AACS LA talks about cracked keys

AACS LA talks about cracked keys
Recently, the AACS LA, the group in charge of the AACS copy protection, acknowledged that hackers had been very effective in cracking the protection and have since been trying to restore the integrity of the technology. That being said, the new movie titles shipped with Media Key Block (MKB) v3 were cracked by Slysoft a week before the titles hit retail shelves.

Although an official statement has not been made about the latest round of keys being crakced, Richard E. Doherty, director of technology strategy at Microsoft, and who is also very involved with the AACS LA, took time to talk about the protection and how he still has complete faith in it.



“Just to clarify, the original attack was on certain software players that proved to be vulnerable, and did not and does not represent a widespread break in the AACS ecosystem ... In the past PC's have typically been a big target for hacking activities, as they are designed to run arbitrary software programs. But the line between PCs and traditional CE devices is clearly blurring – and many of the best PVR systems (in my opinion) are highly customizable and capable of running user-designed software,”
explained Doherty, “Keep in mind, however, that AACS is aware of the history and attack vectors of PC playback systems, and there are several technical measures (such as KCD and the entire proactive renewal system) that are designed specifically to address the particular issues of PC-based protection,” Doherty added.

The original processing key was cracked in February, but the new MKB wasnt released until May, which left many wondering as to why it took so long. Doherty had this to say about the matter: “AACS of course has the technical means to revoke overnight. But the current license agreement generally provides for 90 days. This is to allow time for the manufacturer to repair the product and presumably fix the vulnerability, and time to rollout the patches to the affected users.”

That 90 day grace period is done in the interest of the consumer, who could find themselves with retail discs that are unplayable due to software updates.

“You have seen a revocation cycle occur which has required upgrades to certain software players to make them more robust to known styles of attack. The AACS system was designed to deal with these sorts of attacks, and remains intact as a technology. This is in contrast to CSS, which is vulnerable to direct, brute-force attacks,” said Doherty, who then explains it in even simpler terms. “The analogy we sometimes give is: if you lock your house, but leave the keys lying on the street, then there's really nothing wrong with the locks or with the concept of locks in general. If you don't find the keys, you can change the locks if you like.”


Source:
Dailytech



Written by: Andre Yoskowitz @ 2 Jun 2007 19:24
Advertisement - News comments available below the ad
  • 16 comments
  • Pop_Smith

    Boo Hoo!

    Go cry a river, learn that copy "protection" will always be worthless, and build a bridge that states:
    We have given up on wasting millions of dollars creating copy protection that is broken days to a few weeks after its release, from now on we promise to spend the money on more important issues such as sick kids, adoption, the abolishing of diseases in 3rd world contries as well as "regular" contries and many other more important things.

    2.6.2007 21:38 #1

  • b18bek9

    well they cant seem to find a way to make more money off dvd's sicne they are copied and so on so they say since they arent making a few extra millions dollars here and there......

    3.6.2007 00:33 #2

  • anubis66

    if they want to have effective copy protection, they need to use a key bigger than what they do. try 512 bit encryption, or even 1024 bit +.

    3.6.2007 08:43 #3

  • Pop_Smith

    Quote:if they want to have effective copy protection, they need to use a key bigger than what they do. try 512 bit encryption, or even 1024 bit +.The keys are small, its true, but if they used 1024 bit keys it would take a while to bootup the DVD in the player or PC to watch it. Have you ever surfed one of the few 1024-bit websites out there? Even on a real fast connection it seems pretty slow due to the length of encryption.

    I could see hackers coming out with a Folding like program so others could help crack the key at a pretty fast rate if the industry used stronger keys.

    However I personally have to wonder that even if the industry used a real strong key that something similar to what first cracked AACS, a small bug in the way a program handled the decryption of the key, would occur anyway and cause the 1024-bit keys (or what ever length they used instead of the micro keys they use now) to be cracked just as fast or just a few days slower.

    In the end, as I stated in my first post, I believe they should just abolish copy "protection" and put the money to better uses.

    Peace

    3.6.2007 09:26 #4

  • borhan9

    All of this long article just to say that they have a new code up their sleve and they are soo sure that this one is unbreakable. All i have this to say. Lets see how long it takes for hackers to break the code :)

    3.6.2007 14:42 #5

  • Pop_Smith

    One thing I would like to point out I noticed as well:

    The Key is on a Disk that isn't released yet, it won't be out for a few days, so instead of being "We have another key that will be broken in a few hours or days" shouldn't they look more into how Slysoft got a hold of the disk probably ten to fourteen days before it hit retail shelves?

    Just some food for thought.

    Peace

    3.6.2007 14:47 #6

  • pollution

    Job security for the people protecting the discs if it keeps getting broken.

    3.6.2007 17:09 #7

  • windsong

    AACS won't be satisfied until every human being on earth is being tracked and monitored 24/7, every day of the year.

    3.6.2007 19:47 #8

  • avoidz

    More copy-protection bullsh1t...

    10.6.2007 04:05 #9

  • HalfHuman

    not again! this is pathetic. these guys are just fighting a loosing battle and pretend not to understand that they do. it's a couple of very rich guys against 6 billion people. spend money on something useful to the mankind and not on those stupid protections which are doing harm mostly to paying customers, upsetting them and confusing them even more. enough time wasted already with this subject!

    10.6.2007 09:06 #10

  • cleverick

    Want some ketchup with those french cries.

    13.6.2007 14:12 #11

  • Unfocused

    Eventually they will get tired of sinking money into a losing campaign. Aren't there some analysts or something who do research on the effectiveness of this technology?

    20.7.2007 14:16 #12

  • elwn7

    When they going to start refunding your money on the sorry movies you buy from them. They want you to buy their product without the customer knowing if they like it. Each movie is like a mystery product untill you watch it. They steal your money everytime you buy a promoted movie that you do not like after watching it. Give us a refund if the movie stinks. BUY THE MOVIE TO KNOW IF YOU LIKE IT :) NO REFUND FOR CUSTOMER SATISFACTION What a sweet deal for them. How many times have you been ripped off buying movies?

    12.9.2007 08:58 #13

  • elwn7

    Originally posted by elwn7: When they going to start refunding your money on the sorry movies you buy from them. They want you to buy their product without the customer knowing if they like it. Each movie is like a mystery product untill you watch it. They steal your money everytime you buy a promoted movie that you do not like after watching it. Give us a refund if the movie stinks. BUY THE MOVIE TO KNOW IF YOU LIKE IT :) NO REFUND FOR CUSTOMER SATISFACTION What a sweet deal for them. How many times have you been ripped off buying movies?

    12.9.2007 22:23 #14

  • elwn7

    Originally posted by elwn7: When they going to start refunding your money on the sorry movies you buy from them. They want you to buy their product without the customer knowing if they like it. Each movie is like a mystery product untill you watch it. They steal your money everytime you buy a promoted movie that you do not like after watching it. Give us a refund if the movie stinks. BUY THE MOVIE TO KNOW IF YOU LIKE IT :) NO REFUND FOR CUSTOMER SATISFACTION What a sweet deal for them. How many times have you been ripped off buying movies? Do not trust any add that has been inserted in my post

    12.9.2007 22:44 #15

  • emugamer

    Originally posted by Pop_Smith: One thing I would like to point out I noticed as well:

    The Key is on a Disk that isn't released yet, it won't be out for a few days, so instead of being "We have another key that will be broken in a few hours or days" shouldn't they look more into how Slysoft got a hold of the disk probably ten to fourteen days before it hit retail shelves?
    It was the screener.....lol

    Anyway, I just love the wording in their statements. The word "attacked" is a favorite. No one is attacking them. Slysoft is a legitimate company providing a service to the consumer. Unless Slysoft is declared by some court that their practices are illegal, they are not attacking anyone. Cry me a river...

    13.9.2007 08:13 #16

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud