Schneier on Security

The company responsible for this protection scheme issued a press release claiming this paper was based on erroneous assumptions.

Full text:
http://www.sunncomm.com/press/pressrelease.asp?prid=200310091000

Memorable quote:
--begin quote--
Based on several of these incorrect assumptions, Mr. Halderman and Princeton University have significantly damaged SunnComm’s reputation and caused the market value of SunnComm to drop by over $10 million.

In addition, SunnComm believes that Mr. Halderman has violated the Digital Millennium Copyright Act (DMCA) by disclosing unpublished MediaMax management files placed on a user’s computer after user approval is granted.
--end quote--

The comments to PasswordSafe entry are closed, but I'd like to point to one thing: the last time I checked the PasswordSafe, the passwords were copied to the clipboard in order to be used. And the clipboard was (or is it even now?)

http://news.zdnet.co.uk/business/0,39020645,2127947,00.htm

accessible from the javascript executed in the browser. Therefore maybe it's not the best solution. The better trick would be to have to point to the window which expects the password and that then the program uses API to emulate typing. That way, the password would never come to or remain in the clipboard.

I remember seeing this the first time around. The DMCA is not a defense against incompetence.

Yes the password safe! My preference is to encrypt my passwords file with a one time pad, ripped from a heavily encrpyted CD or DVD from one of the above company's products, and then using steganography embed the encrpyted password file into an MP3 ripped from a CD under Linux, in which the above mentioned copy protection doesn't function.

Linux is always left out. ;)

(Do you really mean to cut off comments to articles after only a day? If so, sorry for posting about PasswordSafe on this article.)

Do you have an opinion about the security of Apple's Keychains included in Mac OS X? It's a similar sort of thing to your Password Safe. I can't say I've been able to find much analysis of its security.

"by disclosing unpublished MediaMax management files placed on a user’s computer after user approval is granted." ... well, heck if you put a file on my computer, I consider it published.

No copy protection scheme can work when it comes to audio because of a little piece of hardware available on every computer - the line in port.

Once the data on the disk is decrypted, descrambled, or whatever, it's free reign. The line in port can capture the audio at CD PCM rate (44.1 Khz, 16 bit) or better (depending on the card) and record it to a WAV file. While this isn't as quick as ripping it straight from the disk, it's still quite easy to do. It's about the same as copying a tape using a dual-deck stereo.

The only thing that these copy protection schemes will do is prevent the ripping of the audio straight from the disk. Okay, so we go back to recording via the line-in port. Instead of taking about 15 minutes to convert the file (depending on your computer and several other factors), it'll take over an hour. Will it stop most people? Probably not.

Why is the audio industry spending so much money doing this when it'll fail anyway, no matter what system is used?

The line-in port on any computer bypasses any copy protection implemented. Sure it takes longer to convert the CD and you may not get a perfect copy of the song, but you'll get pretty darn close.

Why spend millions of dollars on a system that may tick off people if it doesn't work properly and is going to fail anyway? It doesn't make sense.

@AC:
"The better trick would be to have to point to the window which expects the password and that then the program uses API to emulate typing..."

Recent versions of Password Safe already have that. It's called Auto Type. From the help file:
"Auto Type provides a means for users to easily and quickly enter user name and password information. With a single click, the user name, and password are entered and the form submitted to the host for approval. By default, the formula followed by the automated keystrokes is as follows: the user name, followed by a tab key, followed by the password, another tab, and then the enter key (username TAB password TAB ENTER).

Most, though not all, web forms will operate with the Auto Type feature. For those that don't, it is possible to tailor the autotype behaviour as described in the Customizing Auto Type section below."

Re: PasswordSafe

Version 2.11 is listest as the latest on SourceForge:
https://sourceforge.net/project/showfiles.php?group_id=41019&package_id=33169&release_id=330734

@Kenneth Ballard

"No copy protection scheme can work when it comes to audio because of a little piece of hardware available on every computer - the line in port."

I would generalize your comment to: No copy protection scheme can work because the content must be exposed to the user - and the user can record video with a camera, record audio with a microphone, and so on.

"Why is the audio industry spending so much money doing this when it'll fail anyway, no matter what system is used?"

Beats me...

@Kenneth Ballard & Anonymous

Just one point all "off line" copy protection mechanisums are bound to fail.

Basically however they are "encrypted" the key has to be eitehr on the disk or in the media player. Sooner (rather than later) somebody will find,

1, The "encryption mechanisum"
2, The "master key"

And eventually the information will find it's way into the public domain.

For instance DeCSS for DVD's, and Sky's perenial battle with their pay-2-view cards are two that imediatly spring to mind.

We have also seen the majority of digital watermark systems (maybe all) fail for one reason or another.

The only practical way to do DRM is to have it so deeply embeded into the very core of a product that it cannot be got around in a sensible way. However as Microsoft found with the X-Box people will even get at systems if it's not quite in the core.

I guess this is one of the reasons Intel are getting into embeded DRM in their CPU's that BS posted about a few days ago,

http://www.schneier.com/blog/archives/2005/06/intel_quietly_a.html

I'd like to line up all these copy-protection idiots, and kick them in the face, one-by-one.

I just had a big hassle with a "DualDisc" CD I had bought. Neither of the two CD/DVD drives in my computer would play it. Since 99.5% of my music listening is done while at the computer, this made the $15 purchase a waste.

Do you know how aggravating it is to insert a CD you just bought, only to hear your CD drive whirring and grinding, and making noises that leave you wondering if the drive is actually being damaged?

Well, not quite. I had to go back to the store the next day, and exchange the DualDisc piece of crap for a regular audio version--which, fortunately, they had. I'm sure that they're just testing the waters right now, and regular audio CDs will become a thing of the past.

At that point, I'll stop buying CDs altogether.

I did copy the DVD portion of the DualDisc, and keep it on my hard drive, just to make the hassle a tiny bit more worth my while.

Audio CDs have always been impulse purchases for me. I'm hanging around town somewhere, decide to browse a music store because it's fun, and buy something. This happened fairly often -- a couple of CDs a month, on average.

Now that I can't trust that audio CDs are actually usable for me, I don't buy them at all anymore. I could check online or something, there are databases that list the bad ones, but that just doesn't fit the way I buy music. So I don't. Bookstores get my browsing money now :)

The frustrating thing is that the RIAA then blames these lost sales on "piracy", when it's directly due to their own stupid tricks.

I would be interested to know what happens if the user attempting to play the CD does so from a non-administrative account without the ability to install drivers. Would the DRM version refuse to load, forcing the user to rip the tracks normally, or would the CD just eject itself?

I find my self wondering if a better interpretation of

> Mr. Halderman and Princeton University have significantly damaged
> SunnComm's reputation and caused the market value of SunnComm to
> drop by over $10 million.

isn't along the lines of

"Mr. Halderman and Princeton University have exposed our efforts
to inflate the value of our stock options with bogus (and
possibly fraudulent?) claims about the capability of our
product."

Just a thought.

@AC
Passwordsafe as of about version 2.03 has code to type the password into the window behind it.

@Quadro,

"Would the DRM version refuse to load, forcing the user to rip the tracks normally, or would the CD just eject itself?"

DRM will create another access level above administrator. This access level, controlled via the DRM policy servers at the vendors headquaters, will have ultimate control over your system.

Whatever program is contained on the CD would have adigital signature approved by the vendor. The OS would then trust the executable, even though you might not.

So the system and the vendor will have ultimate control over features even administrator (or root) can't access? Wow. All it will take is one flaw in DRM, and we can say goodbye to functional anti-virus software, software firewalls and IDS. Unless, of course, those are managed by (and have the privileges of) the DRM system too. Which will make DRM more complex and create more weaknesses.

Of course, no virus writer or hacker will ever be able to exploit flaws in DRM, right?

Even if the music/software/any industry create a completely incompatable media that only works in their equally incompatable media player, someone somewhere will crack it, and completely ruin the money invested in the protection. I thought the idea of DRM was for prevention of loss.

For spahish-speakers, here's my two cents (Nov 2003): http://www.ugr.es/~aquiran/cripto/enigma/boletin_enigma_17.htm#3

Great work, SunnComm! A copy-protection system that can be switched off by pressing the Shift key. Compared to that, the Ice Cream Lock is state-of-the-art!

@jammit

It doesn't have to be perfect to be profitable.

Aloha!

When I look at the future more darkly than normally, I imagine systems that disallows playing/executing anything (media, files, programs etc) that _does not_ have any DRM tags associates/embedded into it.

I sure there will be ways to technically circumvent these schemes too (forged DRM tags, hw and sw hacks to the system for example), but I bet you that doing this will then be illegal.

Yes, very much an Orwellian imagination where "free" is closed and bad. But by the looks of it law-wise, that's where we're headed...

And naturally, booting *BSD and Linux will be a pain in the butt since all motherboards, CPUs, memories and all devices expect the OS to be talking DRM authentication before being accessed.

@Joachim

DRM on it's own is bad news but one US senetor has actually fielded laws to make the inclusion of DRM in all electronic items (media players etc) a legal requirment.

This quickly became known as the "Fritz Chip" in honour of the senetor. He is also known as the "Micky Mouse senetor" or the "Disney senetor" (amongst the names you can print in public).

Why he has taken this stance I cannot say but it has made him very unpopular in quite a number of places.

Being an average sensible joe if I was going to follow a policy that would make me so unpopular it would probably effect my ability to get re-elected (ie lose my job), I would need a very large cash incentive or some other assuratiy of continued income. Either that or I would have to be some kind of zelot (and as we know zelots in the US are regarded as a threat to national security).

What makes you thing your Line-In port will be enabled when running Trusted Windows ?
Or, to put it another way, what makes you think it will be availiable to non-Trusted applications ?
Remember Intel now controls this from the Mobo BIOS...

"The OS would then trust the executable, even though you might not."
Yes, the essence of "Trusted Computing" - but it's not here yet, fortunately, so what happens in the mean time?

"DRM will create another access level above administrator."
When you really think about it, there won't be an "administrator" in a TC environment, because what does it mean to be an administrator? It means that the owner of the system believes you capable of making good judgments about what to do with the system. But if anybody could actually be trusted to make these decisions, we wouldn't need TC, right? Being an administrator also means that you can do (almost) anything you want on the system:

"Administrators have complete and unrestricted access to the computer/domain" (Windows 2000's description of the Administrators group)

And that can't be allowed, because then an administrator could bypass DRM and cause an end to the free world!

"zelots in the US are regarded as a threat to national security"
Unless they're Christian zealots.

No matter what they do, i'll still be able to record the music, while it plays, with a microphone attached to my stereo (similarly for movies, but with a video recorder).

Until they outlaw stereos and video recorders. Hollywood already wants to but can't get it past Congress... yet.

@Quadro
They don't have to outlaw them, just make the audio fingerprinting technology mandatory. I believe they tried a while ago and failed.

Sort of like the printers that are reported not to print a certain shade of green.

Too bad if you have a home-movie of a talentless high-pitched green-clad performer, your PC will never let you digitize it (then again, that may be a good thing :-)

"DRM will create another access level above administrator."
The person who controls what may or may not be installed on a computer is the owner of that computer. If some DRM scheme comes along and controls what I may or may not have on my computer, it better be the one paying for that computer, it better be the one paying property taxes on the computer.

"What makes you thing your Line-In port will be enabled when running Trusted Windows?"
You are describing what is affectionately known as "the audio hole." If the device makes sound that can be heard, it cannot possibly be secured from copying. Music companies used to ship CDs to reviewers. But those songs ended up on the internet before they hit the stores, so now they ship the CDs inside (glued shut) CD players and the audio cables are glued onto the player.

The goal of TCPA is to have everything digital, even out to the speakers, with digital certificates everywhere. I predict a future supervirus that inserts revocation certificates all over the place (or corrupts your certificate store) rendering your hardware useless, since one of the key misfeatures of TCPA is that everything has a certificate, including the motherboard (in order to boot the operating system).

"They don't have to outlaw them, just make the audio fingerprinting technology mandatory."

Basically the same thing. With the fingerprinting technology, it's not really a recorder, just a crippled Hollywood money machine.