[TriLUG] Thursday at 2pm: Cory Doctorow says, "Pwned!"

[Joseph Mack NA3T]

On Sun, 4 Mar 2007, Joseph Mack NA3T wrote:

> As for DRM, Cory said that all encryption methods are breakable, when the 
> receiver of the message is also the person who mustn't know the content of 
> the message. Security people know this, but have convinced the the 
> entertainment industry to buy their products despite this wrinkle, since 
> no-one else wants them.

Remembered some more:

Cary said there were 3 elements to crypto (if you know about 
crypto, this is all old hat)

o the method of encryption
o the encryption key
o the decryption key

Originally all three components were secret. The Enigma 
story shows that you can't keep the encryption method 
secret. Then something else (theft of code books? forget 
what) shows that you can't rely on keys being secure either. 
You're left with hoping that only the receiver's key is 
secure.

How do you know if you have a good encryption method? It 
turns out that encryption methods are really easy to write 
and just about anyone can design an encryption method that 
they (and almost no-one) can break. However the right person 
(eg DVD Jon) can break it in no time flat. The only hope to 
show that your encryption method is unbreakable, is to 
publish it and let the best brains in the world have a go at 
it. If no-one's cracked it in 20yrs, then you can conclude 
that it's OK, at least for the moment.

The problem with the recording industry is that they still 
think that you can keep the crypto method secret and that a 
relatively untested method is secure. Then you have to give 
the user the decryption key, without letting him see the 
decryption key. Does this sound a good business model?

Joe


-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!