[Livid-dev] CSS Status

Derek Fawcus derek@spider.com
Mon, 11 Oct 1999 19:27:45 +0100


Hi all,
  I wander off for the weekend and all hell breaks loose...

  Well some people have been wondering when I'll release the decryption
code,  and what happened with last Monday.

  Well it was a combination:
    - after I said I'd release it I was given an update to the code (the
      reason that DeCSS can rip more than dodsrip).
    - I wanted to tidy the code a bit - i.e. make it a bit more high level,
      with explanations of what was going on.  I didn't get around to that.
    - It was a busy week,  so I didn't do much on this during the week
      (except get swamped in email).
    - I was away visiting relatives from Thursday 'til today (I occasionally
      do have a real life).

  So my plan at the moment is to try again.  I'm going to go through the
algorithm and see if I can generate the higher level description,  comments,
etc.   This is once again provisionally scheduled for a weeks time.
  Something that may be of interest to people in the states is that
I've had an offer of help to produce a specification of the algorithm - from
which a third party could produce an implementation.   i.e. proper clean
room approach.  This doesn't really matter from my point of view (or in
my opinion most Europeans) but may be of use to the Yanks.

  In terms of what was happening with DeCSS:  Well Jon was giving out the
facts.

  The sequence of events was that someone supplied me with the decryption
code a few weeks ago,  and after about another couple of weeks I got around
to trying it,  then mentioned it on this list (together with my intention
to relase the info).  I was given this code,  with no strings attached.  It 
later transpired that it actually came from one of the people involved in
DeCSS being produced.

  Someone else then supplied me with the source to DeCSS,  since it had
accidentally escaped,  and while reading through it I found my code.  The
only reason I posted my comment was that my name wasn't mentioned in the
source file.  (I couldn't care less about the algorithm - simply that my
expression of it was uncredited).  That caused the author of DeCSS to
contact me and after a discussion,  I gave him permission to use my code 
without worrying about the GPL - i.e. different licence conditions.

  So while this was all going on,  others have acuired the decryption
algorithm - I know of around around 5 others who have it.  All are quite
capable of releasing the same info to the public - so far none have (that
I know of).  I suspect that some of this is simply caution.  Anyway those
people that I know of are interested in players,  and since there isn't
yet a Linux one...  Now one _can_ simply view the streamed data,  but
thats not what one ultimatly wants.

  As part of this,  at least 2 people have brute forced the DVD encrption
algorithm to allow the keys to be extracted.  You'd have seen one posting
to the list.  This all falls quite simply out of having the algorithm
and a little bit of knowledge.  This development is potentially more
serious in terms of it's implications fro DVD.   It may not have any
effect - I don't know.  We'll find out when the info is released.

  Now I'll speak to these people and find out just what they intend to
do - but I rather suspect that that once I release the algorithm, the
brute force code and keys will follow quite rapidly.  The authors should
contact me if they wish me to put them in touch with each other so they
can coordinate efforts.

DF
-- 
Derek Fawcus                                                    derek@spider.com
Spider Software Ltd.                                        +44 (0) 131 475 7034