New AACS processing key leaks onto the net

Doom9, the forum that made headlines last year by extracting and publishing a "processing key" used to lock HD-DVD discs, has published a new key.

Processing keys can be used to make software that allows users to make unapproved uses of their HD-DVDs, like backing them up, playing them on GNU/Linux systems, and running them on mobile and handheld devices like iPods. The movie studios use the AACS scrambling system to prevent these uses, preferring to ban some of these uses and attach pricetags to others.

The last processing key leak created an Internet firestorm when the AACS licensing authority sent hundreds of legal threats to sites that published the key. The strategy backfired: within days, more than a million pages had published the key, ensuring that more people knew how to break HD-DVD players than owned the devices.

AACS has the capacity to "revoke" a processing key. When they do this, all HD-DVD players are unable to play new discs unless they get an update (woe betide you if your DVD player is on your boat, in your cottage, or at your grandparents' place where there is no Internet access). The big question is whether the AACS can revoke keys faster than hackers can extract them.

It's a race. AACS is losing.

Six days before the revocation of the original processing key, a company in the Caribbean updated its DVD-ripping software with a new key. Apparently, they had broken this key long in advance and held it close to their chest, awaiting a revocation event. The revocation was nullified before it even took effect.

Doom9's new key was released yesterday — it's unclear whether it's the same key — and it already appears on more than 244,000 pages. I'm betting that this breaks a million by Friday.

DRM takes years and costs millions to develop. It is generally broken in days, by hobbyists, for free. That's because DRM relies on hiding keys in devices that users own and have unlimited control over, and because every single vendor has to implement its key hiding perfectly in order to keep the secret. All a hacker has to do is find one mistake, the weakest implementation, and it's game over.

The amazing thing is that the entertainment industry keeps on shovelling dollars down the DRM pit. If I were a shareholder at Universal, Fox, Disney, Sony or Warners, I'd fire or repurpose every employee whose job it was to make my products less attractive to customers with magic, nonfunctional anti-copying technology.


(Thanks, Alex!)

See also:
Blu-Ray AND HD-DVD broken – processing keys extracted
AACS DRM body censors Cory's class blog
Digg users revolt over AACS key
AACS vows to fight people who publish the key
Why AACS keys will leak faster than they can be patched
New AACS crack "can't be revoked"
HD-DVD re-cracked six days *before* it is patched
EFF explains the law on AACS keys