I did not design that particular system, but I know the people who did and the type of approach that they would have taken. I do not believe that they would have designed the system so that it relied on someone typing in the master secret written down on a scrap of paper.

The way we design cryptographic security systems is that we protect the highest value key material with multiple physical, hardware and operational controls. If you look at the VeriSign Certificate Practices Statement you will find a description of some of the criteria: six tier physical separation, separation of duties, key splitting. Most of these controls are taken directly from military practice.

One of the core principles is that no single person can use the crypto key by themselves. Nor can the crypto be used without creating an audit trail.

I would expect that the master secret was generated in cryptographic hardware that can only ever share its contents with other cryptographic hardware initialized with specific cryptographic keys.

This is all fairly standard stuff. I can’t imagine a reason why the Blu-Ray people would not have used it.

Bottom line here is that it is much more likely that the master secret leaked because people reverse engineered the hardware.

Content Rights Management is actually quite easy if you only want to distribute the content to a small number of tightly controlled devices. There is no particular difficulty in preventing leakage of spreadsheets, corporate reports and such if the right approach is taken.

The problem is much harder when you have millions of devices and only a limited degree of control. Breaking Satellite TV systems is quite feasible, all it takes is reverse engineering one set of hardware. The security controls are designed to stop someone from exploiting that information commercially by selling access.

The problem is hardest of all where you have no control over the hardware and all the parameters of the hardware are fixed. Like in DVD and BluRay.

“Unless you are creating a one time key for every single device which is not very practical”

On the contrary – that is precisely what Apple’s iTunes does for every iPod device and every user who buys content

IIRC the way iTunes does this is to ship the data in the clear from the iTMS to the host, and have iTunes itself uniquely encrypt it. Or at least, it did it that way a few years ago which is the last time I paid attention. This approach has obvious advantages in terms of reducing load on the server, and obvious disadvantages in terms of strength of security. Then again, Apple seems to be a lot more interested in providing the appearance of security (to its media partners) than actual security. (This is probably the right choice on their part.)

I’m not seeing the problem here at all?

Most motherboards have 5.1 audio built in, a lot have digital out. So using something like Power DVD that has 5.1 DTS capability with digital output to the receiver should allow you to have your audio.

Now if you are talking about the different audio tracks, then it might be best to rip the BD into an iso format and simply mount it like a real blu-ray disc. That should allow any blu-ray player to allow you to select the correct audio tracks.

Isn’t this all just like 5.1/7.1 DVD’s?

One-time-pad keys are indeed the same length as the input; Encryption with a OTP key is a computational operation of linear complexity (it grows linearly with the size of the input). In practical use, the clear text can be reversibly mangled, padded, and divided into manageable chunks (64-bit words, 128-bit words, etcetera) for a smaller key to encrypt.

Such a key is usually some key between 40 and 128 bits long; 128 bit keys, while being considerably shorter than this sentence, would require a multiple of the current age of the universe to try every possible value to brute-force the key — and computationally expensive to attack via cryptoanalytic methods. Encryption with a one-time-pad key is computationally inexpensive. Decryption is computationally inexpensive. A short-key OTP-like encryption is slightly less expensive in terms of computational cycles and storage, and it’s further a well-characterised computation expense value and well-characterised operation, and can be implemented easily in silicon without large (or even medium) amounts of memory on the chip, and that makes it less fiscally expensive and less risky for revealing keys — which is what every DRM purveyor wants.

Public-key encryption becomes more and more (exponentially) computationally expensive the larger the input is. It is absolutely infeasible to use a public-key private-key system such as the one in PGP to encrypt a 3 megabyte MP3 directly – it would take a large amount of compute cycles, and a large amount of data storage and retrieval. Such an operation cannot be implemented on silicon and have the entire operation stay on the same chip.

That’s why you have the public key encrypting the one-time-pad-like key (hard to crack, one known size, one known computational expense) which in turn is encrypting the email or media file (hard to crack, one known size, one known computational expense).

Please forgive me for calling it an OTP key; I ought to know better and dashing off a quick-and-dirty explanation, I ought to know, will get me corrected every time.

–

iTunes uses a public/private key scheme to encrypt protected media from their servers to the iTunes host, because otherwise someone could simply turn on the packet forwarding of their LinkSys router and capture every “protected” media they bought in the clear. Or another man-in-the-middle attack could happen. They did, at one time, send the media in the clear, and then they sent the media over an SSL link which was separate from the iTunes product and which put “in the clear” data into memory, interceptable by other programs.

Such is indeed a computational expense; however, a large amount of the media they now sell is not protected (encrypted).

They do still use a public key system to generate OTP keys unique to each iTunes store account (created during account creation) for the sake of protected media, and iTunes and iPod devices (and the Apple TV) use public-key methods for retrieving and storing those OTP keys to “authorise” devices to play protected material from a given account, and for activation. The firmware of the iPhone and iPod devices that are being released nowadays use a public-key / private-key method to be “signed” — if the firmware doesn’t hash out to what the hardware is told, upon manufacture or activation, is a valid hash, then the device will not boot.

It means that people can make much-needed backups of their very expensive investment in movies – an investment that many insurers won’t cover.

It means that people can play movies that they’ve purchased on the device of their choice, including tablets and laptops.

It means that when Blu-Ray disappears – like HD-DVD, VHS, cassette, 8-Track, PlaysForSure and several other recording industry-backed DRM’d standards, you can move your paid-for movies to new media.

It means that you can watch movies on large HD TVs and monitors that don’t support HDCP.

It means that you won’t lose your investment – due to circumstances entirely beyond your control – when a encryption key gets revoked.

What I think is more likely is that someone downstream did a hybrid attack where they got the secret material of a bunch of devices and then used that to calculate the master secret. If you know the secrets of fifty-or-so devices, then the odds are good that you can find the master key. It could be done with less, if chosen appropriately. The tricky and time-consuming part about the process as outlined in the papers is getting the initial set of secrets. That would require building specialized equipment and then running that equipment for a month and a half or so on average. If, however, you had the key material through another source, you could skip all of that and just go straight to the calculations (which would take almost no time and could be done in any language or math environment which supports 128-bit integers). So, my suspicion is that someone at one of the consumer electronics companies who had access to the secrets of their devices was able to collect enough of them (possibly cooperating with someone working for another manufacturer) to be able to calculate the master secret.

It’s also possible that people could have extracted the keys directly from the devices either using logic probes or if the secret material was stored in flash memory.

All four methods of getting the secret material ( 1) birthday paradox probing attack + calculation as outlined in the paper 2) DCP LLC insider leaks complete master secret 3) manufacturer insider get devices secrets + calculation 4) direct probing for device secrets + calculation ) work and are possible. But of these, I think that 3 and 4 are the most likely and that 1 is more likely than 2.

Jackasses.

The problem is that while there was a ruling made recently in the US where intentionally breaking or circumventing encryption was considered punishable, this isn’t, yet, globally enforcable.

Essentially the Blu Ray format was created because the original DVD encryption format had been completely defeated, the extra features Blu Ray boasts were added to entice people to move off the original DVD MPEG2 encoding and adopt the new tougher crypo system.

So here we are at the crossroads again – the current system will be cracked so how will the content publishers react:
(a) create a new system that they will then have to sell to hardware manufactures and Joe Public or (b) spend their time and money on lobbying for hardened copy right law.

They tried (a) already and found themselves back at square one in a fairly short time, I imagine draconian copyright laws look a lot cheaper to make right now.

I’m sure the A/V electronics manufacturers wouldn’t mind either…

On the contrary – that is precisely what Apple’s iTunes does for every iPod device and every user who buys content, and it’s what PGP and public-key encryption schemes are based upon — because encrypting a large email (or any non-trivial media file) with a one-time-pad key is pretty much a linear operation for calculation and storage, but encrypting that same email (or media file) with the public or private key directly is incredibly expensive in calculation time (and storage during the calculation) for any non-trivially-sized data — but encrypting the message with the one-time-pad key and then encrypting that key with the public or private key is quite manageable.

http://pastebin.com/kqD56TmU

Of course, it might be just an elaborate hoax.

That would be excellent news.

First sale, etc… Once I buy it, it is mine and I will do as I please with it in my home. I held off on the entire HDMI-based level of goods due to this HDCP garbage. That means I made zero Blue-Ray anything purchases, and zero new TV purchases, etc, directly because of their insistence on controlling items in my home. No. Now, I’d consider it, but I tend to be careful that not a single penny of my money go to the industries who buy laws and strong-arm tech manufacturers to usurp the rights of everyone else. I might buy the TV. I won’t buy a single Blue Ray disc new… *maybe* used. Good day today!

The event you are referring to happened over a decade ago. They changed their processes in response.