[kwlug-disc] Has the HDMI master key been cracked?

Lori Paniak ldpaniak at fourpisolutions.com
Wed Sep 15 09:47:29 EDT 2010

On Wed, 2010-09-15 at 09:17 -0400, John Van Ostrand wrote:
> ----- Original Message -----
> > On Tue, Sep 14, 2010 at 9:19 PM, Raul Suarez < rarsa at yahoo.com >
> > wrote:
> > Minor correction:
> > 
> > HDCP is the encrypted protocol that allows things like DRM and all
> > that.
> > That is what had its key broken.
> > 
> > http://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection
> > 
> > HDMI is the connection and has nothing to do with DRM in itself.
> > 
> > Also ...
> > 
> > http://entertainment.slashdot.org/story/10/09/14/1211205/HDCP-Master-Key-Revealed
> As I understand it most consumer HD media today requires HDCP. This is the case with a cable box and Blu-ray player. That means that HDCP is generally required and manufactures who wish to interoperate using HDCP have to sign agreements that I'm sure includes complex legalese forcing them to honour media companies' requests for encryption. Because of this hardware manufacturers can't offer things like high-def capture/download. I don't know how the HD-Fury came to exist. It's converts HDCP encrypted content to component.
> To date people wanting high-def content from cable or blu-ray have had to use component video, which some cable boxes have turned off, and some devices don't have. It's also possible that devices reduce the resolution on component.
> One of the nasty things about HDCP is that the HDMI organization can revoke a key. So if the key for my Panasonic TV is revoked, my Blueray player and my cable box could refuse to send HDCP content to it. Since most of the content is protected, my TV would be only useful for low-def content.
> Another interesting fact is that the Blu-ray player gets updates from new Blu-ray discs. Yup, pop in a rental disc for a movie and wham!, your Blu-ray player complains that it can't display the content.

I'm looking forward to direct HD capture in MythTV from my HDCP Rogers
box, but you final comment is the best punchline to all this.  Keys can
be revoked but since this is (allegedly) the master key, wouldn't Team
HDCP have to invalidate *all* keys based on it and start over to clear
this breach?  Nevermind that would invalidate all pre-existing media and
players signed with that key.

DRM isn't bad.  It's just dumb.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20100915/fab20d10/attachment.bin>

More information about the kwlug-disc mailing list