Basically, the copy protection system on DVD movie discs. Also known as CSS.

When the DVD format was being designed it was extremely important to the movie studios that it should not be readily copyable, because they were aware of the huge danger of releasing their precious movie archives onto a format that could be duplicated potentially infinitely with zero loss of quality or, of course, transferred over the net.

To this end they came up with the CSS, or Content Scrambling System - a digital encryption system that would supposedly be virtually uncrackable, and prevent pirates tranferring the encrypted content of DVD movie discs onto another medium.

It is a system based on decryption keys - each disc has around 500 different digital signatures stored on it, and each manufacturer who wants to build a DVD player is licensed a single key. The idea was that if a single key was somehow compromised (by reverse engineering, espionage, whatever), then all they had to do was to omit that key from all future DVD movie releases and they would still be safe.

Naturally - as is the way with these things - someone promptly worked out the encryption algorithm, and a key was indeed hacked out of a player (from the Xing! software DVD player for Windows).

The beauty of the hack was that the hackers held back from releasing any decryption software using this key until they had identified a weakness in the algorithm and exploited it to find, via brute force, another three hundred or so of the other standard keys, including the ones used by Sony and Phillips in all their commercial DVD player machines (obviously these keys could not be withdrawn without rendering hundreds of thousands of players useless).


Soon after this, a cracking group known as MoRE (Masters Of Reverse Engineering) released a tiny Windows program called DeCSS which simply and rapidly decrypts a DVD movie onto your hard-drive, and DVD was irrevocably compromised. See also wack a mole.

CSS is the weak content scrambling system used on most DVD-Video titles. The CSS cryptosystem claims to be 40-bit (for compatibility with United States export restrictions in effect when it was introduced) but actually has some holes that make it effectively 26-bit. If it is assumed that bruteforcing CSS keys is as fast as bruteforcing RC5 keys in the client, then my 333 MHz Pentium II laptop that processes 900,000 RC5 keys per second could crack a DVD in about a minute. Newer versions of independent DVD conversion tools do not rely on the revoked Xing key but instead crack the disc themselves.

Oh, go to jail.

Log in or register to write something here or to contact authors.