dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
277

texans20
Premium Member
join:2002-09-28
Texas!

texans20

Premium Member

I Don't understand encryption

I have no idea how it works, zero. However I've seen crackers go in a defeat encryption on DVDs, HD DVDs, Blue-Ray, WiFi, etc. It seems to me encryption is pointless and if anyone wanted to access your info, be it the FBI,NSA,China, or a private person they can. SSL, TrueCrypt, etc are all crackable.

Someone help me out here, I'm not being sarcastic when I say I don't know. What's the difference between breaking the encryption on a DVD vs breaking the encryption used on packets via SSL or even an encrypted drive using TrueCrypt.
phantom6294
join:2002-02-27
Abingdon, MD

3 recommendations

phantom6294

Member

The easiest way to think of encryption is to think of it as a math equation.

Take y=x*2.

In this example:
- x is the information we want to encrypt,
- y is the encrypted information
- *2 'encryption algorithm.'

So, if I needed to send you the number 5 --> y=5*2 --> y=10. Obviously, to decrypt the message, you simply use the equation x=y/2 --> x=10/2 --> x=5.

In this example, if the hacker doesn't know the encryption method, we are safe. However, once he figures out we are simply multiplying by two, the hacker has cracked our encryption scheme. As such, the hacker would be attacking the encryption scheme. Needless to say, this method of encryption isn't very secure. So, we can make it slightly harder by changing the encryption equation to:

y=x*c
- x is the information we want to encrypt
- y is the encrypted information
- multiplication is the encryption algorithm
- c is the password (or key)

This method is more robust because we can change the value of c each time we send information. Obviously, we have to agree upon what c will be before hand. In this example, the hacker can figure out our encryption scheme (multiplication) but that knowledge is useless to him if he doesn't know what c is. However, depending on how large a number c is, it may not take long for the hacker to simply correctly guess what c is. In this case, the hacker would be attacking the encryption key.

In the real world, the encryption algorithms are more complex and the keys (passwords) are also much more complex, but the basic principle should hold true. Most encryption algorithms are open so that anyone can critique them and ensure there isn't a fundamental flaw in the algorithm. A flawed encryption algorithm would be one where simply having the knowledge of the algorithm would allow the hacker to crack the information.

Since most encryption algorithms in use today are very robust, hackers attack the keys (passwords) that are used to encrypt the information. As I understand it, this is what happened in this news story. The keys used to encrypt the content on the HD-DVDs and Blueray Discs has been discovered, which should allow anyone to decrypt the information.

Hope this helps.
fenix_jn
join:2006-12-28
Miami, FL

fenix_jn

Member

It does
Kearnstd
Space Elf
Premium Member
join:2002-01-22
Mullica Hill, NJ

Kearnstd to texans20

Premium Member

to texans20
Encryption is weak in media formats because the player has to decode in real time, now a computer file that you dont want someone to see can use much stronger keys and scrambling because it doesnt have to work in real time as the viewer can wait for that word file to be unencrypted. but you wouldnt want a movie to miss a beat because a cheap HD-DVD player had a crappy processor.

Fluker
join:2005-04-07
West Lafayette, IN

Fluker to texans20

Member

to texans20
The difference is that the key for decryption is not hidden in the media in the case of SSL and truecrypt. With SSL, the server basically says "scramble everything with this key" and the only other key that will un-encode the message never leaves the servers possession. This makes SSL very secure because by the time the key can be discovered, the session is likely to be over.

Media distributors on the other hand have a problem. They need to ship their content and the key that unwraps the data together. So what they basically do is encrypt the disc key for the movie and then only pass out the key to access the disc key to people they trust to bury it deeply within a player.

Before, when certain titles were able to be unlocked, this is because it was discovered where the key used to decrypt a particular disc could be found.

What we have now is the key that unwraps the key for us. It's no longer required to look into the guts of a player and grab what we need from there because we can do that ourselves.

Or at least thats what I believe I have read in all of this.