digital rights management
Digital rights management (DRM) is the management of legal access to digital content. Various tools or technological protection measures (TPM) such as access control technologies can restrict the use of proprietary hardware and copyrighted works. ...
(DRM) and
encryption
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
system employed on many commercially produced
DVD-Video
DVD-Video is a consumer video format used to store digital video on DVD discs. DVD-Video was the dominant consumer home video format in Asia, North America, Europe, and Australia in the 2000s until it was supplanted by the high-definition Blu-r ...
CSS employs cryptographic keys with a size of only 40 bits. This makes CSS vulnerable to a
brute-force attack
In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct ...
. At the time CSS was introduced, it was forbidden in the United States for manufacturers to
export
An export in international trade is a good produced in one country that is sold into another country or a service provided in one country for a national or resident of another country. The seller of such goods or the service provider is an ...
cryptographic systems employing keys in excess of 40 bits, a key length that had already been shown to be wholly inadequate in the face of increasing computer processing power (see
Data Encryption Standard
The Data Encryption Standard (DES ) is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cry ...
).
Based on the leaked
DeCSS
DeCSS is one of the first free computer programs capable of decrypting content on a commercially produced DVD video disc. Before the release of DeCSS, open source operating systems (such as Berkeley Software Distribution, BSD and Linux) could n ...
source-code,
Frank A. Stevenson Frank A. Stevenson (born 1970) is a Norway, Norwegian software developer, and part-time cryptanalyst. He is primarily known for his exposition of weaknesses in the DVD Forum's Content Scramble System (CSS). Although the cryptoanalysis was done indep ...
published in November 1999 three exploits that rendered the CSS cipher practically ineffective:
* A
correlation attack
In cryptography, correlation attacks are a class of known-plaintext attacks for breaking stream ciphers whose keystream is generated by combining the output of several linear-feedback shift registers (LFSRs) using a Boolean function. Correlation ...
enables the recovery of a keystream's seed at complexity of 216.
* The mangling of disc- and title-keys can be reversed at a complexity of 28.
* A disc-key can be recovered from its hash-value at a complexity of 225.
The latter exploit recovers a disk-key from its hash-value in less than 18 seconds on a 450 MHz Intel Pentium III.
The CSS design was prepared for the leak of a few player-keys. New discs would not contain an encrypted variant for these player-keys in the disc-key-block. However, Stevenson's exploits made it possible to generate all player-keys.
Libdvdcss
libdvdcss (or libdvdcss2 in some repositories) is a free and open-source software library for accessing and unscrambling DVDs encrypted with the Content Scramble System (CSS). libdvdcss is part of the VideoLAN project and is used by VLC media p ...
uses such a list of generated player-keys.
There are cases when no title-keys are available. A drive may deny access on region mismatch but still permit reading of the encrypted DVD-Video. Ethan Hawke presented a plain-text prediction for data repetitions in the
MPEG program stream
Program stream (PS or MPEG-PS) is a container format for multiplexing digital audio, video and more. The PS format is specified in MPEG-1 Part 1 (ISO/IEC 11172-1) and MPEG-2 Part 1, Systems (ISO/IEC standard 13818-1/ITU-T H.222.0). The MPEG-2 Pr ...
Ted Nelson
Theodor Holm Nelson (born June 17, 1937) is an American pioneer of information technology, philosopher, and sociologist. He coined the terms ''hypertext'' and ''hypermedia'' in 1963 and published them in 1965. Nelson coined the terms ''transcl ...
states "DVD encryption was intentionally made light by the DVD encryption committee, based on arguments in a libertarian book ''
Computer Lib
''Computer Lib/Dream Machines'' is a 1974 book by Ted Nelson, printed as a two-front-cover paperback to indicate its " intertwingled" nature. Originally self-published by Nelson, it was republished with a foreword by Stewart Brand in 1987 by Micr ...
''.", a claim cited as originating from personal communication with an
anonymous source
In journalism, a source is a person, publication, or knowledge other record or document that gives timely information. Outside journalism, sources are sometimes known as "news sources". Examples of sources include but are not limited to officia ...
; Nelson is the author of ''Computer Lib''.
See also
*
DVD Copy Control Association The DVD Copy Control Association (DVD CCA) is an organization primarily responsible for the copy protection of DVDs. The Content Scramble System (CSS) was devised for this purpose to make copyright infringement difficult, but also presents obstacles ...
*
libdvdcss
libdvdcss (or libdvdcss2 in some repositories) is a free and open-source software library for accessing and unscrambling DVDs encrypted with the Content Scramble System (CSS). libdvdcss is part of the VideoLAN project and is used by VLC media p ...
, a popular free software for enabling playback of discs on opensource players.