SAN JOSE, Calif. Sitting on retail shelves today are perhaps hundreds of PCs that, unknown to their prospective buyers, may be unable to play high definition DVDs as advertised. At this moment PC makers are scrambling to put in place procedures to make sure they find and upgrade all those PCs before a user slips in their first HD disk and sees the screen go blank.
That is one of the little known fallouts from the unauthorized release on the Web in February of one of the keys that can be used to decrypt high def disks.
The release came to wide public attention this week when the organization responsible for HD disk security asked a number of well known Web sites to take down postings of the key. That led some free spirits to post the key even more broadly, including writing songs with the key as lyrics and images in YouTube music videos. Some are reportedly printing T-shirts brandishing the key.
The events throw into stark relief the darker side of an us-versus-them mentality that has grown up in the technology community and is a central battleground in the transition to digital media. On one side are people who distrust the corporate world, especially Hollywood studios, with their digital rights management techniques. On the other side are content owners who distrust the freewheeling Web, seeing it as the world's largest copying machine, ready to rip off movies and music they spent millions to create and promote.
The story began in February when some Web sites first posted what is known as a "processing key," an 128-bit string represented by a handful of numbers and digits. By itself an individual processing key is no major threat. It is just one of several keys needed as part of a cryptographic process to unlock content on an HD DVD or Blu-Ray HD disk.
Nevertheless, the public release of a key does compromise part of a system developed by the Advanced Access Content System (AACS), a consortium of content and systems companies that defined the security for HD disks. Once the key was in the clear, AACS started a process of revoking it.
AACS issues two kinds of keys. Unique keys are sent to hardware companies who might use them in an HD player. Each key is tied to a specific machine and protected in silicon memory. Common keys are issued to software players and can be used in every copy of a program of a given version.
These keys are used, through a cryptographic process using other keys printed on HD disks, to create processing keys that can help unlock the content on a disk. As it turns out, the key released on the Web was generated from a set of common keys issued to two software companies, CyberLink Corp. and InterVideo.
"It's not clear which companies' players this might have come from. Each player is issued a set of keys and the keys may overlap," said Michael Ayers, chairman of the AACS business group and an attorney for Toshiba America Information Systems.