Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Vulnerability found in HDCP -- Scientist cannot publish vulnerability

From: "Jon O ." <jono () microshaft org>
Date: Wed, 15 Aug 2001 13:21:51 -0700

Vuln-dev:

There is currently a reported vulnerability in the High-bandwidth Digital Content 
Protection system used by different hardware vendors. The vulnerability was found
by Niels Ferguson after analyizing the system. However, Niels is unable to release
the vulnerability due to US and soon international laws.

Due to DMCA restrictions in the US his paper describing these vulnerabilities 
cannot be published so there are no details at this time. Background information
from Niels is available here:

http://www.macfergus.com/niels/dmca/index.html

Background on the DMCA and similar laws being passed around the world are
available here:

http://www.anti-dmca.org

Hopefully these issues will be worked out so Niels can publish his findings and
the weak protections can be improved.

Forwarded message follows:

----- Forwarded message -----

To: dmca_discuss () lists microshaft org
Subject: [DMCA_discuss] Cryptography Paper suppressed from the DMCA
Date: Wed, 15 Aug 2001 10:13:44 -0700


Niels Ferguson has found a weakness in the HDCP content
protection system. However, he can not publish the
results due to DMCA issues.

He has written a paper regarding this issue here:

Censorship in action:
why I don't publish my HDCP results
http://www.macfergus.com/niels/dmca/index.html

<quote>
HDCP is fatally flawed. My results show that an experienced IT person can recover the HDCP master key in about 2 weeks 
using four computers and 50 HDCP displays. Once you know the master key, you can decrypt any movie, impersonate any 
HDCP device, and even create new HDCP devices that will work with the 'official' ones. This is really, really bad news 
for a security system. If this master key is ever published, HDCP will provide no protection whatsoever. The flaws in 
HDCP are not hard to find. As I like to say: "I was just reading it and it broke." 
</quote>

_______________________________________________


------------------------
http://www.anti-dmca.org
------------------------

----- End forwarded message -----
Previous By Date Next
Previous By Thread Next

Current thread: