Friday, 09 March 2007

HD DVD Commentary

I have been following the saga of the folks at Doom9.org decrypting the AACS protections found on BluRay and HD-DVD discs.  In my mind, I wish them the best of luck.  I know I won't bite on either HD format until I know that I can copy, transcode, or move the content to any format or device of my choosing.  The entire concept of DRM is pretty non-sensical if you think about it.  We have encrypted content and the keys needed to decrypt it are either in the media player or embedded in the content itself.  Anyone spot a problem here?

This is just Security 101:  You can *never* secure your content if also have to distribute keys to decrypt your content to the same parties you want to keep your content hidden from.  The logical fallacy of the scheme is really stunning to consider.

Anyhow, I just read this post over on the DVDFile website.  At first, I thought it was an obvious parody, but then I realized that the author really believes that people that hack AACS are terrorists!  Wow.  He believes that HD video now is at risk because of a few people that believe in their rights to use the media they purchase in any device or manner they choose.

In a follow up to the hate mail he received, he gives an analogy that he is not allowed to drive a sports car 150 mph (its against the law and could hurt others), so hackers should not expect to be able to use their HD media on non-HDCP capable devices (because now the studios might revoke the media for others).  Yeah, I am still scratching my head on that one - the analogy sucks.

If we must keep with crappy car analogies, perhaps a better one is that you have bought an expensive sports car (your computer, monitor, HD player, TV, etc.) and also paid for the private use of a high speed race track anytime you so choose (the media).  Only, you find out later that unless you completely replace your car (new monitor, trusted OS, new "secure" player, etc.), you either cannot drive on the track you paid for (unauthorized players!) or your car has to be fitted with a governer to keep you from exceeding 5 mph (ICT or downrezzing).

The best thing that ever happened to consumers was the day that DVD protection was broken.  Now you can copy your DVDs to any format of your choosing and play it on any device anywhere (phone, iPod, etc.).  That day would never have come if the CSS protection was not broken and your only options for getting content in the form or device you want would be to purchase it again.  History tells me that AACS being broken is a good thing for everyone.

Thursday, 17 March 2005

X509Certificate2 or as you should know it: X509CertificateTheOneIShouldUse

Straight from Shawn Farkas:

http://blogs.msdn.com/shawnfa/archive/2005/03/16/397154.aspx

My reason for posting this is not so much that you should care that the class has been renamed, as much as you should care that this is the class you should use for X509 Certficates going forward. If you have ever done any CryptoAPI work in v1.1, you will be glad to know that they have finally put the important bits that were missing in X509Certificate into X509Certificate2. I don't know the full details of why they did not just update the original class instead of the kinda ugly 2 - but I would have to guess something about way too many breaking changes.

I had to develop a digital signing framework that used X509 Certificates. It was immediately clear that v.1.1 versions were not going to cut it. Since it was all .NET, CAPICOM was out as well. After long hours of reading MSDN CryptoAPI documentation, it became clear that I would need to write a lot of p/invoke code to get things like Public and Private keys from the Certificate as well as interact with a vendor CSP. In a way, I am glad that this X509Certificate2 was not available, since I would never have had a chance to really dig in and learn the underlying CryptoAPI. However, from a typical developer standpoint, this new class should save you at least a couple weeks of trying to figure out exactly how to interact with a CSP and get Private and Public keys.