Another DRM plan bites the dust: HDCP key leaked

How many metaphorical bloody noses will it take before the movie and music industries realize that DRM is a waste of their time -- and ours? As if we needed more evidence, now the HDCP Master Key has been cracked (or so we're told). Does that mean you can bypass HDCP now? Does it even matter? If not, why not? Answers aplenty in today's The Long View...

HDCP, or High-bandwidth Digital Content Protection, has always been a thorn in the side of many legitimate consumers. I'm by no means condoning willful copyright violation -- like many other DRM schemes, HDCP is barely a speed-bump to those who seek to flout copyright law, but it adds complexity and weird failure modes to legitimate use of consumer AV gear. As Richard Lawler breathlessly reported earlier:

All devices that support HDCP, like Blu-ray players ... and displays with HDMI inputs, have their own set of keys to encrypt and decrypt protected data. Posts have been floating around on Twitter about a supposed "master key" which renders that protection unusable.
If this information is what it claims to be, then the DRM genie could be permanently out of the bag.

The breaking of HDCP -- if indeed that's what we're looking at -- promises less hassle for legitimate consumers who experience handshaking glitches with devices connected over HDMI and other protected connections.

However, it turns out that HDCP has already quietly been broken. Or perhaps eroded would be a better way of putting it. One of the tenets of HDCP was that devices that didn't obey the rules could be disabled by key revokation, because each manufacturer received their own key (or keys).

This was an interesting idea, in theory. However, in practice, many manufacturers build their HDCP implementations with off-the shelf HDCP silicon. This means that many consumer AV devices from different manufacturers actually share the same key. So if the powers that be discovered a device that was 'aiding pirates' and it was using an off-the-shelf chip, revoking its keys would cause countless other devices to fail.

The practical upshot is that the HDCP owners dare not revoke keys, for fear of a consumer revolt, and/or class-action lawsuits. So for a while now, it's effectively been open season for underground manufacturers to produce HDCP stripper devices. That is, boxes to defeat the content-protection handshaking. These can be very handy for allowing legitimate consumers to fix device incompatibilities.

And, as for 'pirates', the futility of DRM is clearly shown by the timeliness and quality of the Blu-ray rips available in BitTorrent and USENET.

All in all, the Master Key break is an interesting academic exercise. Nothing more.

What do you think? Leave a comment below...

Richi Jennings, blogger at large
  Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email:

You can also read Richi's full profile and disclosure of his industry affiliations.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon