Comments on: MPAA to Use ‘Military Strength’ Video Streaming Encrytpion

By: BFeely

BFeely — Wed, 31 Dec 1969 16:00:00 +0000

You can have all the encryption in the world but the weakness is that you must give the customer the key before the movie can be viewed.

By: broadbit

broadbit — Wed, 31 Dec 1969 16:00:00 +0000

I’m not too sure about the encryption aspect but I can already download streaming video so I would say that it is already compromised. I’m assuming that if it can be viewed while streaming its already been beat.

By: ejonesss

ejonesss — Wed, 31 Dec 1969 16:00:00 +0000

the only way to prevent piracy is if the key would be built into the dvd player’s rom chip.

and even then a hacker could extract the key using the same technique used by video game copiers ( there are devices that can copy the code from a game cartridge to disk ).

By: mungopw

mungopw — Wed, 31 Dec 1969 16:00:00 +0000

if a human made it its compromised im sure those who developed this technology can hack it in no time at all or know how to whats to stop another human being from figuring it out….time effort knowledge. i love this modern day wild west of technology and media figuring out a new business model and fighting it all the way down. the pirates will always win!!!

By: mountain_rage

mountain_rage — Wed, 31 Dec 1969 16:00:00 +0000

I hope dreamstream doesn’t have military clients otherwise those clients will be really pissed off when the University students start cracking the encryption. How do you explain away the crack in your security due to commercial interests.

By: prh99

prh99 — Wed, 31 Dec 1969 16:00:00 +0000

Unless they’re using a vetted algorithm 2048 bits doesn’t mean squat. From the key size I assume they’re either using public key encryption or just trying to generate hype with big numbers but for the sake of argument I’ll assume the former.
It’s unlikely they’re using a 2048 bit key to encrypt the entire movie cause public key encryption is very slow but much like SSL using it as a secure means to exchange a smaller key for use with a much faster private key cipher.

In any case these DRM companies must not understand encryption and the fundamentals of the Von Neumann computer architecture cause if they did they would know the key must exist in unencrypted form in memory at some point. The hack that broke AACS was a slightly modified chosen-plaintext attack the hacker dumped the memory for the HD-DVD player and went through it byte by byte testing for keys which was made easier by the fact AACS consortium release detail technical details of the protection system and example implementation of certain parts. I suspect DreamStream would be vulnerable to a similar attack.

By: Gamer8585

Gamer8585 — Wed, 31 Dec 1969 16:00:00 +0000

Ok there are several things idiotic about what the MPAA is doing:
1) Like prh99 said the decrypted data (and decryption keys) will have to reside in memory at some point and thus can be dumped to a harddisk and sorted out by a hacker with too much time on his hands.

2) IIRC Civilian use of very strong forms of encryption is really super ILLEGAL. Isn’t the MPAA or DreamStream risking legal action by using this grade of encryption?

By: prh99

prh99 — Wed, 31 Dec 1969 16:00:00 +0000

@Gamer8585 in the U.S civilians can use strong encryption fear of back doors and only limited by feasibility of use on their systems. The EFF etc reined in a lot of the governments attempts to control the availability and use of strong encryption through programs like the Capstone cryptography-control initiative which product the Skipjack algorithm the clipper chip. and government run key escrow. The government was also made to lax it’s export restrictions on strong crypto.

By: prh99

prh99 — Wed, 31 Dec 1969 16:00:00 +0000

sorry for the double post

“can use strong encryption fear of back doors” should say “can use strong encryption without fear of government mandated back doors.”

By: Gamer8585

Gamer8585 — Wed, 31 Dec 1969 16:00:00 +0000

@prh99

Thanks for the info. It’s good to know that we can use strong cryptography without legal threat. Last I heard there were some restrictions on its use but I haven’t exactly kept up with all the news. God Bless the EFF.