﻿ Why Blu-ray encryption had to fail | ZDNet

# Why Blu-ray encryption had to fail

Summary: The news last month that Blu-Ray encryption was broken was no surprise. It was inevitable. Consumer content encryption is a fool's game, a war the movie industry can't win. Why?

SHARE:
106

The news last month that Blu-Ray encryption was broken was no surprise. It was inevitable.

Consumer content encryption is a fool's game, a war the movie industry can't win. Why?

It is this simple:

1. Sell the consumer the encrypted content
2. Sell the consumer the de-encryption device, i.e. a content player
3. With access to the input, the output and the decryption device, it is only a matter of time before the encryption algorithm is broken.

Bletchley Park all over again This is analogous to the Allied breaking of the German military codes during WWII. When the Poles reverse-engineered the military Enigma, it was only a matter of time before a smart mathematician figured out how to recover the frequently changed encryption keys.

The British, at Bletchley Park, turned this process into a computer-assisted industrial system for large-scale key recovery and decryption, but the essential math had been known for many decades.

Yes, the Blu-ray algorithm has some interesting wrinkles, and it looked great 10 years ago. But Moore's Law kept pushing compute performance up and gradually 256 isn't such a big number.

The 2001 paper, Four Simple Cryptographic Attacks on HDCP by Keith Irwin, outlined how to break HDCP - the encryption between players and video sources carried by HDMI - so pirates didn't even need to break Blu-ray encryption to get clear content.

But the new HDCP allows decryption of source files:

This is a forty times forty element matrix of fifty-six bit hexadecimal numbers.

To generate a source key, take a forty-bit number that (in binary) consists of twenty ones and twenty zeroes; this is the source KSV. Add together those twenty rows of the matrix that correspond to the ones in the KSV (with the lowest bit in the KSV corresponding to the first row), taking all elements modulo two to the power of fifty-six; this is the source private key.

A simple matter of computing.

And now both are broken. There is no getting this genie back in the bottle.

The Storage Bits take I love movies. I have a collection of over 1300 DVDs - including a couple of dozen Blu-rays. I understand that hundreds of thousands of jobs and families rely on the sale of entertainment through theaters, optical media, downloads and TV networks.

But if the movie industry doesn't want to go the way of the record companies, they have to adapt.

The movie industry's challenge is to create compelling content priced so the audience has no interest in pirate copies. Yes, there will always be revenue lost to pirates.

The cure: give people a good product, reasonably priced and convenient. That, not encryption, is the long term solution.

Comments welcome, as always. The movie Enigma, a thriller set in Bletchley Park during WWII, included Rolling Stone Mick Jagger among the producers. Update: An informed reader asked about what NCR had done during WWII with Enigma. More than I knew. Here's a link.

Topics: Mobility, Hardware, Security

Robin Harris is Chief Analyst at TechnoQWAN LLC, based in Sedona, Arizona. He has over 30 years in the IT industry, including DEC and Sun, and degrees from Yale and the Wharton School.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

## Talkback

• ### This is why Blu-Ray won the HD war.

This really stinks now. Blu-Ray won the HD war with HD DVD due to Sony selling the movie houses on their "superior encryption" which as expected now is a bunch of B.S. So we as consumers are now stuck with a much more expensive media format than what we should have had. HD DVD pricing for hardware and media, long before the fall of the format was already showing that in the long run it would have been much less expensive and yet provide 100% of the same content ability of Blu-Ray.

Winner: Nobody.
Looser: Everybody.

I hope Sony is proud. Idiots.
• ### Winner: Sony, Studio

@Narg
So far BLUE Ray content is still hard to break. So-called HD movie pirated is more like DVD quality.
• ### RE: Why Blu-ray encryption had to fail

@FADS_z And for a lot of people that is good enough.
• ### Not even close

@FADS_z MKV HD 720p and 1080p downloads are far superior to DVD quality. not even close to comparable.
• ### RE: Why Blu-ray encryption had to fail

There is a HUGE difference in visual quality for BLU-RAY over standard DVD on HDTV's. Especially dual layer blu-ray disks. No upscaler can match a dual-layer blu-ray disk.
• ### RE: Why Blu-ray encryption had to fail

Hate to break it to you but there is plentiful and easy access to HD and True HD (720 & 1080 respectively) versions of BluRay content and you can sometimes get them before the official BluRay is released for sale.
• ### RE: Why Blu-ray encryption had to fail

@FADS_z I'm not quite sure what you mean when you say, "BLUE RAY content is still hard to break." I know of at least a dozen software applications that easily break it. I personally have a system with a monitor that is not HDCP compliant. I have to use AnyDVD HD to decrypt the content so I just watch the disk I just purchased for way too much money.

• ### Could be, though

@tehpea - There are several levels of quality settings when encoding h.264. They probably used one of the lower ones to limit file sizes and bandwidth requirements
• ### RE: Why Blu-ray encryption had to fail

@Narg
Hi,

The article is factually incorrect.

HDCP is the encryption used by DVI-D and HDMI. It isnt to do with BluRay, except that this is the prevalent DRM enabled standard for completing this task. HDMI (and therefore HDCP) is in every new TV and computer monitor.

BluRay specifies Advanced Access Content System (AACS) for the encryption of media on a bluray disc (and incidentally it was similarly specified on HD-DVD).

Very simply what happens when a disc is played (but this could simply be changed for HD content from your cable set-top box):

The bluray player starts to play the bluray disc the content is decrypted out of AACS, it is then passed to the HDMI controller. The HDMI checks to make sure all the devices connected through to the TV are trusted. The HDMI controller encrypts the content into HDCP and passes it to the TV, which decrypts the stream and shows in on the TV.

AACS as used in BluRay has for a long time been partially cracked; by using existing software debug methods "they" have grabbed the decryption key from a software blu-ray player while it is playing back a blu-ray disc. This allows the ripping/copying of content from all blu-ray media produced to that date.

Why only to that date; the AACS governing body or licensors have a mechanism that revokes hacked decryption keys.

The hack presented here for HDCP is that someone has reveled the HDCP master key.

In order to use the HDCP master key, you would need to generate a decrytion key. Then simply find the nearest chip fabrication lab and design a chip to decrypt the HDMI stream then build a complete HDMI video capture card for a PC, then use a blu-ray player to play the media into the capture card you've just built and dump the captured (decrypted) stream into a file.

You would have a bit perfect copy of what was displayed on your screen. In otherwords no interactive menus.

HDCP is an important technology, but this isnt the crack of the century for pirates... You still cant simply distribute a piece of software which will rip all blu-ray discs.

And there are many other reasons why HD piracy just isnt a factor at the moment, or for the foreseeable future.

1. An HD BluRay feature film is at least 15GB and mostly nearer 25GB without the special features. BluRay is already encoded with the most efficient codec available, H.264, so any reduction is size does mean a real reduction in quality. Bandwidth is still a finite commodity and unless you are willing to choke your broadband for a few days at a time, downloading a BluRay feature in its full and glorious HD quality just isnt worth it. It needs to be in the 1.5GB range to make it downloadable by the masses... Thats 20% of the size and that is a noticable reduction in quality... near DVD quality. In fact if you reencode a DVD feature film ripped to H.264 preserving the title in Handbrakes "High Profile", its in the 1.5GB range.

The feature films shared on the internet tend to be under a gigabyte. They are also encoded using a MPEG4 part 2 (XVID/DIVX) codec, this is nowhere near as good, in produced size or quality, as the H.264 codec that BluRay uses, so in effect these shared files could be smaller (and easier to share) or higher quality if they used H264 instead.

Mass DVD piracy (or at least the organised-crime type) is completed by manufacturing copies of the original disc and as long as organised crime can acquire pressing equipment, it will continued for revenue by them.

R
• ### RE: Why Blu-ray encryption had to fail

@richard.e.morton@...

"by using existing software debug methods "they" have grabbed the decryption key from a software blu-ray player while it is playing back a blu-ray disc. This allows the ripping/copying of content from all blu-ray media produced to that date. "

Now - automate that process, and you have a general purpose hack, even with revokable keys. If it's something that's done in software, it can be automated. Don't fool yourself into thinking hackers aren't intelligent enough to automate the steps they take to get keys.

That being said, finding the master key makes that point moot. It's now possible to design something that emulates the whole decryption process.

The problem is, you have to store the decryption key SOMEWHERE, otherwise you can't decrypt it. It's just a matter of finding that key. There is no theoretical way (at least in software) to make it impossible to find.

"You would have a bit perfect copy of what was displayed on your screen. In otherwords no interactive menus."

I'm pretty certain that, now that they have all of the information they need, putting the menus in is trivial.

"An HD BluRay feature film is at least 15GB and mostly nearer 25GB without the special features"

Or about the size of World of Warcraft. Which people can and DO download from scratch without the disk. It's not out of reach by any stretch of the imagination, and the Internet is only getting faster.

DRM is insecure, period. Eventually everything has to be decrypted somewhere, and it's just a matter of finding out where. Doesn't matter if a revokable key system is being used, doesn't matter if you try very hard to hide the keys. They're band-aids on a system that is fundamentally broken.
• ### RE: Why Blu-ray encryption had to fail

@richard.e.morton@...

"An HD BluRay feature film is at least 15GB and mostly nearer 25GB without the special feature"

15GB - 25 GB? This is what a single modern game is. Sold digitally and then downloaded from Steam or D2D. Or pirated. People have no problems with downloads of this size and it will become easier and easier with further proliferation of broadband and storage getting cheaper and cheaper. HD swapping anybody? Not everything has to be done online.

What is more, not everybody needs movies at full BR quality so the size can be reduced further to about 5-10 GB. And special features? People do not have to have everything that is available on official releases, especially for free (exluding time and effort). In fact it can be safely said that pirated releases have much wider market penetration exactly because they are delivered in every thinkable combination of size and quality.

"The feature films shared on the internet tend to be under a gigabyte."

You should definitely come back to the present. It is not 2000 anymore.
• ### RE: Why Blu-ray encryption had to fail

@richard.e.morton@... Haha, you really have no idea how media encoding is done, do you?
I personally have developed a command line which can shrink a 1H31M length feature film in 720p down to 1.2GB.
1080p content? the same film is only 3.5GB.
And it IS lossless.
Sure, it took me some 4 days to compress on my Intel i5 Quad Core @ 2.66GHz but still, is such a huge save in space not worth that?
And seriously? I've downloaded full BR copies online (27GB was the max) and it only took a week or two.
Where are you living and what kind of internet connection are you using?
I can see 1.5GB being a bit difficult for a dial-up user, but we've pretty much moved from that era, have we not?

The reason why BR disk videos take up 15-25 gigabytes is because they are set at huge, over-inflated bit-rates which aren't highly compressed, making it easier to make cheap BR devices which don't need huge processors.
Now, my laptop only has an Intel Centrino Dual Core @ 2GHz but I can play the perfectly compressed video's I've encoded with absolutely no problem. Even the 1080p content.
H264 is a type of video data, the compressors for it will vary in quality.
x264 is the very best encoder for H264 video. I suggest taking a look into it before making yourself look like a fool :D
• ### RE: Why Blu-ray encryption had to fail

@Yui

Well thankyou for explaining the error of my ways. I understand that BluRays may well be using high bitrates. Fine so the files are bloated... but 800MB XVID files are not HD quality.

I would doubt that any transcoding is lossless without using a lossless encoder, and H264 is not lossless...

I would be interested to look at your command line for transcoding a BluRay feature to 3.5GB without any (or even minimal) loss of quality.

Yes I know that x264 project is regarded as the best h264 encoder available. And I am aware of the article by one of the primary developers critiquing WebM or more specifically VP8.

I am not doubting that there are some people willing to spend a few days waiting for a large file to come down, but it isnt going to be mainstream until bandwidths increase over at least the next couple of years.

Finally, the master key for HDCP is unrelated to the master key for AACS and the difficulty in using the master key for HDCP isnt being challenged... The article is still incorrect.

@Cobra1; I agree, DRM is inherently insecure. And I am sure AACS will be cracked wide open at some point, but it isn't today.

@therustbelt; Nice sarcastic comment... What connection were you on in the year 2000? 512kbps ADSL? Typical movies seem to be between 800MB and 1.4GB ... still in the year 2010. I couldnt say what the quality was like though... I dont download them.
• ### RE: Why Blu-ray encryption had to fail

@richard.e.morton@...
I am going to have to agree with the other commenters. You can easily find a feature length film in pristine 720p under 5 gigs (and by pristine i mean no artifacts, no blocking visible on a 50" 1080p TV). I you have any understanding of the H.264 codec and all of the container formats it can fit inside of (my favorite is MKV) you would know that there is very little to be gained from the format of a Bluray disk. On a secondary note the only real reason to pay for a performance is that it is the visceral experience of live theatre or the pleasure of seeing it on the big screen. Most pirates thrive on the fact that they can throw a big middle finger at the corporations who try to tell them how they get to use a product that they have purchased. Or that a company would presume to say that they are dominant in their relationship with the public. Corporations that truly serve their clients will never cease to have strong loyalty.
• ### RE: Why Blu-ray encryption had to fail

@richard.e.morton@...

[i]I am not doubting that there are some people willing to spend a few days waiting for a large file to come down, but it isnt going to be mainstream until bandwidths increase over at least the next couple of years.[/i]

What is this "a few days" you speak of?

• ### RE: Why Blu-ray encryption had to fail

@richard.e.morton@...
• ### RE: Why Blu-ray encryption had to fail

@richard.e.morton@...
Richard you are right.Blue ray developers are on a continual research for secured codecs. An earlier blog also noted that pirated blue ray disc are closer to HD which I think is well taken.Demand is beginning drive prices of blue ray disc down as shown by some BB discs available at Walmart for \$10.00. The march of science goes on.
• ### Very interesting and a shame you're getting a bashing...

@richard.e.morton@...

Who in their right mind would spend weeks downloading a film? At the end of the process you're not sure of the quality; some muppets set passwords; some are missing key pars/rars.

At some point we have to decide what's worth paying for and that might be the crux... lower the price a bit. Don't get me wrong I do download a few films but I often buy the DVD as the upscaled quality is fine on my 52" Sammy. The odd 8Gb mkv at 1080p is superb but I would agree with you on massively reduced files.. They are often just not worth watching and often have stereo sound... pointless. Dropping some into mediainfo often shows them to be closer to VHS resolution.

And who can ignore the threat (however small) of being tracked down and asked to pay \$500 dollars per download.
• ### RE: Why Blu-ray encryption had to fail

@Narg It's funny how we always seem to get screwed over when we give up control to one or other proprietary, locked-up system. In the long run the consumer looses every time. MiniDiscs anyone? MemorySticks? maybe it's just a sony thing... Oh wait, there's also Microsoft, IE6 anyone?

The moral? Put all your eggs in one corporate basket, you're at the mercy of that corporate.