Keys, codes and unplayable discs
Hollywoodâ€™s great hope in the war against DVD hacking is to launch soon. Barry Fox has some good and bad news
Barry Fox, Personal Computer World 18 Aug 2005
Hollywood sees blue laser as a way to save face after DVDâ€™s copy protection, CSS (Content Scrambling System), was defeated. A hacker simply sucked the encryption keys out of a legitimate player and grafted them into the DeCSS disc copy software. Using new keys on DVD discs would have made them unplayable on all existing players.
The DVD Forum, which backs HD-DVD blue laser, has now formally adopted the Advanced Access Content System (AACS), and the rival Blu-ray disc system is likely to use something similar. I set out to learn more about AACS.
AACS was developed by Intel, IBM, Panasonic, Microsoft, Sony, Toshiba, Disney and Warner. It is â€˜renewableâ€™ if hacked. It uses â€˜broadcast encryptionâ€™ for one-way delivery of new keys, and revocation of hacked keys, without the need for a phone line.
Cryptography Research of San Francisco has been warning that this will leave some legitimate players unable to play some legitimate discs. So I asked the Motion Picture Association of America (MPAA), which represents the Hollywood studios, whether, after keys have been revoked, a player will still play old discs but not new ones? Or will it only play new discs, not old?
The MPAA didnâ€™t know and referred my question to the AACS consortium. Here are the facts.
There will, of course, be two types of HD-DVD player: standalone boxes like todayâ€™s DVD players, and PC software players such as Windows Media Player or Real. All these players hold partial key codes that handshake with partial key codes on the movie discs to generate a full unscrambling key whenever a disc is put into a player.
Every copy of the same version PC player software has the same key. Although the software keys are well protected (by tamper-proofing the player software), the AACS guys know that anyone who extracts a key from a software player will then be able to use it to write DeAACS software. So every six months or so there will be â€˜proactive renewalâ€™ of software player keys. Users will be invited to download a new version of their PC player software, with new keys.
Then, after around three months, the old keys will be routinely revoked. People who have not updated their player software will be unable to play new discs.
If a software key is hacked and crops up in DeAACS disc-copying software, the key will be urgently revoked by issuing a new version of the PC player software with a fresh key. Users will be warned to download the new version or their PC player software will stop playing new discs.