An interesting comment here. The Engadget Interview: Viodentia, creator of FairUse4WM - Engadget : My suggestion to future designers is simple: don't bother with weak client-side decryption. Instead, provide a public specification for licenses using digital signatures, manage the PKI through a not-for-profit organization, and apply social and legal pressure to programs that don't comform. Accept that folks can trivially patch around the system, but if the restrictions aren't onerous most people won't go through the hassle.

I've been saying for a while that DRM (and software copy protection) is inevitably flawed from a cryptographic point of view. Because you can't give somebody the private key, the public key, the algorithm and the encrypted text and expect to have any control over the plain text. But I wonder now if there is any mechanism whereby part of this can be retained and the DRM made cryptograhically secure. In reality of course the plain text does eventually get out and so the "analog hole" must always remain. But this would prevent tools like Hymn and FairUse4WM from working. I suspect that the trick is to never give out the private key and to create a one time hash based on it that is passed out on demand. This would then imply that the playback device would only work while it was on line which pretty much counts out things like iPods.

I'm getting out of my depth here on cryptography. But it seems to me that TLS/SSL works something like this.

Ultimately, the content ends up as a bitstream that can always be captured so DRM is still a dead end. Even if we see increasingly draconian measures to try and prevent us getting anywhere near it. See Trusted Computing and HDMI.


[ << Scobleizer - on Apple trying to own "podcast" ] [ Skype and File Transfers >> ]
[ 25-Sep-06 7:00pm ] [ ]