Re: Napster: thoughts and comments?

From: Michael S. Lorrey (retroman@turbont.net)
Date: Wed Jul 12 2000 - 13:09:20 MDT


Adrian Tymes wrote:
>
> "Michael S. Lorrey" wrote:
> > Lee Daniel Crocker wrote:
> > > And no digital format will ever be "secure" except on
> > > secure hardware, and even that is dubious.
> >
> > Actually, no. If the file is encrypted such that each successive play requires a
> > new key to decrypt, which must be downloaded from the recording company's
> > keyserver on a pay per play basis (i.e. no key can be used twice on the same
> > downloaded file), then you have a very secure file format.
>
> But not completely secure. Make a backup of the file (and any
> associated data, like hidden files or Windows registry keys) before you
> play it, download the key to another file, trick the player into
> "downloading" the key from the file rather than the company, then copy
> the backup over the original, and there's your crack. (If the key
> depends on the time as reported by the local computer, then trick the
> player into thinking it's always the same moment. If the key depends on
> the time as reported by the company's server, that can be specified as
> part of the served key; it's no problem if the local computer and the
> company's server have way out of sync clocks).

Tricking the player is the thing. Since your format is proprietary, only
approved players will be able to interpret your format, which can keep encrypted
records of each key used, time stamp from the server, time stamp from the
playing machine, etc. The player will not allow a key to be used twice, and will
detect temporal anomalies.

Reinstalling the player for every use MAY be possible to bypass it, but adding
that level of difficulty to the problem makes it not worth the users while to
cheat...which is all thats really needed.



This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 15:29:53 MST