[mythtv-users] cablecard

Stephen Boddy stephen.boddy at btinternet.com
Thu Apr 7 23:21:35 UTC 2005


On Thursday 07 April 2005 23:30, Brad Templeton wrote:
> On Thu, Apr 07, 2005 at 03:35:27PM -0400, David Wood wrote:
> > On Thu, 7 Apr 2005, Gabe Rubin wrote:
> > 
> > >As others have said, it is not just the money that is an issue.  They
> > >have no desire to issue a license to open source projects as this
> > >would compromise the very encryption (whether it would or not is
> > >debatable, but they certainly would believe it would).
> > >
> > >Even if $100,000 were a drop in the bucket (and I wish I was in that
> > >position), that is not the major stumbling block.  They WILL NOT issue
> > >a license to myth type projects.
> > 
> > There is this bizarre false sense of security with closed-source apps, as 
> > if there is any kind of chain of trust in the media center software 
> > stack...
> 
> As noted, one of the chains of trust they plan is, reportedly as
> follows.   Each individual user will be issued keys to give them
> access to the decrypted data.   If those keys are reverse engineered
> out, and make it out into the wild, they get put on a revocation list,
> which is broadcast by the TV stations on a regular basis.   Once
> received, the key no longer works.
> 
> So to make this work, you would need to buy a copy of MCE, for example,
> crack it to extract its keys, and use those keys in your copy of
> Myth or other such software on that particular cablecard equipment.
> 
> If they go further, and tie the key to your particular equipment,
> you would be unable to use them with others, though that is a fun
> logistic nightmare.    If not, you could share your keys with a
> limited number of trusted friends to be sure they never made it out
> into the wild.
> 
Sorry, perhaps I'm being dense here, but if you were not using a "trusted" 
platform, and had access to the keys and the algorithms for decryption with 
the keys, couldn't the software just ignore revocation list?

The thing with these algorithms is that they get documented and that often 
finds it's way into the ether. When GSM mobile networks were first released 
security was touted as a big seller. You couldn't be eavesdropped or cloned. 
Now it's no big deal to clone the identities with the right kit. Once the 
algorithms were understood, it wasn't a huge leap to break the encryption and 
eavesdrop or clone the SIM.
-- 
Steve Boddy


More information about the mythtv-users mailing list