DeCSS, crypto, law, and economics

David Turner novalis at novalis.org
Tue Jan 7 16:26:10 EST 2003


On Tue, 2003-01-07 at 15:00, John S. Denker wrote:
> The studios arguably hold intellectual property rights
> in the CSS decoding keys, 

Do you mean copyrights, patents, or trade secret rights?  

Copyrights: No, keys are too short, functional, and non-expressive to be
subject to copyright.
Patents: No, you already established that there were no patents on CSS.
Trade secrets: Maybe once, but not anymore -- all ~400 keys are now
available at dozens of easy-to-find locations on the net.  We'll see
what the court in Pavlovitch has to say about this.

> AFAIK Mr. Johansen never copied any
> such key (or even had one he could have copied),

He certainly copied a player key from a software DVD player.

> The truly amazing thing about this case is that the
> "crime" would not have occured if the studios had used
> decently-strong crypto.  It's ironic that in an age when
> for cryptographers enjoy a historically-unprecedented
> lopsided advantage over cryptanalysts, the industry
> adopted a system that could be cracked by amateurs.
> This probably wasn't simply due to stupidity in the
> industry; it is more plausibly attributed to stupidity
> in the US export regulations which induced the industry
> to use 40-bit keys.

Recall that the initial player key was obtained by copying it from a
software player.  As long as humans can read software, this sort of
attack will be possible.  It doesn't depend on the strength of the key,
because the attacker is given the key.  

That said, it's unlikely that the next major media format will have
software players, and it's also unlikely that Palladium will continue to
let us read software.  

-- 
-Dave Turner                     Stalk Me: 617 441 0668

"On matters of style, swim with the current, on matters 
of principle, stand like a rock." -Thomas Jefferson


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list