Attacker mot DRM

 

Kryptogurun Nate Lawson gav en presentation (PDF) under konferensen RSA 2008 om hur du designar samt attackerar DRM system.

Nate jämför Blu-ray, AACS vs. BD+. Samt nämner lite om AACS MKBv7 som Slysoft tydligen knäckt:

AnyDVD (HD) 6.4.1.1 2008 04 10
– New (Blu-ray): Added support for AACS MKBv7!
(used on new titles to be released end of April)
– New (Blu-ray): Complete region lock removal from Blu-ray disc,
including discs which contain signed Java code!
– New (Blu-ray): Added dialog to ask for disc region on insertion.
– New (Blu-ray): Automatic option remembers previous region settings
per disc
– New (DVD): Support for protection on ”Reservation Road”, US
– New (DVD): Many improvements to AI scanner and AnyDVD ripper
– Fix (Blu-ray): BD+ removal did not work with some discs.

HMAC och WordPress

WordPress version 2.5.1 släpps till följd av att en kryptobugg i Cookie-hanteringen gör det möjligt beräkna den HMAC som används för säkerställa att rätt användare är inloggad:

The authentication mechanism assumes that an attacker cannot calculate the HMAC. However, this assumption is broken because the two inputs used to calculate the HMAC (username and expiration) are not clearly delineated.

Läs mer om buggen här:

Undrar du vad HMAC är? Förklaring enligt Wikipedia:

In cryptography, a keyed-Hash Message Authentication Code (HMAC or KHMAC), is a type of message authentication code (MAC) calculated using a specific algorithm involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any iterative cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA-1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, on the size and quality of the key and the size of the hash output length in bits.