Kevin Blanchard wrote:
>
> In fact I think spreading the DeCSS is a GREAT idea. If they are trying to
> stop people from posting it, I think an email circulation is also in order.
>
> I do not believe it should be down as a rebellion but history has shown the
> technology advances happen more often because of hackers, crackers,etc. As it
> pertains to encryption, if they develop a way to encrypt data, and then a way
> is found to crack it, then a newer, better way is developed and so goes the
> evolution of technology.
However, in this case they were seriously incompetent so nothing new was
learned.
First, they claim their encryption is intended to stop copying. Either they
are lying (That would be my guess) or they've completely misunderstood.
Their encryption has **absolutely zero** effect on copying. Anyone with
the right hardware can make a bit-for-bit copy of an encrypted disk. It
will play on every device the original did.
Second, they used 40-bit encryption, presumably to comply with US
export laws. This is obscenely weak. Assume you can try a million
keys a second. 10^6 ~= 2^20 so you need 2^20 seconds. 3600 seconds
in an hour, somewhat < 2^12 so total time is somewhat > 256 hours.
A week or a month on a single machine, depending how fast it is.
Then they muffed the design so there are faster attacks; they don't
even have 40 bits of actual strength. In one brief to the court,
Dave Wagner from Berkeley said breaking this system was about the
right level of difficulty for him to assign it as undergraduate
homework next term.
Lastly, one of their customers muffed something else and the disks
have one unencrypted key, which makes it easier to attack the others.
> Instead of wasting money going on a wild goose chase to try to stop
> these "internet violators" which will never happen,
The scary part is that to some extent is is happenning and, given some
of the awful laws in place like DMCA, may continue to. These guys are
actually getting away with molesting Norwegian teenagers and with suing
webmasters over links.
> they should
> take the money and put it towards RnD of a better way to encrypt that data,
> which would be the best way to solve their problem of people decrypting
> material they do not want decrypted.
I'm not certain their stated goal -- protection against unauthorized copying --
is even possible. Certainly nothing they've done to date is even slightly
relevant to it.
> > It is not about copyright law. It is about power.
As for their actual goals -- controlling the market in viciously unethical
ways -- I devoutly hope they don't implement better encryption for that.
