Intel Confirms HDCP Master Key Is Out
from the oops dept
We were among the many folks who wrote about the supposed leak of the HDCP master key this week, leading to an interesting discussion in the comments -- including a comment from a big time DRM supporter (he's even written a book about DRM) who scolded us for getting the whole story wrong, insisting that there was no such thing as a master key and that Hollywood never would have agreed to HDCP if there were such a thing. This struck me and some others as odd, as many of us have followed the discussions on HDCP, and I tended to believe Ed Felten's explanation of how HDCP works, which indicated that there was, in fact, a master key. That was from a few years ago, but Felten also just posted another explanation about how HDCP works, and it still seems to involve a master key.And, now, Intel is apparently confirming that the leak is, in fact, the master key. So, at this point, I'm going to have to assume that the DRM expert and the scolding were wrong, and that there is, in fact, a master key... and it's been leaked. Good thing the FCC gave the MPAA the okay to break your TV and DVR to release movies that would be "protected" by HDCP, huh? As Michael Weinberg points out, the FCC has now broken a bunch of TVs for nothing:
Today, it looks like HDCP -- the DRM that the MPAA insisted was required to allow them to securely distribute movies prior to DVD release -- has been broken. As a result, anyone who is motivated can make an exact digital copy of a "protected" high definition movie. Since all it takes is one motivated individual to make that first copy, this DRM (like every type of DRM before it) now serves absolutely no purpose but to inconvenience legitimate customers.Nice work, FCC.
In May, I wrote that "Studios are asking the public to trade the use of any analog inputs on their devices for more magic beans." The FCC accepted that trade. At the time, it looked like those magic beans at least pretended to have some powers to slow down copying. Today they have been revealed for what they really are -- worthless.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cracked, drm, hdcp, master key
Companies: intel
Reader Comments
Subscribe: RSS
View by: Time | Thread
The definition of insanity
Prohibition never works.
[ link to this | view in thread ]
Maybe one day they will learn that every form of security, given enough time, WILL eventually be broken.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
the can change the key BUT
[ link to this | view in thread ]
It's all about control anyway...
Cracked DRM + DMCA = Hollywood Still Has Control
With end-to-end DRM, Hollywood decides what devices, networks and software can legally play their content. That gives them leverage over companies like Samsung and Comcast, which is probably fine with them since the entrenched players all have a vested interest in preventing any disruptive new players from emerging.
Without some sort of illegal hack (that most people won't do), I still won't be able to record these first run movies on my Tivo. That is, of course, unless Hollywood lets Tivo decrypt the stream, which means Hollywood will dictate to Tivo (and me) how long I can keep it and how many times I can watch it. Many shows I record today can no longer be copied off of my Tivo since the shows remain "protected." It doesn't matter that Tivo could use a master key to capture a decrypted copy. Tivo would be in violation of anti-circumvention laws if they did. So would any start-up. It's difficult for a start-up to get funded when it's almost a sure thing that they'll be on the loosing end of a lawsuit.
DRM is all about controlling other people's legal business models.
(Sorry about being a broken record on this point, but I think it's very important.)
[ link to this | view in thread ]
Just hit "record" it works for me. DRM or not.
BTW the best explanation ever.
Quote source:
http://www.freedom-to-tinker.com/blog/felten/understanding-hdcp-master-key-leak
[ link to this | view in thread ]
Vista is not your friend.
[ link to this | view in thread ]
[ link to this | view in thread ]
What was the key?
[ link to this | view in thread ]
Incredible.... that's the combination on my luggage
[ link to this | view in thread ]
Re: It's all about control anyway...
Here.
- Arduino can do it and I bet many people are already posting the instructions on how to build a HDMI compliant device that only needs to have the software flashed into it to replace the old HDMI that didn't had HDCP in it.
- Hardware can be emulated in software, how long until some virtual machine gets and addon that makes it capable of copying anything.
Those things are not that hard, it inhibits companies from exploiting this not highly motivated people with the knowledge necessary to accomplish the task and when they do all will take advantage of that.
[ link to this | view in thread ]
Re: What was the key?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Boy, you really wouldn't want to make that your Achilles heel, especially during the age of the freaking Internet.
Why won't they learn?
[ link to this | view in thread ]
Re: Re: What was the key?
[ link to this | view in thread ]
Any lock has a key...
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Impact
What it might do is allow cheaper hardware dongles that strip out the HDCP and 'fix' the devices that have problems with the HDCP handshaking. It may also allow more innovative HDMI distribution devices such as running multiple screens from one HDMI output.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
"We believe that this technology will remain effective," he said. "There's a large install base of licensed devices including several hundred licensees that will continue to use it and in any case, were a (circumvention) device to appear that attempts to take advantage of this particular hack there are legal remedies, particularly under the DMCA (Digital Millennium Copyright Act)."
Allow me to paraphrase: "Yeah. We've sold a lot of shit, so we have to say it's gonna stay viable, and if some joker thinks he's gonna screw us, we'll sue his ass into oblivion!"
Hey Tom? Welcome to the new Internet. It's the place where things like the Streisand effect happen. You know, where you try to crush some small guy with a lawsuit, and DMCA, and other crap... And the rest of the world knows more about what you're trying to crush than you do. DVD Jon ring a bell?
[ link to this | view in thread ]
Re: Re:
Oh. Wait. That's how standard SSL works. Funny, that.
Then, that 4-second HDCP handshake will turn into 12 as all device certificates are validated at a central clearing house (I bet Verisign is frothing at the mouth for this).
[ link to this | view in thread ]
Re: Impact
Or it might make a nifty media converter so I could use my older, non HDCP HDTV (they do exist) with new content.
[ link to this | view in thread ]
Re: What was the key?
[ link to this | view in thread ]
Okay, so on to the *next* increment of DRM!
Also, some seem to think that they'll always have access to open computers, but see, THIS LEAK justifies the next level of hardware control. It's not even my original idea that it's an intentional leak for that purpose (I forget where I read it, maybe even here). I'm more concerned with where society is headed than where it is, because the trend is clear.
[ link to this | view in thread ]
Re: Re: It's all about control anyway...
[ link to this | view in thread ]
Re: The definition of insanity
[ link to this | view in thread ]
The Hypocracy
[ link to this | view in thread ]
Re: Re: Re:
with DRM the consumer is also the attacker. the consumer doesn't care if the relationship is maintained or not.
[ link to this | view in thread ]
Re: The Hypocracy
FTFY
[ link to this | view in thread ]
Re: Re: Re: It's all about control anyway...
[ link to this | view in thread ]
The cake is a lie
You can't block your customers from viewing content and let them view the content to.
If you want to keep someone from copying data, they must not have access to that data. This is on conflict with the idea of distributing data.
Now, if they really wanted to keep the customer from copying data, they would've put it under AES256 and inside a secure vault that is guarded, but I hardly see how that would make them money.
[ link to this | view in thread ]
Re: Re: The Hypocracy
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: It's all about control anyway...
[ link to this | view in thread ]
Re: Okay, so on to the *next* increment of DRM!
The thing is, with so very many companies using Linux, which presumably would not play nicely with trusted computing, could such an initiative really go anywhere? Interesting topic. I heard a lot about trusted computing a few years ago, and nothing since; I hope it's died.
[ link to this | view in thread ]
Losing my understanding of why it's there
[ link to this | view in thread ]
Re: Re: Re:
Interestingly enough, there are tons of cracked copies of Half-Life 2 out there, and you can play those without needing an internet connection (the single-player campaigns, anyway).
What won't those cracked copies do? Automatically install "updates" that break the game itself (happened with Episode 2 last year), or legal and encouraged third-party mods (like what happened last month, and hasn't been fixed yet).
I love Half-Life, and I don't even mind Valve that much, but this sort of behavior is just unacceptable. Hell, I've got a legit copy, and I'm thinking of finding a crack somewhere just so I can play those broken mods.
[ link to this | view in thread ]
Re: It's all about control anyway...
Yes, I think you hit the nail on the head right there. Content industries don't actually think DRM will prevent "piracy" (i.e. non-commercial, individual infringement).
They invest time, money, and lobbying pressure so that the content industries can legally force other businesses to accept their business model. Or if not, then at least pay the content industries boat-loads of cash.
If their legitimate customers are inconvenienced, who cares? Their most lucrative "customers" are not the end users, they're the ISP's, the hardware vendors, and the media startups.
Those media startups will usually fail, because they can't afford the blackmail-level rates demanded by the content industry. But if they do, again, who cares? The content industry still gets their money, without risking anything.
Stopping "piracy" isn't the point. The point is controlling other businesses in their market.
[ link to this | view in thread ]
Re: Losing my understanding of why it's there
Well, as a matter of fact...
http://www.techdirt.com/articles/20100720/01092010287.shtml
[ link to this | view in thread ]
Subject
They knew it wouldn't change a thing, but corporations gladly paid out licensing fees for the technology. The only winners are...the company the sells the licenses and the lawyers that sue for the DMCA/DRM breach. The other corporations and all customers lose.
[ link to this | view in thread ]
Surely just simple DRM makes more sense now?
As we see time and time again, every DRM scheme that appears is pretty quickly rooted and this is not only embarrassing to the entertainment industry but also makes each attempt a massive loss making exercise and completely pointless. The pirates are always going to find a way to circumvent the DRM, and the movies/music/whatever will be shared.
The only benefit that the entertainment industry gets out of DRM schemes then is preventing the common man (non-techie and non-pirate) from just making copies of his movies and sharing them with his friends. They want to avoid the situation in music we have had for the past decade where even you Mum or Dad could and might easily share a burned copy of a recent album purchase with friends.
To prevent this "common-level" copying of discs, they could just as easily use a simple DRM like CSS, but use the legal protections to make sure no mainstream hardware or software manufacturer offered anything that circumvented that copy protection. Yes anybody can find some DVD-ripping utility online now to copy DVDs, but because the feature is not built into iTunes/MediaPlayer/Nero/etc they don't.
Just making use of the legal protections like this will save them a fortune in implementing increasingly complex but equally useless DRM, and having to deal with all the associated problems that arise.
[ link to this | view in thread ]
1. the drm instantly and completes erases the data in a mini nuclear explosion if anyone comes within 10 metres of the PLAY button.........
2. The DRM becomes artificially intelligent and sends drm-bots back in time to stop the content being created.....
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: It's all about control anyway...
Considering the length of that key...you'll need a fairly hefty micro.
[ link to this | view in thread ]
Re: Re: Re: Re:
@Karl: The single player campaigns suck. The real fun begins when you get on line and play other humans. But yes, you're right. You can play cracked copies without an internet connection - but you're missing 80% (IMO) of the game...
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Not surprising
[ link to this | view in thread ]
very interesting
[ link to this | view in thread ]
Keep it up FCC!
[ link to this | view in thread ]
good news
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]