Precisely. They've gone to an effort which should invoke the DMCA (as ridiculous as that is) and they have a bullet point somewhere on a power point they can show to content creators that says DRM.
Those are the practical uses of any DRM technology one might ever devise.
Sure, you could throw in more than 5 seconds of security-through-obscurity, but why bother?
What uses Divx DRM? I.e., Is there evidence of anyone actually trying and failing to break Divx?
Edit: I'd guessed we were talking about Divx (of the DivX codec fame) http://en.wikipedia.org/wiki/Divx , which apparently has some DRM products now and is owned by Rovio-formerly-known-as-Macrovision.
I don't think there's actual evidence of many people actually trying to play DIVX rental discs. I only ever bought a player and discs to try to defeat the DRM (and was way overmatched; I think I could break it today with what I know and maybe with a lab I could put on a platinum amex, but not sure)
Kocher's team also did BD+, which people definitely try to break, and BD+ has been successful in its "academic" goal (if not in its business goal). They're also behind some other notable DRM/Content Protection success stories.
How so? Every single BD+ update gets cracked pretty quickly by Slysoft (and several other apps now) and most Blu-rays are cracked, reencoded and pirated before or just after their release. It's not anywhere closed to the "uncrackable masterpiece" its creators marketed it like. It was even supposed to be "patchable" if flaws were found, but the patches are only stop-gap measures which are circumvented by Slysoft and others in just days.
BD+ is mostly just an annoyance for legit customers, but is hasn't been a major obstactle for pirates and backupers for years. The goal of BD+ was to stop software-based piracy of Blu-Rays and it failed miserably on that front.
Heh, if only you knew the stories behind all this.
What if I told you that the attackers had a 2-month head start on some discs due to insiders leaking them -- would that make a difference? What about if you found out that there weren't as many "rippers" as it seems because for a while, one of them was a "thin client with remote access to a competitor's ripper"?
Also, the "uncrackable" thing came from an external analyst who had no communication with anyone at the company and was obviously wrong.
BD+ _is_ renewable, meaning no single hack breaks the system for all time (unlike DVD-CSS). There's always something you can do, and with enough resources, it can still give attackers a challenge.
I'm not saying that BD+ is the most successful DRM scheme ever, but I do think it's done well given the particular environment. If you want an out-and-out success story from the same company (8 years, no hacks ever), see the CryptoFirewall. This is an apples and oranges comparison though.
Wow, it seems like you actually co-designed BD+, HN never ceases to amaze me.
It would be really cool if you could go into more detail, this is extremely interesting! Especially the second paragraph.
I'm far from an expert on BD+, so this is pure speculation, but it seems to me though as the patches doesn't work properly because they can't patch the fundumental part of BD+ which Slysoft has figured out. It would be really weird if Slysoft actually have managed to find a completely new flaw in BD+ for every BD+ patch that is released. It seems much more likely to me that the patches can't actually fix the flaw itself, they can just hide it or change some parameters/keys (which Slysoft know how to find), requiring Slysoft to constantly release new updates to "patch the patches". It may give Slysoft's developers a constant challenge, but it also seems gives them a constant unique selling point that they profit greatly from.
Is this correct or have Slysoft actually managed to find dozens of different exploits in BD+, one for every BD+ patch?
It wouldn't be the blu-ray bitstream but it would be the decoded digital video bitstream. It would need recompressing although from such a high quality source then generational loss should be fairly minimal.
It also would not get you any interactive elements which for some may be an issue although for others it may be preferable in this way.
Indeed, and Divx was actually a commercial failure, partially due to how annoyingly complex their rights management was (but mainly because their partner was dying).
DRM (and similar tech) works pretty well in specific cases, like printer-ink DRM. I actually think ERM was a great idea, but sadly failed to DLP and other solutions (basically blacklist vs. whitelist of permitted activities).
Where it fails is software, particularly "media content", on commodity players, fully in possession long-term of end users, who are otherwise hostile, with no real costs to a failed break attempt.
The printer ink thing is probably their #1 success story, although the non-DRM version is to build some patented shape and rely on patents for protection, which may also work. (IANAL though; I know you can do compatible designs in some cases, too).
This whole "DRM for 3d printing" thing is a red herring -- the real war was "DRM embedded in physical devices we purchase", like auto parts and ink, and that was fought and lost in the last decade.
You might try asking Slysoft, which has to continually release new betas of AnyDVD HD as Macrovision randomly decides to break their software with updates of BD+.
Or, you could ask all the people who used to make 6 figures dealing H-cards for DirecTV, but can't anymore.
Additionally, I don't know of any other major system that has gone 4 years without an open-source hack. Since 2008, the only BD+ rippers are commercial.
Also, credit should be due to the designers of Cinavia as it has succeeded with the least secure design possible. It's a watermark in the compressed stream that is checked by the _player_, which mutes the audio if it is present. All you have to do is patch the player to ignore the mark or play it with VLC and it is "bypassed".
However, even the commercial rippers have not yet stripped off this watermark and all bypasses other than playing in VLC have been partial (e.g., needed an old PS3 firmware).
We use simplifications when we teach things (eg crypto) to people.
When people learn about cryptography they learn that one time pads (OTP) are the only mathematically provable secure cryptography. Everything else is thought to be secure, but we don't know.
Then they learn why OTPs are not used more often. (You need a pad as large as the text you want to encrypt; the pad must be really random; you must never reuse the pads; you have to get the pads to the person doing the encrypting and decrypting.)
And then they learn a bit more and one of the simplifications they learn is to XOR a bit of text with a string; they encrypt plaintext with a key. This is not a real crypto system, it's just a silly little demonstration.
But a disturbing number of people seem to stop there and say something like "Let's use XOR and a secret key and it's a bit like a OTP so super secure!!" but they forget that you must have a pad as large as the plain text.
So their crypto system is really very very weak.
Other DRM systems have been broken, but usually by smart people working hard with advanced techniques.
I could have broken this system.
The other thing that's bad about it is that it is ridiculously easy to intercept the decrypted files and copy those.
So they've sold a system to small un-clueful content distributors and they've used hyperbole to do so.
And the law prevents us from telling those content distributors because we're not allowed to circumvent a technical copyright protection method.
