TSC Trusted Advisors’ Blog

I’m thinking of a large hexadecimal number starting with “09″…

I guess there’s some DVD technology that has a master key which someone cracked. And they sent the lawyers to suppress this. While they’re trying vainly to suppress this, some questions come to mind. Questions a business manager, a technology manager, or in fact anyone with a little bit of high tech sense might be asking…

• Why did these people deploy something with one fixed key?
• How did they manage to do it in such a way the key could become compromised?
• How’s that help anyone?

It seems to me that the consumers loose, the intellectual property holders were certainly not well defended, the companies involved look silly, and they law firm probably has caused the number of google hits on “disbar lawyer cease and desist” to skyrocket.

Using crypto in a product package is perfectly reasonable. But like any other sophisticated technology you should make sure you understand how it works, how it might fail, what you might have to do if it fails, etc. It would appear from first glance that the people involved in creating this stuff didn’t do things perfectly. And it’s not like their bosses have any right to say things like “nobody would attack us - you don’t need to do a security analysis on this”. This IS the DVD world, after all. That space has had intellectual property compromise issues present since before the format was invented.

I guess that while everyone else is lining up for tickets to watch the lawyers try to attack the hackers, I’d like to line up to ask embarassing questions of the businesses behind the lawyers. If they need to hire lawyers to defend their (apparently deficient) use of cryptography it sounds to me like they’ve got some significant proces failures.