DVD to allow anyone to read the data. You can’t hide the encryption key from a technically skilled user. Reverse engineering will always be possible.

The classic cryptography problem is usually described as follows: Alice has some plaintext that she wants to send to Bob. She encrypts the plaintext using cipher C, which Bob can decrypt, and sends it. The code is intercepted by Eve, and Eve attempts to break the cipher and get the plaintext with any available tools. The simplest goal of cryptography is to make Eve’s job as hard as theoretically possible.

Digital rights management and DVD encryption is cryptographic nonsense, since Bob and Eve are the same person, the only thing you can do is obfuscate and make it technologically difficult for Bob acting as Eve to get to the plaintext. Bob has to get the plaintext, and Eve is not supposed to ever get it. Bob is you extracting the plaintext(in this case, a movie) to your TV, and Eve is you extracting the plaintext(in this case, a movie) to some other device. You see the problem, right?

If you ask any reasonably intelligent person “How do I give you something so that you only have it sometimes, but not always, depending on what you do with it?” they will tell you to stop huffing paint fumes and come back with a better question. (An optional answer is “Give me buddha nature!”).

You call it “protection” or “digital rights management” instead and suddenly it is an industry.

Some really excellent replies.

Just a semi-insignificant note or two:

The standard was set at a time when the power of inexpensive chips to decode well-encrypted video streams in real time just wasn’t possible. They could have used a much stronger system but then the players would have been much more expensive (at first, and still not $25 like you see today). So they skimped.

Like groman says. You can’t stop people from “getting inside” such systems unless the whole thing is properly locked down the whole way. This is what they are trying to do with the newest DRM systems. They want everything from start to finish (over the air, from the device to the screen, etc.) locked into the system. Isn’t Idealism such a wonderful thing to contemplate? Too bad about the real world.

Also, now with the DMCA, even trivial systems like a “don’t copy” bit or Xor encoding are considered protection schemes.

However, no matter what you lock down and where, either you’re both Bob and Eve, or you’re neither (due to your brain being somehow modified to decrypt content only in licensed situations). You can’t plug the analog hole with current technology.

Right, so now, all they need is some token attempt at copy protection, and they can call down their team of attack lawyers on anyone who manages to defeat their trivial protection. It’s still just as easy, except now it’s not allowed.

Don’t be so sure. The lab I’m working in now has been developing a technology called the Virtual Retinal Display which uses laser light to bypass the cornea completely and beam an image directly onto the back of the retina. In theory, since you’re beaming light into the retina, you can at the same time, measure the reflected light and get a retinal scan. Which means you can create a device that will play your content only if you have the right retina. Granted we’re pitching it now more for secure military applications and the like but the analog hole can be closed far more easily than most people imagine.

But this is still further obfuscation. The retina in this case acts as either a gateway to the decryption key or as a decryption key itself. So again, you’re both Bob and Eve. Except as Eve you would have to somehow trick the device into believing it’s projecting onto your retina while in reality you are recording the signal. From the cryptographic point of view you still have access to the plaintext. It’s just progressively more difficult for both Alice (to encrypt) and Eve (to copy decrypted plaintext) and slightly more complicated and expensive for Bob (to decrypt).

That doesn’t change the argument, surely ? The point in this case is that Bob and Eve are conceptually different people, not necessarily physically different. Bob is a legitimate purchaser of a DVD who wants to play it. Eve is an evil hacker who wants to remove the copy protection. Eve is going to pretend to be Bob for the 30 seconds it takes to buy the DVD, and the guy in Blockbuster has no way of knowing she wants the DVD for nefarious purposes. Even if you something installed in Blockbuster that scans purchasers’ eyeballs and locks the sold DVD so it can only be played by the person who bought it, you have no way of knowing the purchaser is actually Eve. If Eve, as an apparently legitimate purchaser, can get access to the keys, (even via an eyeball scan). the game is over.

Leaving aside consumers’ resistance to having their eyeballs scanned…

On the OP, the short answer, as others have pointed out, is that DVD encryption was effectively a homemade, proprietary encryption system, and almost without exception, such systems have been broken where someone had a reason to do so. Developing good encryption systems is very, very, hard, there aren’t many people in the world good at it, and even those that are have made whooping mistakes from time to time.

On the DCMA point :- of course it only applies in the USA. And the Norwegian courts ultimately ruled that Jon Johansen, the DecSS guy, hadn’t done anything illegal at all. So presumably any similar system can be safely broken in Norway at least, and I suspect most other European countries. (I’m reasonably confident the police and courts here in Ireland, for example, would take no interest whatsoever, and I don’t believe any Irish laws are being broken).

The key is to keep the content protected as long as possible. Content is only vunerable when it’s in the clear. The big weakness of conventional DRM is that it only controls a tiny part of the system so it still has to interface with legacy components which communicate in the clear. If you control the system up to an including the beaming into the retina, then it becomes very hard to insert an attacker in the middle. Imagine you had a tiny decryption chip in the goggles that dynamically decrypted content based on using your retina as the decryption key. Up until that content gets decrypted, theres no way for eve to attack the system. After the content gets decrypted, the chain to the eyeball is so short that it makes it incredibly difficult to decrypt it.

And consumers will be willing to put up with eyeball scanning if it brings some measurable advantage. For example, this system also inherently allows for fast, high resolution eye tracking which would be an incredible boon for building interfaces.

So is the consensus that blueray and HD-DVD will be cracked in relitively short order?

Sure there is. Eve has the decryption key. Any system can be tricked - the key to good encryption or even obfuscation is that the system in itself does not contain enough information to do what it’s supposed to. But Eve together with the system have to have enough information, so the rest is meaningless. It might be a pain in the ass to gut your whizbang laser goggles and figure out where it detects that there is an actual human head in front of it providing the retinal scan and not an artificial recording retina made for this purpose, but it’s merely a one time investment. Brute forcing an encryption key on the other hand has to be done for every encryption key - which is what makes cryptography an inherently different beast than obfuscation.

One Eve only needs to figure out how one of the devices on the market works. You have to prevent every Eve out of millions from doing so even once. Once it is done even once the game is over. Waste of time and money if you ask me.

Groman,looking at it, I think Shalmanese’s hypothetical scheme is a tad harder to crack than I was giving it credit for (but by no means impossible). I would like to continue this discussion,but we’re way off topic, and I suspect the mods would consider the original question answered, and debates about retinal scanners unsuitable for general questions. So I think I’ll refer this thread to a mod, and post my thoughts wherever it ends up.

I don’t see any reason to think this. DVD encryption was cracked because someone got careless with a key. While that might happen again it also might not.