DVD Format War (more)

[dragonfyr]

Damon, you would ask for them right now!

I have been wallowing in them for the past several months in the trades and tossing them aside! Let me try to reconstruct the path and find a few of them, but much more info should start to be forthcoming as the content providers and manufacturers get closer to producing hardware.

A few quick links are: http://hardware.slashdot.org/hardware/05/08/10/1917210.shtml?tid=188&tid=198&tid=126&tid=233

http://www.tomshardware.com/hardnews/20050810_131820.html

http://blogs.pcworld.com/staffblog/archives/000814.html

http://www.drmwatch.com/drmtech/article.php/3526796

And for systems utilized for data storage here is an example of a popular system used within the InfoSec arena for SOX and HIPAA compliance:

http://www.aegisdrm.com/

Bottom line: The good old days of simple and ingenious workarounds is at an end.

[damonrpayne]

The only thing I do not see a simple workaround for is the possibility that the players be required to have a permanent internet connection to validate content. This would, however, kill the adoption of the standard without question, and therefore I think it won't be done.

Everything else suffers from the oldest problem in cryptography: both the means of validation and the content to be validated exist in the same physical location and are readable. All localized forms of modern crypto that I know of would require far more processing power than they are going to put into a DVD player. To give you an example, the encryption on today's DVDs is a 4 bit cipher last I heard. My smartphone could crack that.

All of this is moot though, none of these things matter to most of us as law-abiding consumers who do not use Linux.

[psg]

All of this is moot though, none of these things matter to most of us as law-abiding consumers who do not use Linux.

Let's just say that we completely disagree on the interpretation of law-abiding fair use (whether I use Linux or not).

[dragonfyr]

Damon, the processing power is available now for literally pennies.

Just as with the forthcoming 802.11i-AES wireless access points/routers/wireless cards that require a more robust processor then the flimsy WEP or WPA/Wi-Fi firmware bandaid wireless rigs that still utilize the fatally flawed implementation of the RC4 cypher primitive.
And the new security format (no, the "i" does not stand for a new 'channel') is not backwards compatible with the old flawed formats but will cost the same.

Just as this is not a challenge for wireless (the only challenge was getting the IEEE herd of cats together to ratify the provision in March 2004 that had been gold for a year and in getting the manufacturers to deal with their incredible stockpiles of inventory that they do not want to render obsolete!), this same HW technology is available for all.

It is a non-problem if they decide to do it. Not to mention the potential for the awkward but easy offloading of the function to the machine in which they are installed.

And you still have:

"The Blu-ray camp is going two steps beyond AACS. First, it is requiring that Blu-ray disc manufacturers embed a globally unique identifier in the physical media through a process called ROM Mark. The identifier is embedded holographically and is not part of the data on the disc. This ensures that only legitimately manufactured discs will play on Blu-ray players. This process is very hard to duplicate and presumably involves digital signatures or other cryptographic devices that identify the hardware and software used in the manufacturing process.

Second, the BDA is specifying the use of renewable encryption through a mechanism called BD+. If AACS (or some future protection scheme) is hacked, individual devices can be rendered inoperable until they download and implement a new scheme.

In sum, the BDA is making sure that every link in the chain, from disc manufacturing through to the analog outputs of players, is both secure and under its control. This is typical of the strategies of the two movie studios who are backing Blu-ray, Disney and 20th Century Fox."

The bottom line this technology is available NOW for data! We have implemented it in many of the sites with which I have been involved for both SOX and HIPAA compliance. It is simply a matter of choosing to use it. And AES would be brilliant on the source side as any attempts to defeat it fall under the federal espionage laws, just as the VideoCypher folks smartly did by adopting DES back in 1982 and piggy backing on the federal espionage laws concerning DES! Why reinvent the wheel, so to speak, when you can get someone else's 'dog' to enforce your scheme!?

This time it will not be a simplistic hack without enforcible teeth.
Now you can start debating what you and others think 'fair use' is! And I suspect that the majority do NOT agree with how the producers define it!

Oh, and regarding the online connectivity issue, that won't be a problem for the suppliers. You will simply lack the added functionality that will be disabled by default unless you have connectivity! "AACS also provides for additional rights to content that can be activated if the device has an online connection (the default right is simply "play"). Through online license distribution, content providers can offer rights to unlock bonus content, make controlled copies onto secure storage media, transfer content to other devices, and so on."

It should indeed be interesting! (and BTW, Linux has NO advantage in this debate! This is no longer the kiddy CSS fiasco!)

[damonrpayne]

Additional news:

I have learned that panasonic will be releasing a dual format player. This whole argument could be moot!

[psg]

I thought it was samsung:

http://www.technewsworld.com/story/45972.html

Probably all of them will!

[eq_shadimar]

Just a couple of quick points:

An Internet connection will NOT be required to just play a disc. However if the AACS members decide that your brand and model of player have been hacked you will need to update the firmware via the Internet or from a ROM pack loaded on a disc (burned yourself or mailed to you from the manufacturer). If your player key is revoked you will still be able to play any discs made before the revocation date. Any discs after that date simply would not play.

AACS as adopted by the HD-DVD camp requires that a managed copy is available to users either for free or at some cost that a Studio or content provider decides to charge you. In other words every HD-DVD produced has to allow you to make a managed copy. A managed copy would allow you to make a full definition copy of the HD content and move it around to a Media Server, portable device, etc.. as long as the other device was also considered secure (MS Vista for example). If the device is not considered secure then a down rezzed copy (480p) would be allowed. Blu-Ray may also allow for this but it is not currently required as part of the standard. An Internet connection would be required before any managed copy could take place.

BD+ runs on top of AACS in a Virtual Machine (code running on a processor). This may allow the means for many hacks to take place even though FOX is touting it as a more secure system. On Blu-Ray devices both AACS and BD+ system will have to be satisfied before you can view the content. The major difference is that the content provider (Studios like FOX) can choose to update the code on their discs at any time using the BD+ system. So if FOX, for example, decides that your player has been hacked and they think that the AACS group is taking to long to revoke the player they can do it themselves via the BD+ system. HD-DVD on the other hand uses AACS and will follow the established rules before a player is disabled. The AACS group has a strict policy set that must be followed to revoke a player. This includes allowing the manufacturer time to come up with and distribute a fix.

Lastly this is all before the information gets to the chips that check to see if you have a HDCP compliant display or not!

Laters,

Jeff

[ARPRINCE]

Sony have announced that the PlayStation 3 will have SACD multi channel capability.

Sweet!!!