Examples of Weak Crypto with DVDs

Video Notes

DVD Content Scramble System (CSS)

Three Elements of Crypto Security

  1. Safe zones protect important data
  2. Secret keys remain secret
  3. Crypto mechanisms resist attacks

DeCSS Software 

Jon Johansen co-authored DeCSS and released it in 1999. It was quickly distributed via web sites and Internet discussion groups. Some experts questioned its legality, and a few countries passed laws against “copyright circumvention” software. The discussion was complicated in the United States by the First Amendment, arguing that computer software was a form of protected free speech.

Keeping Secret Keys Secret

  • Physically protect them
  • Make them changeable
  • Make them hard to guess

Attacking the CSS mechanism

In 1999, Frank Stevenson of CMU reviewed an unofficial copy of the CSS source code program he found on the Internet. He reported significant weaknesses in the stream cipher design. This led to an attack requiring only 225 trials. He could crack a DVD disk key in a matter of seconds.

Vimeo Description

Movie DVDs encrypted their contents to prevent copying. The encryption did not prevent copying.

Video notes: cys.me/vid/c06.

Video #7 examines key wrapping on DVDs and privileges vimeo.com/202238441

The previous video explains how to detect message alterations using hash functions vimeo.com/199836576

See the entire Cryptosmith series in its album vimeo.com/album/4229550