Intel Confirms HDCP Master Key Is Out

from the oops dept

We were among the many folks who wrote about the supposed leak of the HDCP master key this week, leading to an interesting discussion in the comments — including a comment from a big time DRM supporter (he’s even written a book about DRM) who scolded us for getting the whole story wrong, insisting that there was no such thing as a master key and that Hollywood never would have agreed to HDCP if there were such a thing. This struck me and some others as odd, as many of us have followed the discussions on HDCP, and I tended to believe Ed Felten’s explanation of how HDCP works, which indicated that there was, in fact, a master key. That was from a few years ago, but Felten also just posted another explanation about how HDCP works, and it still seems to involve a master key.

And, now, Intel is apparently confirming that the leak is, in fact, the master key. So, at this point, I’m going to have to assume that the DRM expert and the scolding were wrong, and that there is, in fact, a master key… and it’s been leaked. Good thing the FCC gave the MPAA the okay to break your TV and DVR to release movies that would be “protected” by HDCP, huh? As Michael Weinberg points out, the FCC has now broken a bunch of TVs for nothing:

Today, it looks like HDCP — the DRM that the MPAA insisted was required to allow them to securely distribute movies prior to DVD release — has been broken.  As a result, anyone who is motivated can make an exact digital copy of a “protected” high definition movie.  Since all it takes is one motivated individual to make that first copy, this DRM (like every type of DRM before it) now serves absolutely no purpose but to inconvenience legitimate customers.

In May, I wrote that “Studios are asking the public to trade the use of any analog inputs on their devices for more magic beans.”  The FCC accepted that trade.  At the time, it looked like those magic beans at least pretended to have some powers to slow down copying.  Today they have been revealed for what they really are — worthless.

Nice work, FCC.

Filed Under: , , ,
Companies: intel

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Intel Confirms HDCP Master Key Is Out”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Well, I guess it’s back to the drawing board for the DRM makers. They’ll have to roll out a “new” form of DRM that will effectively make the current hardware useless, while still providing no value to the consumer.

Maybe one day they will learn that every form of security, given enough time, WILL eventually be broken.

Kingster (profile) says:

Re: Re: Re:

This is true… However, my bet is that the next version will (like Steam) “require” internet connectivity. That way, when something like this occurs, you just replace the master key…

Oh. Wait. That’s how standard SSL works. Funny, that.

Then, that 4-second HDCP handshake will turn into 12 as all device certificates are validated at a central clearing house (I bet Verisign is frothing at the mouth for this).

Karl (profile) says:

Re: Re: Re: Re:

my bet is that the next version will (like Steam) “require” internet connectivity.

Interestingly enough, there are tons of cracked copies of Half-Life 2 out there, and you can play those without needing an internet connection (the single-player campaigns, anyway).

What won’t those cracked copies do? Automatically install “updates” that break the game itself (happened with Episode 2 last year), or legal and encouraged third-party mods (like what happened last month, and hasn’t been fixed yet).

I love Half-Life, and I don’t even mind Valve that much, but this sort of behavior is just unacceptable. Hell, I’ve got a legit copy, and I’m thinking of finding a crack somewhere just so I can play those broken mods.

Kingster (profile) says:

Re: Re: Re:2 Re:

@Chris: Well there’s more to it. There’s really 3 parties there in SSL: the browser (also, an attacker), the CA, and certificate holder. Everyone has to validate each other, and not a single one REALLY knows who each other is at the time that SSL is creating the secured connection. The same holds true with DRM, really. Splitting hairs though.

@Karl: The single player campaigns suck. The real fun begins when you get on line and play other humans. But yes, you’re right. You can play cracked copies without an internet connection – but you’re missing 80% (IMO) of the game…

Jim (user link) says:

It's all about control anyway...

DRM + DMCA = Hollywood Has Control

Cracked DRM + DMCA = Hollywood Still Has Control

With end-to-end DRM, Hollywood decides what devices, networks and software can legally play their content. That gives them leverage over companies like Samsung and Comcast, which is probably fine with them since the entrenched players all have a vested interest in preventing any disruptive new players from emerging.

Without some sort of illegal hack (that most people won’t do), I still won’t be able to record these first run movies on my Tivo. That is, of course, unless Hollywood lets Tivo decrypt the stream, which means Hollywood will dictate to Tivo (and me) how long I can keep it and how many times I can watch it. Many shows I record today can no longer be copied off of my Tivo since the shows remain “protected.” It doesn’t matter that Tivo could use a master key to capture a decrypted copy. Tivo would be in violation of anti-circumvention laws if they did. So would any start-up. It’s difficult for a start-up to get funded when it’s almost a sure thing that they’ll be on the loosing end of a lawsuit.

DRM is all about controlling other people’s legal business models.

(Sorry about being a broken record on this point, but I think it’s very important.)

Anonymous Coward says:

Re: It's all about control anyway...

I was wondering when someone would bring up that point.


– Arduino can do it and I bet many people are already posting the instructions on how to build a HDMI compliant device that only needs to have the software flashed into it to replace the old HDMI that didn’t had HDCP in it.

– Hardware can be emulated in software, how long until some virtual machine gets and addon that makes it capable of copying anything.

Those things are not that hard, it inhibits companies from exploiting this not highly motivated people with the knowledge necessary to accomplish the task and when they do all will take advantage of that.

Karl (profile) says:

Re: It's all about control anyway...

DRM is all about controlling other people’s legal business models.

Yes, I think you hit the nail on the head right there. Content industries don’t actually think DRM will prevent “piracy” (i.e. non-commercial, individual infringement).

They invest time, money, and lobbying pressure so that the content industries can legally force other businesses to accept their business model. Or if not, then at least pay the content industries boat-loads of cash.

If their legitimate customers are inconvenienced, who cares? Their most lucrative “customers” are not the end users, they’re the ISP’s, the hardware vendors, and the media startups.

Those media startups will usually fail, because they can’t afford the blackmail-level rates demanded by the content industry. But if they do, again, who cares? The content industry still gets their money, without risking anything.

Stopping “piracy” isn’t the point. The point is controlling other businesses in their market.

Anonymous Coward says:

Want a perfect copy of that movie or song?

Just hit “record” it works for me. DRM or not.

BTW the best explanation ever.

DRM in any form is Evil and
Comment by Anonymous on September 17th, 2010 at 1:56 am.

What the content providers are yet to realise is this…. End users are not HDCP compliant.

Quote source:

Simon says:


This probably won’t have much impact with regards to the pirating of HD content – BluRay has been hacked for a long time and provides convenient access to the compressed content. If you tap into the HDMI stream, you are going to have to process the uncompressed video stream and compress it again before it’s usable (for most people).

What it might do is allow cheaper hardware dongles that strip out the HDCP and ‘fix’ the devices that have problems with the HDCP handshaking. It may also allow more innovative HDMI distribution devices such as running multiple screens from one HDMI output.

CDWatters (profile) says:

Re: Impact

However it would allow some enterprising person to make a HDCP intercept device which would allow a person to DVR supposedly protected content, by grabbing the HDCP stream. So comcast (among others) could not stop you from recording live HD content (or pre-media release PPV content) by setting the “do not record” bit.

Or it might make a nifty media converter so I could use my older, non HDCP HDTV (they do exist) with new content.

Kingster (profile) says:

Waldrop at the linked CNet article:
“We believe that this technology will remain effective,” he said. “There’s a large install base of licensed devices including several hundred licensees that will continue to use it and in any case, were a (circumvention) device to appear that attempts to take advantage of this particular hack there are legal remedies, particularly under the DMCA (Digital Millennium Copyright Act).”
Allow me to paraphrase: “Yeah. We’ve sold a lot of shit, so we have to say it’s gonna stay viable, and if some joker thinks he’s gonna screw us, we’ll sue his ass into oblivion!”

Hey Tom? Welcome to the new Internet. It’s the place where things like the Streisand effect happen. You know, where you try to crush some small guy with a lawsuit, and DMCA, and other crap… And the rest of the world knows more about what you’re trying to crush than you do. DVD Jon ring a bell?

out_of_the_blue says:

Okay, so on to the *next* increment of DRM!

That was my point in previous article that some seem to have missed. Perhaps I should have put “effectively” in somewhere.

Also, some seem to think that they’ll always have access to open computers, but see, THIS LEAK justifies the next level of hardware control. It’s not even my original idea that it’s an intentional leak for that purpose (I forget where I read it, maybe even here). I’m more concerned with where society is headed than where it is, because the trend is clear.

nasch (profile) says:

Re: Okay, so on to the *next* increment of DRM!

I’m not worried about a law mandating Trusted Computing or the equivalent. But I can (maybe) see all the major computer companies doing it voluntarily under pressure from the entertainment industry. Open computers I’m sure will still be around, but they could become expensive and hard to find. Perhaps DIY only. Not a pretty picture.

The thing is, with so very many companies using Linux, which presumably would not play nicely with trusted computing, could such an initiative really go anywhere? Interesting topic. I heard a lot about trusted computing a few years ago, and nothing since; I hope it’s died.

Bengie says:

The cake is a lie

You can’t have your cake and eat it to

You can’t block your customers from viewing content and let them view the content to.

If you want to keep someone from copying data, they must not have access to that data. This is on conflict with the idea of distributing data.

Now, if they really wanted to keep the customer from copying data, they would’ve put it under AES256 and inside a secure vault that is guarded, but I hardly see how that would make them money.

Mosaic user says:

Losing my understanding of why it's there

I don’t see the point anymore. I can almost see it as a pre-consumer release security tool, but why put DRM on things you want to become widely used and desired? HD is finally a recognizable step up from standard definition, and the price point is becoming reasonable. For myself, I boughht a HD plasma on sale to replace a dying TV. I find I like HD. Now I need a new projector, so I start shopping for an HD projector,simply because I am used to seeing an HD picture. What point does DRM serve except to slow down adoption of a new technology? You don’t make money selling DRM to consumers, you make money selling films, and screens and projectors and sound equipment. Cadillacs and BMW’s don’t need drm, why does a television? Everyone has automobiles, only some have KIA’s and some have Lincolns. The difference is money, not the system to start the car. Why would you want to stop someone from buying your product? I seriously no longer understand this concept of excluding potential customers from wanting what you sell.

BruceLD says:


Blah. This encryption/DRM hasn’t stopped piracy in the slightest. The fact is it’s just yet another way that a corporation brainwashes other corporations in to this “win-win” technology only so they can make money licensing it out. In addition thanks to the DMCA, the lawyers are making a fortune off of it.

They knew it wouldn’t change a thing, but corporations gladly paid out licensing fees for the technology. The only winners are…the company the sells the licenses and the lawyers that sue for the DMCA/DRM breach. The other corporations and all customers lose.

Tim Dickinson (profile) says:

Surely just simple DRM makes more sense now?

Surely the best DRM going forward in a purely pragmatic sense for all involved will be something very basic along the lines of CSS.

As we see time and time again, every DRM scheme that appears is pretty quickly rooted and this is not only embarrassing to the entertainment industry but also makes each attempt a massive loss making exercise and completely pointless. The pirates are always going to find a way to circumvent the DRM, and the movies/music/whatever will be shared.

The only benefit that the entertainment industry gets out of DRM schemes then is preventing the common man (non-techie and non-pirate) from just making copies of his movies and sharing them with his friends. They want to avoid the situation in music we have had for the past decade where even you Mum or Dad could and might easily share a burned copy of a recent album purchase with friends.

To prevent this “common-level” copying of discs, they could just as easily use a simple DRM like CSS, but use the legal protections to make sure no mainstream hardware or software manufacturer offered anything that circumvented that copy protection. Yes anybody can find some DVD-ripping utility online now to copy DVDs, but because the feature is not built into iTunes/MediaPlayer/Nero/etc they don’t.

Just making use of the legal protections like this will save them a fortune in implementing increasingly complex but equally useless DRM, and having to deal with all the associated problems that arise.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...