Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Music Media Your Rights Online

Encrypting Digital Music With Multiple Keys 306

Orne writes: "The New York Times has an article about mathematicians at Brown who have patented a new music encryption system that is based on cycling encryption keys. '... a typical three-minute song could be scrambled into 180 different codes; anyone taking the time to break a single code would be rewarded with only one second of music.'" I'm not going to try to parse the math behind it, but advances like this are why I advocate laws to protect fair use of copyrighted materials -- sooner or later a successful crypto-system to prevent all non-permitted use of materials will be developed, complete with tamper-proof hardware in your PC, and then where will we be?
This discussion has been archived. No new comments can be posted.

Encrypting Digital Music

Comments Filter:
  • by Anonymous Coward
    There's no such thing as tamper proof hardware.

    Believe me. I'm ex-military.

  • by Anonymous Coward
    No it does not, wise guy. It depends on whether it is being used to promote or subvert freedom. Thanks for the facile, moronic reply, though. Its not surprising to see a subject with a moderate level of complexity completely elude the moron faction around here. Why dont you just post a link to the osm defense fund and skip to the next story, already.
  • by Anonymous Coward
    Then we will put a recorder on the digital output of your PC.

    I've always been amazed by these encryption approaches. They are useless. To play audio on your PC, the audio is eventually sent to the audio hardware. So what prevents me from writting a driver that pretends to be a audio hardware device, which records the audio to a file instead?

    In any case, at the end of the day, the audio has to get to your ears. Instead of ears, a microphone works pretty well too.

    In other words, it will always be possible to make copies of music. Until we have decryption implanted in our brains.

    Breace.
  • by Anonymous Coward
    imagine a future where the cultural history of the early 21st century is lost entirely even when its been pristinely preserved because the company with the decryption keys went out of business long ago. Think it can't happen? Look at Divx. All the disks for it are now utterly useless. Any company that thinks it will be here until the end of time (or when their copyrights expire) to decrypt our media for us is arrogent beyond comprehension.
  • by Anonymous Coward
    >The difference is, DAT was a competitor to the cassette

    Eh? DAT is all digital -- just like a QIC-80 -- it was competition to the CD and casette (except it is linear, unlike CDs). Maybe I missed your point, sorry.

    >now we have a satisfactory, if not perfect, technology.

    CD Deck -- $150
    DVD Deck (complete with lameass encoding scheme) -- $300
    SuperHeavyEncrypted Audio Player -- $??? (I guess $600)

    Just look at the first thing people look at in the stores today, Price! Unless this new tech is the same price or less than a CD Player, I think It'll be dead before it gets off the ground.

    DVD has taken a little less than a decade to break 10% acceptance. Why? Even now it still costs thrice as much as a cheap VCR. When it came out it cost 10x or more! DVD still has a long way to go, maybe another 10 years, before it begins to eat into VCR sales.

    Heck, even CD Players took 10 years to be a hit. Again, the price was too high (even the old, "crappy" sounding decks were good enough for the average man, so sound quality wasn't the problem).

    I guess if the record companies want to eat the price of the player, they MIGHT be able to break into the market. But they will have to eat the price for a long time.

    I suppose they could stop selling casettes and CDs, but that will only cause bootlegging from the radio (which is protected by law) to skyrocket to unfathomable proportions.

    Who knows, maybe the entire world will become rich (but wait a minute -- if we are all rich, then aren't we all poor? You need a base to compare against... :-) then we will have these neato decks. Till then... I'm gonna keep buying CD Players.
  • by Anonymous Coward
    Am I the only one wondering why it's better to encrypt 180 segments of a stream each with a different key (making brute-force decryption of the whole stream 180 times as hard as with one short key) than to add just eight bits to one key and make brute-force recovery of any part of the stream 256 times as hard? Multiple keys are a win when they drive different algorithms, or are held by different people, or expire at different times, but what good are they here?
  • All someone has to do is capture the audio stream, and then you'd have the music. As for signal degradation, I'm sure there are (or will be) ways to correct it (could someone enlighten me on how correction would be theoretically possible? I'm thinking a program that could make educated guesses on the missing bits).

  • True, but they said "tamper-proof" hardware (which is laughable, given that even if the hardware was 100% tamper-proof, the *software* drivers would be one way to attack this problem). I was thinking more along the lines of tapping the audio at the point of decryption.

  • NTRU are, as far as I can tell, snake-oil merchants with no clue about real crypto. If anyone can think of an advantage of encrypting a piece of music with lots of short keys over encrypting the entire thing with 256-bit Serpent in counter mode I'd be interested to hear it.
    --
  • Fundamental problem with any digital media protection system is that it must produce decrypted output for the end user.
    This means even if Big Brother Records Inc. would require me to use special device attached to computer, that decodes music according to my fingerprints, sound output would still go to my soundcard. So if I go out and buy loopback cable for as much as $5, then connect audio output to audio input on my full-duplex soundcard and run audio recorder program in parallel with whatever decrypting program they use I still would record the song, encode it into normal MP3 and save it on a Zip disk to listen to it at work. There is no way they could stop me.
  • among the .0001% of society that are geeks, DIVX died because of use-limited licensing. but in the broader market, the real reason DIVX died is it confused consumers on standards, and the sellers of standard DVD technology quashed this competition, they didn't want to pay the DIVX licensing fee to distribute their products.

    It's the sad truth.

    If it ain't broke, fix it 'til it is!

  • I was just remembering that old Metallica song-
    whoops! time to cut Lars another check!

    If it ain't broke, fix it 'til it is!
  • of course, doing this is against the law, now that we have DMCA, or WIPO, or, what is it now?

    If it ain't broke, fix it 'til it is!
  • I disagree. People are stupid. Do you know how many Brittney Spears albums sold? They'll bend over and buy them, they'll pay double, and they'll pay double again each time to listen. Eventually, when the technology permits it, they'll pay for the privilege of *remembering* what they heard.

    If it ain't broke, fix it 'til it is!
  • The thing that really burns me, is that 5-7 years ago, there was this "alternative scene" in music, and the pop music wasn't all that bad. Sure, there was a lot of crap "alternative" out there, but there was some good stuff being played on the radio.

    Now, i was never really much of a Nirvanna fan, but doesn't it seem like it all ended, folded up and went away when Kurt Cobain blew his brains out? I mean, pop music was rock n roll back then, now, it's different, it's sort of this weird r&b/rappy/dancie/gap commercial stuff. Was Kurt Cobain really that important? What the hell happened?

    The fact is, the musical landscape is dominated by four corporate giants, and the indies are there, but they're such minor players in the distribution and promotion infrastructure, that anything outside the money-making "formula" is lost. It's a LOT harder now to find good stuff than it was 5-7 years ago.

    I also believe that socially, there has been a mass-rejection of nonconformist music among kids who were shocked at the whole black-trenchcoat scene when Columbine went down. It's a backlash against the Primus/Marylin Manson/Ministry set. (hm - if I listen to n'synch, and don't wear black, people wont think I'm a freak and am going to kill them).

    If it ain't broke, fix it 'til it is!
  • for all intents and purposes there is zero Marginal cost for every song sold digitally, so each song would probably only cost a few to fifty cents to download for one device.

    But the cost of distribution has little to do with media costs nowdays. A lot of a CD's $18.99 list price is pure profit.

    Today, I read a Washington Post article [washingtonpost.com] on the adult movie business and was struck by the following set of statements:

    "Adult movie suppliers such as the Hot Network and New Frontier Media also make their products available to satellite and cable TV companies on a generous basis. When it comes to a typical Hollywood movie, a cable or satellite company usually keeps only 45 percent of the $3 to $4 fee paid by a subscriber. In the case of adult movies, however, cable and satellite companies keep up to 80 percent of a subscriber's pay-per-view fee. Those lopsided deals are possible in part because it costs relatively little to produce an adult film--$30,000 to $40,000--compared with $75 million for the average mainstream film.

    Those savings are not passed on the customer, however. Instead, AT&T and Starpower charge as much as $7.95 for each adult movie, about double the price of a Hollywood blockbuster on a pay-per-view channel."

    Media companies rarely "pass the savings on to you."

  • Yes, it is different. Digital world != real world. Information != property. Once a single person labours for (literally) 4 or 5 seconds or so and transforms the .riaa into an .mp3, then the security effectively does not exist for anyone else in the world. That single .mp3 can be copied verbatim to anyone else, making the .riaa literally inferior (and hence useless).

    This is not the same as a security system on the house. Once I break into your house, I can not copy the entire inside of your house and share it with everyone in the world.
  • There is no D/A or A/D conversion going on, because you are not as stupid as the OP. You do not even need to have a sound card. Just set up a fake /dev/dsp (or the equivalent under Windows) to save it to .wav. This is not new stuff.
  • Hmm yes, that would be much more difficult. You could still get around it by using a VMWare approach, though, presumably.
  • The implanted chip will temporarily disconnect your speech centers while you are listening, preventing this. And they will encode the stored memories so that they can only be played back through the decoder, so you can't sing it later. There will also be protections so that your mind can only think and report positive and pleasurable responses to the music, all negative ones will be stopped, since they violate the license agreement.
  • I must be missing something. I fail to see how this will prevent duplication of the music/text/whatever. At some point in your device you have to produce output, that output can't be encrypted, or you wouldn't be able to understand it. So at the very least, you should be able to tap into the data stream, say where it enters the sound card, and gain access to the unencrypted format.
  • Well, thats not too much worse than what I get from Napster...
  • by Anonymous Coward
    And what happens when you obfuscate the watermark?

    Example: Take a picture off a site with a watermark. It is in GIF format. Recompress with JPEG at full quality. There watermark is still there, but not in original condition. Any bit for bit information is lost in the watermark. Same thing applies towards audio. Take this sound with a watermark. Run it through a lossy compression routine (such as MP3) and your watermark becomes distorted.
  • For those who still dont know you can use WWW10 instead of partners or www.nytimes.com Below is the link

    THE ARTICLE [nytimes.com]
  • The only way to stop people from using current technology in favor of a new one is to force them to throw out the old stuff.

    Which is exactly what the FCC is doing with digital TV. If current plans hold up, after 2006, you will have to throw out your old TVs/VCRs, or buy a converter box so your old TV will still work (but it won't do half of what those brand new TVs at Circuit City will do). And I have no idea what sort of crypto/access control/whatever the MPAA is going to demand on digital broadcasts...

    OK, it's a bit of a stretch from TVs to CD players, but they're already talking about digital radio standards, too (and just imagine what those'll look like after the RIAA gets through with them). So never say never...

    Eric
    --

  • Reading the patent, these people clearly do have some familiarity with modern crypto. I still think most of this is bogus but "snake-oil merchants" and "no clue" is putting it a bit strongly.
    --
  • We'll be in the same place we are now, very simple, just take audio out from your computer, use a double male line to the audio in port, and record onto mp3 or whatever replaces it, encryption scheme bypassed. if you can _LISTEN_ to music, you can get around any and all encryption of it.

    Or, even better: intercept (either in software or in hardware) the actual cleartext digital stream going to your dsp. Convert to CDDA, rinse, repeat.

    Repeat after me: digital media cannot be copy protected! Write this out 5,000,000 times, or, better yet, just use copy and paste :-).

    --
    "How many six year olds does it take to design software?"

  • As a virulent opponent of copy protection systems in any form (because they are childish), it's important to point out that watermarking does have a place in the digital universe. But it's a role very different from the one the media corporations have been feeding you.

    In the future, where everything that already exists is copyable thanks to matter replicators or buckets full of programmable nanobots, there will still be a need to create new things that don't exist. There will still be a need for artists.

    So, if you want something new created, how do you know which artist to approach? By their reputation. Presumably you'd examine other objects that are close to what you want, then talk to the artist who created them. But how would you know that the person you're talking to is the true creator, not an impostor? By examining the watermark embedded in the work.

    Note the subtle distinction here: Media corporations want to use watermarks to uniquely identify each copy. In my proposal, the watermarks identify the designer of the original pattern for the copy. The reason this is important is because, whether you like it or not, there will be bazillions of copies out there. Any one of those copies may find their way into the hands of someone who wants to know more about where it came from. Being pointed at the original artist is considerably more useful than pointing at the guy who obtained that copy.

    Schwab

  • untamperable hardware.
    I'd like to see THAT.
  • Better yet you can just install a software shim between the player and your sound card (ie, a software-only audio "driver" that pretends to be a sound card, using your real sound card as the output device) and copy the decrypted data to disk.

    It's a *simple* concept, and i keep wondering why people have such difficulty with it: If the media can be used at all, it's content can be duplicated.

  • If you can do them separately, it is just like a 41 bit key.

    40 bit key = 2^40 trial guesses.
    Two 40 bit keys = 2 * 2^40 guesses = 2^41 guesses.
    One 80 bit key = 2^80 guesses.

    With an 80 bit key, you have to get the whole key right to see if you've gotten it. You may guess the first half right, but not know because you didn't guess the second half right.

    Now, if you encrypt something with one 40-bit key, and then encrypt that whole thing again with another 40-bit key, THAT takes 80 bits of work. But encrypting two different chunks of data with two different keys creates only double the work (add one bit).
  • I think it's a completely open question whether this is a sound technique (no pun intended).

    In any case, on the legal front, you may notice that this was a little submarine patent, with an original application having been dormant since 1996, incorporated into this patent.

    And, as usual, the NYT article seems to imply that any use of music other than by the purchaser on the original device is "infringing", which, of course, it is not. But that point has been made again and again; Lessig's book "Code Rules" is a must read. At least, we can still copy the content using analog means, like we always could. And whether consumers will go for this kind of system remains an open question--it has a lot of unpleasant practical restrictions even for completely non-infringing use.

  • Nobody will buy copy-protected audio gear because it's demonstrably worse than what they already own!

    Wrong. They will buy it. Here is why...

    The record companies are in control of the mainstream market. They set the prices. "So what?" you think. Well, imagine this: You go to the music store, and there's a Metallica CD for $20. And there's also an SDMI copy-protected version of the same music for $10.

    After seeing that a few times, Joe Schmoe is going to want an SDMI player. So he buys one, and now all he ever buys is SDMI music, and then millions of people are doing it. A couple years later, and the unprotected audio CD is about as rare as an HTML page that can be read by Mosaic.

    Copy-protected music will sell if the companies are able to keep control of the market.


    ---
  • And for those of us who aren't quite so good at hacking hardware, you can always just use a microphone to record the sound the "old-fashioned" way.

    Sure, you'll lose some quality, but faced with a choice between a format that they have no control over, or a slightly lower quality format that they control completely, I think I know which way most people will go...

    Cheers,

    Tim
  • As I said in reply to another comment, what's to stop people from digging out their old microphones and recording the music the old-fashioned way?

    You can encrypt the signal right up to the point where it has to become compressions and rarefactions of air; at that point, nothing can stop it from being ripped to another medium.

    If I can hear something (or see it), I can copy it, one way or another. I may well lose some quality, but then mp3s are lossy, and it doesn't seem to have hurt their popularity at all.

    Cheers,

    Tim
  • That merely makes the copy traceable, it doesn't stop you from making it.

    Of course, if the copies could be traced back to you it would make distributing them riskier, perhaps to the degree where almost no-one would take the risk. It would only be a matter of time before someone figured out how to remove the watermark from the copy though, then we'd all be back to square one.

    Cheers,

    Tim
  • just take audio out from your computer, use a double male line to the audio in port,

    No need to. Just use the vsound hack [zip.com.au] to save it digitally.

    Copy protecting data doesn't work. (OK, it might work against AOL users.) The reason: it is enough if one person can copy it and puts it onto FreeNet or Napster.

    Why can at least one person copy it?
    To make it accessible, the program needs to decrypt it. To decrypt it, the program needs to know the key. To know the key, it must be built into the program (as in the case of DeCSS) or transmitted over the net.
    And who would buy anything knowing that the RIAA knows his/her identity and how often he/she listens to the music?

  • All this encryption of audio files brings a smile to my face when I think of the UK. Imagine loosing the key, and just after that they come to your door with a search warrant. Off to jail for you if you can't hand over the key :-)
  • I'm sick and tired of hearing the same old "If artists don't get paid they won't make anymore art". How is it that we have had such great music from Mozart, Beethoven, Tchaikovsky... I don't think they lived the lives of superstars our contemporary "artists" enjoy.
    I hope this trend of millionaire "artists" dies away when they alienate all their fans from their music through their constant search for "better protection for their IP" instead of doing what they set out to do in the first place - create art!


    Where do you think the term "royalties" comes from?

    In days gone by, great composers were in the employ of the royalty; they did indeed garner "superstar" style lives -- but the times were different then.

    Mozart, Beethoven and Tchaikovsky were very well paid for their work... modern day artists don't have royalty to bestow boons on them, so the system doesn't work exactly the same way - but it's very similar.

    Simon
  • I see far too many people posting about the possibilities of recording the output or whatever. We have computers...many of which do nothing in their spare time. We have distributed.net. Granted Distributed.net would likely not host a crack-the-lame-music-format contest...but I'm sure a few people would. Hell, I'd kick in a grand for the prize just as a way to stick the proverbial finger to the RIAA. I'm just curious as to why so many people look at it as copying the output - why not just work to get the decryption routine. If it can be done realtime (as it must be able to do, to be played and all) then it can't be too mathematically intensive...hence while the key may be large we could go through a lot of possibilities rather quickly. Anyways, I'm just blabbing for the sake of blabbing - I'll shut up now.
  • Apparently, you haven't read the SDMI doc's. It is possible to watermark audio such that any recording device (your computer included) simply will not sample audio it detects the watermark in. You can plug that nice analog audio stream into you 'fancy new ultra cool feature loaded' sound card and it will refuse to record the audio because the DSP has a watermark decoder in the ROM that causes it to detect copyrighted music. Do you accually plan on keeping your current PC for the next 40 years just to record and play audio?
  • IANAC but from what I can see this is really just another public key algorithm. Now, considering that there are not that many different variants of pkc, that might be an accomplishment in itself (if it is actually any good), but can anybody see what makes this better for doing the *AA's dirty work then any other cipher?

    I would almost be inclined to guess that these guys are intentionally putting the "Copyright protection" spin on the system for monetary reasons. Everybody knows that the content industries are willing to cover in gold anybody who can give them the instruments the they need to keep and solidify their control of our lives. Since these guys are obviously not in it for altruistic reasons (software patent and all), I would guess this has to do with selective marketing at the most desperate and stupid customer.

    However, what the *AAs fail to see is that this is not a question of mathematics, but one of logic. I cannot listen to a song and not have access to the information - at least not until the install a chip in my brain. No new cipher is ever going to change that.

    As to Michael's comment, laws to try to ensure that technology doesn't infringe on fair use are just as ridiculous as laws that try to make sure that it does (aka DMCA). Are we going to start forcing people to decrypt information under certain conditions? Put laws on how software media players can be designed? Mandate that people reveal their code even if they don't want to? I don't care about the intentions, that is not a mandate I want to give the government.

    The fact is that the system proposed, like every other such systems, relies of closed hardware and software keeping you from having control of your own computer to work. And the vote against that is not something that we should do politically, it is something we should do capitalisticly. Listen to what Stallman has to say about why Free software is an issue of consumer freedom and democracy, and stop inviting corporate controlled judasware into your house.


    -
    We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
  • "Having tons of keys to encrypt mutliple parts of a piece of music is essentially indistinguishable from just using one really long key to encrypt the same material. Perhaps this helps skirt encryption export laws, but beyond that it really doesn't buy you significantly better protection. "

    Actually, it's worse than that. Consider a piece of music with the first half encrypted with a 40 bit key, and the second half with another 40 bit key. It's not the same as one 80 bit key, because each half can be decrypted separately. It's more like a 41 bit key.


    -Dave Turner.
  • Holding a microphone near the speaker wouldn't be an acceptable option as it would degrade the sound quality too much.
    No it wouldn't. Consider - amps are miked all the time, for PA systems or for recording.

    Yeah, it might not be great with my Shure SM57 and Labtec computer speakers, but someone will get high-quality speakers and microphones, and build a sound-insulating box around the whole thing, record it and bam! that "secure music" is now zooming around in MP3 format on the web. The speaker-to-microphone degradation would be lost in the degradation you get in MP3 compression.

    Anyway, its unlikely that truly "tamperproof" speaker enclosures could be make for the consumer market in a cost-effective manner, so all I have to do is break open the box and put my D/A converter probes in the speaker terminals; degradation there would be miniscule.

    Copy protection doesn't work. Never has, never will.

  • Ok, I'm not a cryptographer, but I do a lot of infrastructure work that relies on Kerberos. And I have somewhat come to this conclusion:

    Any security system which puts trust in a fundamentally untrusted client, is flawed.

    So...How would encrypting the stupid MP3 180 times, as opposed to 1 time, help prevent against the user just copying the MP3 to their friend? ("Hey, if we make our boat hull out of two foot thick lead it will never be punctured! We'll never sink! Yay!")
  • I heard of a plan of some sort that came out of one of the big media companies (Sony possibly) that involved all devices involved in an audio setup having to pass encrypted data streams - from source to speakers. There is no way to connect unencrypted devices, and there was a method given to disable devices that are found to give unencrypted output. There is only three ways to get an unencrypted output - by getting the encrypted stream and decrypting it, by getting a signal from the analog wires on the speaker that actually drives the cone, and by miking up the speaker.

    tangent - art and creation are a higher purpose
  • > [when it's cracked, the RIAA] can point to the DMCA and [nail the cracker to the wall]

    So? If you're smart, you crack it quietly, and rather than bragging 'bout how 3733+ you are, you just walk into an Internet cafe 500 miles from your home town, wearing a disguise, and then you upload it anonym00zely to Sealand or some other data haven. Then you go home and get wildly drunk and laugh like a maniac while RIAA tries to stuff the genie back in the bottle.

    > Cryptography kicks ass, but not when it's used to strip people's rights away.

    s/"but not..."//g.
    Cryptography kicks ass. End of sentence.

    Yes, I realize what you're getting at in the context of your original post, but with the encryption system being discussed, crypto isn't being used to strip us of our rights; our rights have already been stripped by DMCA.

    In such an environment (i.e., a cryptographically-weak system intended to be cracked in order to expose the cracker to DMCA charges), crypto is what you use to forcibly reclaim said rights after DMCA has stripped them.

    Or as I said earlier: "Cryptography kicks ass".

  • You only need one person to do the decryption and post it to whatever is the equivalent of Napster that week.
  • IANAC. But...

    This must be the absolute stupidest cryptographic idea I have ever, in my entire life, heard of. Seeing as how they're mathematicians at an Ivy League university and they've apparently actually presented a paper at a major cryptographic conference on this protocol, one would think that the people who came up with this would know more about crypto than I do. Just looking at how this works, though, I'm really not so sure...

    For those who don't know, the basic idea behind cryptography is that there are some mathematical functions that scale linearly in complexity when run forwards (i.e. multiplying large numbers, generating elliptic curves) but scale exponentially when run backwards (respectively, factoring very large numbers and finding integral algebras from a given elliptic curve). In other words, multiplying two 20-bit numbers together to generate a 40-bit key only takes twice as long as multiplying two 10-bit numbers together to generate a 20-bit key; but factoring the 40-bit key takes 2^20=1 million times longer. (This is an oversimplification both of how real cryptographic algorithms work and of how multiplication in a computer scales with complexity, but close enough.) The point is, a cryptographic cipher is only a cipher when it takes longer to undo it than it took to do it.

    If you've been following me so far, then you ought to be realizing why the idea of encrypting each second of music seperately is so blindingly dumb. If you encrypt each second of a 3 minute song with a different key, then you have a cipher which takes 180 times as long to crack and 180 times as long to decrypt properly; in other words, it takes just as long to do it as to undo it (as far as the each-second-independently thing goes; obviously there is also some real cryptography going on here, but these guys didn't invent that). By the most basic definition of cryptography--an imbalence in forwards complexity vs. backwards complexity--this is not cryptography.

    Another way to look at it is this: over the course of an entire 74 minute CD's-worth of music, this approach only makes the music 4440 times harder to crack. One might think this is about as good as adding 12 bits to the key length (2^12=4096), albeit at a much higher cost to decryption time than, well, just adding 12 bits to the key length. In fact, that's not even the case, because adding 12 bits to the key length not only means the calculations to crack it take about 4440 times as long, but that they require 4440 times as much memory; obviously that is not the case when all 4440 encryptions can be cracked seperately.

    But to get a real idea of how ass-backwards this scheme is, it helps to know a little about how real ciphers work. In any modern cipher, the work is split up into several smaller algorithms called rounds; this is done to keep down memory requirements, keep all the numbers involved small enough to fit in the registers of the machine doing the decryption (often commodity 8-bit chips), and keep cryptanalysis simpler so one can be reasonably sure a new attack won't surface after the cipher has gone into use. The reason the many-rounds approach is (theoretically) as secure as the discredited all-in-one-big-round approach is based on the assumption that the attacker has no way of knowing what the intermediate results of each round are.

    In fact, perhaps the most powerful type of attack on a cryptographic implementation, known as "side-channel attacks", happens when the attacker is somehow able to guess at some of this intermediate information. Luckily, this is usually quite difficult to do (although with some early smart cards all it took was an oscilliscope) and doesn't yield complete information. And that's why this new multiple key idea is so outrageously bad. It's essentially like doing all the work of a very powerful, many-rounds cipher (i.e. one "round" per second), but yielding up complete side-channel information for every round! This is like a very powerful cipher which has already done 99.9999% of the cracking for you!!

    In conclusion, this is just stupid, stupid, stupid, stupid, stupid.

    And furthermore, it's completely unnecessary. Even a 20 year-old, 56-bit cipher like DES is good enough to take a modern computer a good long while to brute-force; it took a special purpose machine plus a supercomputer almost a day to do it in the last DES challenge, and they got lucky. Plain old obsolete vanilla DES would be more than secure enough to make it worth anyone's while to pay a dollar or two for the song instead of cracking it. Or to get it via Napster/scour/iMesh/Gnutella/FTP/CuteMX/university LAN/Hotline/ripping a friend's CD/burning a friend's CD/AIM/ICQ...

    That is, I'd say the significance of this is approximately zero.

    Course, I could be wrong. Comments welcome if I am...
  • I don't see too much of a big deal with their algorithm. So, they can do a public-private key cryptosystem faster than other people.

    But, you never encrypt real data with RSA. It's slow and stupid. You use RSA to encrypt a session key and then encrypt the data with THAT key. If it's 100 times faster; that only means that it's 100x faster at something that already takes a fraction of a second (250ms on a P2-450). This is important for SSL or some other server which has to authenticate a large number of sessions. The average user won't need to authenticate more than a few sessions an hour.

    Being 100x faster might have uses as a smartcard, but I don't immediately see a place where that would actually improve security, compared to current offerings. (If someone steals your smartcard that contains your private keys, you're just as screwed as if it was a plain old credit card.)

    Also, RSA has withstood a 20 year test, unlike this new system. It has been standardized into almost every public cryptosystem alive, only the most pressing of reasons could force it out of that hegemony. Finally, RSA is about to leave patent production (3 months).

    Who would want to ignore the time-proven RSA to risk an almost brand new cryptosystem. As Bruce Schiener said: There's no money in selling cyphers anymore. (And that goes double as RSA is about to leave patent protection.)

    This company seems more interested in offering a product (music encryption) and selling it to management more than selling their cryptosystem. Why not just use standard techniques. Conceptually, they're just PGP'ing the music, why not do that literally?
  • We'll be in the same place we are now, very simple, just take audio out from your computer, use a double male line to the audio in port, and record onto mp3 or whatever replaces it, encryption scheme bypassed.

    I'm thinking about putting the Mona Lisa in my living room. Except instead of buying it, I'm going to make a photocopy of it and put the copy on my wall.

    Yes, as long as we can listen to music there will be no way to prevent it from being copied or heard by others. But that's hardly the same place we are now. I don't think you can claim to have bypassed the encryption scheme; you are taking an existing file and creating a new file (with a quality loss of factor X). This sort of copying scares the RIAA far less than MP3 filesharing. It's analogous to copying to analog tape in that there is (significant) quality loss. MP3s sound bad enough as it is without introducing such a large loss of quality.

    If the RIAA could implement the sort of encryption algorithm that is discussed, and be assured that the only copying done is by the method you described, they would do it in a second.
  • Of course we don't like this. The system is nothing more then a slightly glorified CSS. It still requires that the decrypting and playing/displaying be in a controlled environment following the agenda of somebody other then the user. You think you'll ever see an open source player for this? Think they are going to be happy when somebody reverse engineers it and makes a tool that write the raw data to disk rather then hardware?

    The idea of controlling information is just wrong. It doesn't matter how good the system is, by defenition it has to mean that you are infringing on the freedom of viewer and somehow controlling his actions. You may LIKE that, but I sure as hell don't.


    Ohhhh ok, so it's alright for our software to be protected from misuse under the GPL, but it's not alright for a musician to protect his or her music using technological means? Just because CSS was and is misused to control where you can view a DVD doesn't mean the technology itself is wrong. I don't think any of us should have a problem with someone who creates something being able to profit from it. I imagine we ALL object to the RIAA profitting from someone elses work though. And of course, if they hijack the tech and try to use it to further control the distribution of music they did not create then it will be a Bad Thing(tm), but if this becomes a tool for musicians to use to protect their work from misuse and allows them to distribute it without the interference of the RIAA then that will be a Good Thing(tm). So we shouldn't be bitching about an 'Evil Technology' we should be cheering for an excellent technology and then bitching if/when it is misused.

    Kintanon
  • Yeah, it's not as if Metallica is going to be around this time next year to bitch about their album being pirated.



    That seems to be the crux of the matter, the actualy good bands (Metallica WAS good at one point) are still around to bitch, while the crappy pop bands disappear. So I imagine 3 doors Down will still be around in 15 years to complain about their music being pirated. But their last 2 songs released on the radio (Kyrptonite and I'm a Loser) lasted about 4 months apiece in their top radio play spots. Now they are part of the regular music rotation. In another 12 months they won't be sought after songs, and 3 Doors Down will have made their money from those songs. So why not let them enter the public domain? Hopefully the band will have new songs out by then. And if people are able to get their old stuff and listen to it then people are more likely to buy the new stuff. See my point?

    Kintanon
  • CSS and systems like it (such as this digitial music system) are bad, especially because of the DMCA. That law means anyone can override all the fair use provisions of copyright law by simply writing an access control/encryption system that makes it even one bit harder than trivial to access or copy the data. If you write code to make an activity "hard" (i.e. not completely trivial), DMCA makes that activity illegal. Any programmer can be her/his own legislature. Write the code and outlaw the activity.

    You even admit it yourself, it's not the TECHNOLOGY that is wrong or evil, it's the legislation which allows it to be abused. We shouldn't be crusading against the Tech, but against the DMCA. Write your congressman, fight against the legislation so that the Tech can be used for good.

    Kintanon
  • Right. So why does Big Business keep insisting that every be encrypted? DVD copy protection, region encoding, all that other stuff, is cracked. Dreamcast's proprietary CD format - cracked. Any software copy protection scheme is defeated shortly after the software hits the store shelves. What major brain dysfunction is responsible for entire industries to devote millions of dollars in what you pointed out is a futile effort?

    Perhaps its the same reason we lock our doors - just to provide the "casual thief" a reasonable deterant. Joe Sixpack tries to copy some hot new song from his friend Ernie, it doesn't work, so he goes and buys it himself. Those of us with some technical knowledge know about the tools to get around such protection (or we create said tools if we have to, despite the possibility of arrest & harassment from the MPAA or RIAA). Some of us with a conscious refuse to use such tools, but then again such people would probably have spent the money for a legitimate copy anyway.

    Thoughts?
  • My SB Live! MP3+ has an option for recording called "What U Hear" that does this :)
  • "unrippable media"?? That's like saying "unbreakable plastic" or something. Give us an example of an unrippable media. Please.
  • I don't think so. At some point between the digital format on the computer and the sound that reaches your ear, some D/A conversion must take place, as a sound wave sure ain't digital.

    The conversion has to take place before the speaker, because the speaker itself is a purely analog item (it moves air back and forth!) At the least, we can hook our sound in to the leads of our speakers and we're all set. How can you get around that?
  • The real motivation for most artists in wanting to protect their work is not to prevent their fans from listening to it, but to prevent some dumbass from burning 2000 CDs of their music and selling them for 10$ apiece.

    Of course, if the music were available for downloading free, then said dumbass wouldn't be able to charge $10/CD for the music - because everyone would ignore him/her.

  • They're working toward having complete encryption from the time it hits your computer through to the output device. Expect speakers with an encryption key in the near future.

    The use restrictions a company wll then be able to put on its products will then be phenominal. Bose could sign a contract with Metallica making Bose the official speaker of Metallica. Try to play their music with any other speaker and you won't get anything. Or ABC could sign a deal with Toshiba restricting all ABC shows to Toshiba televisions only.

    Won't that be a wonderful future?

  • Exactly, it could just go the way of those CDs a month or so ago that couldn't be played on PCs for some reason.


  • More power to you. The Mona Lisa is in the public domain now. Feel free to make as many copies as you like and distribute them.. hell, sell 'em for a profit.


    The RIAA is caught in a stranglehold. One arm around the throat belongs to the software pirates. The other arm is the legacy hardware standards (dumb cd players) that every release of music must support. So long as Britney's next album has to be released on CD so it can sell a bazillion copies, a certain amount of revenue will be lost to piracy. For the frightening future described by michael to become a reality, it's not going to be a slow evolution. Someone at some point is going to have to say, "Our next album will only be released in XYZ encrypted, proprietary format that can only be played on one of six proprietary microsoft music devices." And the musician that makes this bold step is sure to make nowhere near the profit a standard CD release would have generated. Metallica seems pretty foolhardy. Maybe they should give it a whirl.



    Seth
  • How about a device that contains all the music ever created.

    There are about 2000 "oldies" that get airplay. If you compressed hard, you could all those on a single DVD. Now there's a product. It will probably be sold on late-night TV in a year or two.

  • what's to stop people from digging out their old microphones and recording the music the old-fashioned way?

    Digital subliminal watermarking. Put in something the user can't hear but that MP3 encoding preserves and that watermark decoders can pick out. If all copies are watermarked, any recording that appears on Gnutella or Napster is suspect.

  • Give us an example of an unrippable media.

    An SDMI encrypted bitstream going to digital SDMI speakers that blow a fuse if opened.

  • Coming soon: encrypted sound card protocol, and de-encryption chips with an encrypted input on one side, and analog output on the other. This can probably be patched onto existing DSP hw, and it will remain backward compatable with unencrypted raw data APIs. Then, the only way you can decrypt is to get inside the black caterpiller, or use an FPGA that emulates it or something. Still vulnerable, but no longer a casual hack. People who want to do this will have to agree on a protocol (difficult for the vendors to cooperate) and then they will have to push it in the market place and wait for it to achieve saturation level. They will start putting it on portable players first. Given consumer education and the level of coordination this will take, I give it about as much chance as DIVX, but you never know.

  • Does anyone have a problem with the musicians profiting from their work and using this to enforce how something they created is used? Not I.

    I don't have a problem with a musician making "fair" profit, but I am concerned at any encryption scheme that tries to limit my choices on how I want to listen and use the music I am using legally. Have you read the article?

    This system is designed to tailor music downloads to a particular computer or device. I'd have to buy separate music downloads for each device I woudl want to use. No thank you

    I'd rather pay for overpriced unencrypted cd's that I can physically control and with which I can convert to other media as I need it or even resell, then to ever buy a digital download that puts such limits on my fair use and my ability to sell the product again once I tire of it.

    Let's also think about how badly such an scheme limits society's ability to archive this material. US, and I imagine elsewhere, copyright laws have the stated purpose of encouraging people to release ideas and works so that eventually those works will enter the public domain. A one device/one use encryption method only hampers movement of this material into the public domain. Such encryption methods create a situation where music and ideas can be totally lost in time.

    If encrypted data systems become widely used then the works they encrypted should not be protected under copyright law. If the music producers can not entrust their work to be held safe under copyright law and instead hide their work away from the public behind these horribly restrictive encryption schemes, then their work does not deserve the special protection copyright law affords against piracy. If someone should be able to crack the encryption they should have no legal recourse to sue becuase they did not make the information public to begin with. Copyright laws are government granted limitied monopolies on thought and ideas to encourage people to make their work public. Encrypted data, is not public data, and therefore should not be protected by copyright.

  • it all depends on which slashdot author posts the story
  • This is simple.

    With exceptions, most of us do like the idea of encryped music. Obviously, it won't cause MP3 format to stop working, and it might be a step toward that elusive "way that an artist can distribute his music without being raped by either the RIAA or piracy".

    What we don't like is how easy this appears to be to circumvent. It seems that someone would only have to buy the song once, record the audio stream, and distribute it as a bootleg.

    Crypto is a useful security tool, but when it's nothing more than a hurdle and a formality, it's not a lot better than annoyware.
  • I'm sick and tired of hearing the same old "If artists don't get paid they won't make anymore art". How is it that we have had such great music from Mozart, Beethoven, Tchaikovsky... I don't think they lived the lives of superstars our contemporary "artists" enjoy.
    I hope this trend of millionaire "artists" dies away when they alienate all their fans from their music through their constant search for "better protection for their IP" instead of doing what they set out to do in the first place - create art!

    I'm gonna look real hard into the "alternative" henceforth... Heck, that's why I started using Linux (OpenBSD now too) in the first place. Perhaps the rule nowadays is that the alternative is better than the mainstream.
  • So you are saying that you can hear the difference between a 20 kHz square wave and a 20 kHz sine wave? That your ear can perceive the presence or absence of the odd-order harmonics (60 kHz, 100 kHz etc.) in the square wave?

    The human listerner is not that good at parsing what test tones should sound like, but I might have a chance, if the speakers are capable of producing the shapes at that frequency.

    A better experiment might be this: IIRC, the average American adult range of hearing only goes up to about 13-18 Khz, depending on the individual, their age, etc. (it should be higher, but American life is hard on the ears). Hook up a good orchestral recording to a quality stereo system (I suggest the Moscow Sessions from Scheffield Labs for this kind of test). Have 10 American adults who listen to a lot of orchestral music hear the album two ways, a few times with a cut-out filter taking out everything above 18Khz, and a few times without the filter. Scramble up the order in which they hear it either way (i.e., On, Off, On, On, On, Off, On, Off, Off...) so they can't start guessing which they were hearing.

    In most cases, you will find that most of the 10 people will correctly pick out the "filtered" sound most of the time.

    This is what I mean by a double-blind test, and it has been done. Successfully. (Sorry, but I don't have time to look up URLs of such reports, I'm posting from work and I am about to leave...)

    These kind of tests were the source of a lot of heated debate back when the CD industry was considering introducing a "silent spot" above the "range of human hearing" as a signal to switch off DAT tape recorders back in the early 90's.

    It's not the presence of the 20 Khz signal itself that you hear the loss of, but how the sound of other notes are perceived from the alterations to their harmonics. Even the sound of a trumpet or violin playing around 1 Khz sounds a little different if you drop the high frequency waves.

  • So don't buy anything that's use licensed. The good news is that you don't have to, yet. In the same way that the old DIVX died a painful death because people were too smart to fall for it, so also will any use-licensed content.

    We do need a new fair-use law, though. The attempted destruction of fair use by IP (the bad kind) lawyers is highly inappropriate and needs to stop, now.

    sulli

  • 15 years ago (+/-), CD's were comming to record store shelves, and hard drives were under 50 MB.

    15 years from now, your 50 000 Gig HD will be capable of storing 95 years of continuous audio playing. How about a device that contains all the music ever created.

    Add a 100bps satilite connection for updating, and everything and everything will be available to hear as if it was already in your head. (Interface to implant optional)

    Check the 2015 Summer Sony catalog, starting at $299...
    or $499 without the banner ads...

  • ...a successful crypto-system to prevent all non-permitted use of materials will be developed, complete with tamper-proof hardware in your PC, and then where will we be?

    I, for one, have a celeron set aside as an mp3 server. I won't be upgrading it to 'tamper proof hardware' any time soon. No-one is going to take away my ripping/playing/downloading software. nor will I ever lose the gigs of mp3's and store-bought CD's I already have.

    It will be five to ten years before they can realistically stop selling music in CD format, and I already have the equipment to deal with that.

    Unless they start visiting door to door and collecting the gear that offends, and enforcing compliance like they do with your car or gun, I don't see an issue here at all. I already have most of the music I am ever going to need, classical and jazz that's even legit, backups of my CD collection, stuff collected off napster, etc.

    If the record cos. start distributing this encrypted stuff, and abandon CD's and DVD's altogether, I still have a line in jack from my stereo. I can convert anything audible to mp3 the old fashioned way.

    Not that this scheme won't be cracked, hacked and otherwise beaten to death the moment it hits the ether...

    :)Fudboy
  • No, there's no other reason. We want to get what we want free of charge. Why? Cause we're cheap and selfish, and extreemely greedy. And we're proud of it!
  • They're working toward having complete encryption from the time it hits your computer through to the output device. Expect speakers with an encryption key in the near future.

    Well, you could always unscrew the cover on the speaker and record the outputs to the cone...
  • The idea that a single generation will have a noticable affect on the quality of a recording is laughable. We are talking about a single d-to-a conversion and another a-to-d conversion. On even mediocre equipment you would have to have some golden ears to be able to hear the difference. Once it is in a non encrypted format, it is digital generations from then on. If you are willing to put up with 128k MP3's, and most people are, you certainly aren't going to care about a single generation copy.
  • Obviously I don't think this scheme will work (see comment 2 above) but I don't think the music would cost $20 anymore. for all intents and purposes there is zero Marginal cost for every song sold digitally, so each song would probably only cost a few to fifty cents to download for one device.
  • Well, there is only one encryption scheme that cannot be broken even with an infinite amount of time and power, and that is called a one time pad. Why dont we use it? Because it generates too much data to send to someone.

    Now, back in 1977 the RSA 129 scheme was said to take 40 quadrillion years to factor. Well, in 1994 they factored the number 1143816257578888676692357799761466120102182 9672124236256256184293570693524573389783059 7123563958705058989075147599290026879543541 into 34905295108476509491478496199038 98133417764638493387843990820577 times 32769132993266709549961988190834 461413177642967992942539798288533. It took them 8 months and 600 volunteer computers in a distributed computing project

    Now, if we wanted to break this new encryption scheme, and we were that *desperate* :) we already have programs such as Napster, which could be modified to be a Distributed Computing project and have literally millions of computers throwing in cycles, and it would be just a matter of time.

  • So? The point is not that one can copy digital media if one wants to, despite all the encryption available. The point is to make it as difficult as possible.
    This is no different than getting a good security system for your house. Without one, any burgler with a crowbar can get in and steal your stuff. Even with a security system, there's really still nothing to prevent someone from breaking in; it's just harder to be successful. Yet people still buy security systems, because they count on burglars choosing to do something less difficult with their time.
  • by debrain ( 29228 ) on Monday July 03, 2000 @09:21AM (#961459) Journal
    I agree with your argument. The trick now will be to see if individual musicians can afford to license the patented encryption by Mr. Hoffstein et al.

    I'm sure RIAA can afford to license this patented technology, and if it protects their assets, it will be. In fact, you can probably be assured that RIAA will go to great lengths to prevent others from using this technology (such as independent musicians distributing over the web) if, again, it threatens their assets.

  • by evilquaker ( 35963 ) on Monday July 03, 2000 @09:56AM (#961460)
    For those of you looking for more technical explanations, NTRU's website [ntru.com] has a detailed discussion of their algorithm. The algorithm was published at CRYPTO96, so while it hasn't been thoroughly tested yet (and the la st I heard [deja.com] is that there are some implementation problems), it has been out for a while, and looked at by the best (Shamir, Coppersmith). This is no TriStrata [slashdot.org].

    As for its use, most of you are forgetting that the average person is willing to pay for convenience. Sure, it's easy to intercept the signal at the soundcard, or record it off your speakers, but the average person isn't going to go to that trouble, provided that the price is reasonable ($20/mo for on-demand access to the majors' catalogs, e.g.).

  • by Hobbex ( 41473 ) on Monday July 03, 2000 @10:14AM (#961461)

    Of course we don't like this. The system is nothing more then a slightly glorified CSS. It still requires that the decrypting and playing/displaying be in a controlled environment following the agenda of somebody other then the user. You think you'll ever see an open source player for this? Think they are going to be happy when somebody reverse engineers it and makes a tool that write the raw data to disk rather then hardware?

    The idea of controlling information is just wrong. It doesn't matter how good the system is, by defenition it has to mean that you are infringing on the freedom of viewer and somehow controlling his actions. You may LIKE that, but I sure as hell don't.
    -
    We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
  • by xtal ( 49134 ) on Monday July 03, 2000 @09:38AM (#961462)

    It seems that the music industry is hell-bent on preventing people from ever listening to the music (in short, preventing them from consuming the product they produce!). The problem comes from the fact we all hear the same thing - audio pressure waves - and there's absolutely nothing (short of a digital-in jack in the back of everyone's head, yeah, ok, sure) that they can do about it.

    Encrypt it all you want. Put all the OS-specific protections on it you want. It doesn't change the fact that on your sound card, there's a DAC chip. Any electrical engineering student, given the specifications on the DAC being used come up with something to do a pretty good re-sampling at the chip, before filters are applied, and get a good copy out - or hell, just resample the audio out. As another poster indicated, doing this many times helps to isolate random noise that can be processed out, and mp3 is lossy, anyhow (another debate).

    What the music industry is deglecting is that they thing that the millions of consumers out there are willing to throw away a multi-hundred dollar investment in a CD player - which does a damn good job of playing back music as is, even crappy ones. This is what kills the music industry - in their greed, they've made the de facto standard for music a perfect unencrypted copy. Any attempt to change this will result in legislation out the wha-hoo, because for all the RIAA's lobbying dollars, they're SOL.

    Encryption is useless for an application like this because at some level, we all need to hear the same pressure waves.

    kudos

  • by Vhalros ( 54396 ) on Monday July 03, 2000 @09:08AM (#961463)
    They are just going to encrypte everything. You sound card will have hard ware encryption. It will only connect to special digital speakers. Upon connecting to these speakers, it will negotiate a special encrytion key with the speakers, and then only send encrypted music to the speakers. The same will be done for monitors and such, so that you can't FUCKING USE ANY OF YOUR STUFF!!!
  • I especially hate the bullshit about USE licensing. That's breaking up a product into multiple pieces. Frankly I expect to pay less if I'm not allowed full use.


    The real motivation for most artists in wanting to protect their work is not to prevent their fans from listening to it, but to prevent some dumbass from burning 2000 CDs of their music and selling them for 10$ apiece. That person is profitting from someone elses work. As a poet I wouldn't like it if someone took my work and sold it for a profit without even asking me. But I also don't think my work should be perpetually protected. I think 2 years is more than sufficient before any form of artwork becomes public domain.... Some would disagree with me I'm sure. But I think that is plenty of time for an artist to profit from their work. Heck, it's about 5 times what the average popular lifetime of a piece of music is nowadays. It's not as if N-Sync is going to be around this time next year to bitch about their album being pirated.

    Kintanon
  • by TheCarp ( 96830 ) <sjc AT carpanet DOT net> on Monday July 03, 2000 @09:14AM (#961465) Homepage
    The idea is interesting...even if it is fatally flawed, in ways that make it useless.

    Anything short of tamperproof hardware, with built in DAC and speaker outputs just can not stop the copying....and even then...with the right equipment...a pretty good copy could be made (do a few analog copies and combine them together to reduce random noise).

    If a program, in the Users system, EVER has a decryption key that the whole system rests on...then it is flawed...the user has the key (even if it means probing memory in real time to find it). Even barring that....if it ever goes digitally through something the user controls (like the sound card driver)...then the user can copy with no key.

    It would be nearly trivial to make a linux driver that looked just like /dev/audio but let me dump the digital input right into a file (or better yet...had an mp3 encoder on the other side of it encoding and dumping)

    What about for windows? I wouldn't imagine it would be too hard.

    I supose these guys are mathematicians. They have a hammer (math; encryption technology) and to them every problem looks like a nail. The problem is that encryption is an end to end thing. It can't protect you from the person that you are sending the data rightfully to.

    I mean if adam encrypts a letter to bob telling bob that he suspects his wife is having an affair but he wants to find out who it is with before he accuses her...all the encryption in the world wont help him if bob is the one who is sleeping with her.

    This problem is a technical impossibility to solve, if you want to allow people to use the data you give them on anything but custom hardware that you have control over. Its a completely backwards aproach.

    Take java...java is a trusted environemnt (avirtual machine) which knows how to check and "watch" untrusted code and stop it from doing bad things. This is the opposite...they have trusted data...and run it in an untrusted environment...yet make sure the environment (which is what is interpreting it in the first place) is not doing "bad things".
  • by Coq ( 204365 ) on Monday July 03, 2000 @09:03AM (#961466)
    If you can ever buy a CD, it seems to me that you could always use a ripping program not equipped with this encryption standard and rip some good ol' mp3s that you can trade freely with your freinds and loved ones.

    I don't think that the music industry wants to stop selling cds, either, especially considering that they still have a slight advantage over mp3 in quality and portability through ubiquity. And even if you could only get music in this encrypted format, eventually they gotta release a player of some sort that will have a digital out for high class speaker systems, so people could take that signal and convert it into a wav and then make it into an mp3.
  • Here, let's demonstrate why this sucks. Example:

    Some asshole once stated that "You're going to force us to make songs that can only be played on one walkman". How would they do this?

    You would go to their web site, you would plug in your walkman. Your walkman would send the web site it's public key. The web site will charge you $5.95 and encrypt the song with your walkman's public key and then let you download it. That song can now only be sent to your walkman, which decrypts it with it's private key moments before sending it to audial output systems.

    Now, most keen people will say "Uh, big deal, I'll just record the output". Uber-leet hackers will go "Cool, a challenge" and take apart the walkman and yank out the private key, or simply figure out the algorithm and determine how to best crack it. If possible.

    Now, here's the point. They know you'll crack their encryption. The entire point of encrypting it is so that they can point to the DMCA and say "Cracking cryptographic systems is illegal, and he did clearly this, using these steps." and the fun-loving hacker is carted off to prison and given a sentence that would make the sentence for rape seem like a slap on the wrist.

    Mr. Asshole of the MPAA simply argued that DeCSS breaks CSS. The DMCA says breaking cryptography is illegal, whether you distribute the protected work or not. In fact, you would think that it was deliberately easy to crack so that you DID crack it simply to get you into a larger legal mess.

    Cryptography kicks ass, but not when it's used to strip people's rights away.

  • I don't like doomsday articles, but this is something that is just the beginning of a path that leads to absolute control of everything we listen to and watch by companies which have no reason to answer to us. Most of the "workarounds" people have posted to this forum deal with re-digitizing the playback audio stream through a variety of means.

    What worries me, though, is technology that companies like IBM is developing where a digital watermark actually becomes part of the playback audio, reproduced by every component, including your soundcard and speakers, but which cannot be heard by human ears. IBM has developed such a system which is part of the EMMS system [ibm.com] (also known as madison), which they claim has passed what they call "golden ears" tests. These tests have people with exceptionally good hearing try to differentiate between recordings with the watermark and without. (I've been to IBM research and heard the files. I couldn't tell the difference, either, FWIW).

    The next step, of course, is to have the watermarks generated on the fly for each electronic transaction that purchases the music (how far away do you think we are from hardware that can do that in a second or two?), encoding your personal information or a transaction ID into the stream. Then, if you upload the music, they will be able to track down the source of the new digital copy of the music to you.

    That's pretty scary to me, at least, because we're back to that total control picture. I personally don't believe that artists should have total control of their works, let alone abitrary "copyright holders" like labels and publishing companies, because fair use is an important part of the knowledge chain.

    Imagine tuition bills for higher education once professors can't photocopy small excerpts to pass out in class, or you can't actually pick up a book from the Library, copy a few pages, and go home to write you papers. Or that to actually read the book *in the library*, someone has to pay.

    What happens to free libraries with perfect copyright control?

    I could go on, but I think I've made my point. Different pieces of the technology puzzle to enable full copyright control exists already. I think that all the pieces will be there soon. And that scares me.

  • by Silver A ( 13776 ) on Monday July 03, 2000 @09:57AM (#961469)
    The system talked about will be useful only to send out previews of unreleased music - once the CD hits the shelves, MP3s will become readily available, and unstoppable. For that matter, high bandwidth connections will soon become common enough to make practical downloading uncompressed CD audio - 1.2 Mbit/sec allows real-time transmission.

    Near the bottom of the article was mentioned a token that could be moved from device to device, but that would be customized for each user's devices, so it couldn't be loaned out. It also couldn't be used on any new hardware you buy without reprogramming, making it even less convenient than Circuit City's DivX. This is one idea for a consumer app that's going to sink without a trace.

    The cryptosystem may have a useful application, but preventing music trading isn't it. Maybe it would be good for high-bandwidth military applications.
  • by AtariDatacenter ( 31657 ) on Monday July 03, 2000 @10:03AM (#961470)
    I wish I could moderate you up. One way or another, the audio reaches a format that is accessable. (Say, someone could read a dolby digital output. Or they could pick an analog signal off of the wires to the speakers.)

    You mention signal degradation. Well, with audio cassettes, you get more loss with each generation copied. But if you (worst case) record an analog signal, your only loss is at the first recording. All subsequent copies are just as good.

    I'm not an audio nut, but this is fine with me. My imperfect human ears cannot distinguish the difference between an MP3 that was sourced from a digital CD, versus an MP3 that was sourced from an FM station or a digital sampling of the analog output of a stereo.
  • by Tackhead ( 54550 ) on Monday July 03, 2000 @09:24AM (#961471)
    > You[r] sound card will have hard ware encryption. It will only connect to special digital speakers

    The only way to stop people from using current technology in favor of a new one is to force them to throw out the old stuff. Yes, force. It's been what, 50 years, and there are still people using vacuum tubes, fer chrissake!

    And although our benighted Republic has spent much time of late wiping its arse with its Constitution, even I, in my most paranoid delusional fantasies, don't forsee RIAA and MPAA linking arms with DOJ and conducting house-to-house sweeps to smash and burn all "insecure" audio gear. Hell, DOJ can't do it for (some :) drugs and guns, what hope do they have in taking our stereos!

    And where's the justification? DiVX (the pay-per-view DVD, not the video compression codec!) died because the consumer realized it was a value-subtracted technology. Somehow "home tapers of music" don't quite rank up there with Eeeevul druggiez and militia whackos on the Scapegoat-Of-The-Day scale. RIAA and MPAA may think they're just as dangerous, but even the general public (who are dumb enough to swallow the War On Some Drugs and War On Some Guns) isn't that dumb. Nobody will buy copy-protected audio gear because it's demonstrably worse than what they already own!

    As of now, you can still buy 15-year-old PCs for $10 in surplus stores for peanuts. If every manufacturer stopped building unprotected AV gear today, there would not be a serious shortage of non-secured gear for at least 20-30 years.

    And even if there was, so what? Do you believe that there'll be no hardware platforms in 20 years on which open-source operating systems can run? Do you propose that there'll be no MP3, CDDA, or similar unprotected decoder software on the face of this earth, even though the hardware platforms of 20 years from now will be able to emulate today's P166-level boxen in their idle cycles?

    RIAA and MPAA can lead the consumer to their poisoned wells all day long, but the demise of DiVX proved they still can't make us drink.

  • I don't care about the RIAA, MPAA, etc. I don't like the idea that fair use is not being considered. Fair use is above any group and individual. But then I'm biased. Everything I work on will be preleased in XM or IT or MOD or some other tracker format. Then MP3s on miniCDs.

    Maybe out on vynil next. And then for backup purposes on CD.

    If I have stereos all through my house and back yard, I'd like to access my music from anywhere using a wireless palmtop running a Unix.

    All this protecting is going to annoy anyone who actually does something with music and that includes a lot of music buyers not just signed bands. This whole listen and shut up attitude bugs me.

    I especially hate the bullshit about USE licensing. That's breaking up a product into multiple pieces. Frankly I expect to pay less if I'm not allowed full use.
  • by X ( 1235 ) <x@xman.org> on Monday July 03, 2000 @09:12AM (#961473) Homepage Journal

    Reasons why this is not a big deal:

    • It's not the first time someone thought they'd come up with a new, ultra-fast encryption algorithm which proved to be completely useless once it was rigorously tested by the outside world.
    • Having tons of keys to encrypt mutliple parts of a piece of music is essentially indistinguishable from just using one really long key to encrypt the same material. Perhaps this helps skirt encryption export laws, but beyond that it really doesn't buy you significantly better protection.
    • It's quite likely there is a brute force attack that allows you to attack all keys simultaneously. Indeed, from the sounds of it you would think the individual key lengths would be quite short, making this approach much more viable.
    • I see nothing with this technique that provides protections for music after it's been decrypted, so I don't know why they are talking about applying it to music specifically. There must be something more that the article missed. Nonetheless, this doesn't prevent people from intercepting the playback signal and recording that. For that you'll need tamper-proof speakers.
    • Can you imagine the key-management insanity of generating and transmitting all these keys? I would imagine it would signficantly increase the total download size of whatever you were grabbing to the point where people would get annoyed. They say that this is based on PK-crypto, but I don't see how it'd would work (does someone publish 50,000 personal public keys or something? doesn't this crowd the keyspace?).
    • No link to a white paper. Not a good sign.
  • by dew ( 3680 ) <[gro.ylkeew] [ta] [divad]> on Monday July 03, 2000 @09:14AM (#961474) Homepage Journal
    The ultimate point is that crypto is useless in this application. Hackers won't try to break the keys, they'll just record the digital output, such as is trivial to do with a SoundBlaster Live! card - it's a handy and trivial way to break any cryptosystem, because no matter how you protect the music, you've ultimately got to send the raw data to sound card and that's pretty trivial to intercept.

    So the sum of this is that it's ultimately a futile endeavor, regardless of how they rotate keys or whatnot. The folks at Emusic are selling hundreds of times more music than anyone else and none of their stuff is encrypted -- did you know that half their board came from PGP: Pretty Good Privacy, the crypto folks? And that Gene, their CEO, is a longtime cypherpunk? So why is it, you should ask yourself, that some of the most knowledgeable crypto people in the world would start the only online music sales outfit to sell *unencrypted* dowloads?

    Maybe because they understand what crypto is really for.

    Crypto is for keeping secrets between parties that desire to keep that information a secret. If A wants to tell B something, he can use crypto to prevent some C from listening in that both A and B don't want hearing the information. But if B desires to share this information with other parties, there is fundamentally, long-term nothing that can be done to protect B from sharing it. Crypto is only useful at protecting information if all parties who know the secret want to keep it a secret.

    So ultimately, any attempt to protect publicly-published data (books, movies, music) with crypto is going to fail; it's fundamentally untenable.

    David E. Weekly [weekly.org]

  • by griffjon ( 14945 ) <`GriffJon' `at' `gmail.com'> on Monday July 03, 2000 @09:12AM (#961475) Homepage Journal
    Oh, fantastic. another unbreakable cryptosystem to secure digital music. yea. Not that I can't play it, and loop it back directly in with no loss of quality into another system. ooooh. who cares if it's encrypted??? If the consumer can listen to is, the consumer can record it. Simple. No technological controls will ever, ever prevent pirating.

    While this cryptosystem sounds really cool technologically (possibly very powerful encryption) a) the cryptographic element of security is never the one broken--if you have five trillion brass-plated locks on your steel, reinforced door, people break through the window, for look for the key in one of those stupid rocks by the side of the door. b) cryptography is great for security and privacy and integrity, but is helpless against willful copyright violation by a cryptographically-authenticated party (like, say, the consumer).

    And in any case, there is nothing to get consumers to move 100% to this system, as opposed to trading MP3s. even if bill gates includes DRM into windows, people will use Linux, or FreeBSD, or not throw their 'old' computers away and keep them for functionality sake to play mp3s and whatnot.

    in short, cool idea, useless for the purpose.
  • by Kintanon ( 65528 ) on Monday July 03, 2000 @08:58AM (#961476) Homepage Journal
    I thought slashdotters liked strong crypto and innovative crypto and anything else that could be used to keep the government out of your hair. Why are we getting our panties in a bunch that someone else might get to use crypto too?
    If, as we've stated many many times, the RIAA is obsolete then they will have no use for this technology because they won't have any music to encrypt. The musicians will all be using this to encrypt the songs they are selling off of their websites. Does anyone have a problem with the musicians profiting from their work and using this to enforce how something they created is used? Not I.

    Kintanon
  • Remember, denial always comes right before going kaputski. Remember the disney movies? The Humorous Sidekick always tells the bad guy: "Umm... what if they Exploit Badguy's One Huge Weakness?" The Generic Evil Bad Guy will then laugh and say: "Nonsense. They would never be able to... " At that point, he is obliterated.

    This can be extended as an analogy to the recording industry. First, they think "nobody will ever like this mp3 stuff". Then they pretend to ignore its spread. Once they realize that things are going to hell in the proverbial handbasket, they introduce their weak attempt at mimicking this.

    It's very simple. Any music released in this format will never be used. Period. As long as they still sell the CD, people will still get it in mp3 format. And if they only release it in a digital encrypted format, then nobody will buy it. No matter what, the recording industry is doomed.


  • by cybercuzco ( 100904 ) on Monday July 03, 2000 @08:59AM (#961478) Homepage Journal
    sooner or later a successful crypto-system to prevent all non-permitted use of materials will be developed, complete with tamper-proof hardware in your PC, and then where will we be?

    We'll be in the same place we are now, very simple, just take audio out from your computer, use a double male line to the audio in port, and record onto mp3 or whatever replaces it, encryption scheme bypassed. if you can _LISTEN_ to music, you can get around any and all encryption of it.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...