Talk:Content Scramble System

This is the talk page for discussing improvements to the Content Scramble System article. This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Learn to edit; get help. Assume good faith Be polite and avoid personal attacks Be welcoming to newcomers Seek dispute resolution if needed Article policies Neutral point of view No original research Verifiability

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Cryptography: Computer science Mid‑importance This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Mid This article has been rated as Mid-importance on the importance scale. This article is supported by WikiProject Computer science (assessed as Mid-importance).

Untitled

Latest comment: 17 years ago4 comments4 people in discussion

So... what's the point of using CSS? :-) --Ihope127 16:28, 26 August 2005 (UTC)Reply

Control. You can't sell a DVD player unless you pay $25 for a license from the DVD CCA. And they won't sell you a license unless you configure the software on the DVD player a certain way (honor DVD region codes and User Operation Prohibitions on certain DVD chapters). --Pmsyyz 20:47, 26 August 2005 (UTC)Reply

Also, the average Joe doesn't go looking on the internet for a program to de-css a disk, so that he can copy it. For most it's too much work, too involved, or they are afraid of the MPAA, if anything this article needs a section on fair-use and backing up your disks

CuBiXcRaYfIsH 03:00, 29 December 2005 (UTC)Reply

Actually I would also pretty much be interested in the reason behind CSS. As I read in Lawrence Lessig: The Future of Ideas, css does not intended to stop the copying of DVDs. It zas just a way to make it more difficult to play them. It would be got to elaborate more on this topic, but I don't feel myself a laz expert.Viktor.nagy 14:09, 24 October 2006 (UTC)Reply

Incorrect Title

Latest comment: 17 years ago2 comments2 people in discussion

Shouldn't this article be titled "Content Scrambling System"? "Scramble" doesn't make sense, grammatically or historically. algocu 19:09, 2 April 2007 (UTC)

It is known, officially, as the Content Scramble System. It is not an incorrect title. Just because it doesn't make sense to you does not mean that it is wrong. System names tend to be like that - only making sense to their designers. --Jmccormac 05:35, 3 April 2007 (UTC)Reply

http://www.dvdcca.org/css/ -- intgr 08:19, 3 April 2007 (UTC)Reply

"Ironically"??

Latest comment: 16 years ago2 comments2 people in discussion

...which could be brute-forced by a 450Mhz processor in less than a minute[1]. Ironically, a 450MHz processor was stated...

I'm sure the statistic on brute force used a 450MHz processor because it was the industry-stated minimum, in which case, there's no irony here. This part should be rewritten. Dansiman (talk|Contribs) 16:32, 20 December 2007 (UTC)Reply

The irony lies not in the fact that a 450MHz processor can crack CSS, since arguably any processor can do that, given enough time, but in the fact that it can do it in a timescale so short that it is essentially no more difficult than just playing a DVD normally. Maybe irony is the wrong word, but there is definitely something fittingly perverse about an encryption system so badly designed that it is “secure” only against people who have no reason to try to break it (by virtue of not having processors powerful enough to play DVDs smoothly). —Preceding unsigned comment added by 193.61.85.126 (talk) 17:09, 10 January 2008 (UTC)Reply

Isn't the effective key length only 16bits?

Latest comment: 8 years ago6 comments4 people in discussion

"In addition, structural flaws in the algorithm reduced the effective key length to only around 25 bits, which could be brute-forced by a 450Mhz processor in less than a minute"

IIRC, the 40 bit key is split into two sections, one 16 bits and the other 24 bits which are then used to seed a 17-bit and a 25-bit LFSR (Linear Feedback Shift register) respectively. These are then combined in a trivial manner.

Surely an attack thus only needs to try all the 2^16 combinations of the first LFSR and, along with a known/guessed plain-cipher text pair, it can directly compute the other 24 bits of the key.

Simon Fenney (talk) 11:41, 15 January 2008 (UTC)Reply

The important question here is: are there any sources documenting this? Otherwise it would be original research. -- intgr [talk] 22:26, 15 January 2008 (UTC)Reply

A quick search turned up this [2] which seems to confirm what I thought, i.e. "This streamcipher is very weak, a trivial 2^16 attack is possible"

Simon Fenney (talk) 12:53, 24 January 2008 (UTC)Reply

There are different attacks to the CSS. If you have 5-6 bytes of known plain-cipher text the attack to the stream-cipher is 2^16 and can be accomplished even on a 450 MHz PC in a fraction of a second. It is quite difficult to know/guess plain text though, as this is compressed mpeg stream. On the other hand, if you have access to the sector that contains the encrypted disc key (which can only be read after a successful authenticating procedure) and do not have a player key, you can attack the disc key hash by a 2^25 brute-force attack (this takes less than a minute on a 450 MHz PC). Afterwards, you can do another 2^16 attack to get an arbitrary player key. This way all player keys (about 30) can be computed in less than a second. When the player keys are known (which they are) there is no need to do any attack at all. The disk key hash attack is described in chapter 4 of Frank Stevenson's article (see above), the known-plaintext attack is mentioned in chapter 2 and is also used to get the player keys after the disc key has been found. --132.230.166.181 (talk) 16:52, 23 April 2008 (UTC)Reply

As for "It is quite difficult to know/guess plain text though" I'm not sure I agree. IIRC, the first N-bytes (~128 bytes) of each 2k(?) sector are not encrypted and the changeover frequently seems to straddle the MPEG2 quantisation tables. These are extremely predictable so obtaining known cipher+plain text may be rather simple.Simon Fenney (talk) 12:45, 6 May 2008 (UTC)Reply

I know this is a rather old topic, anyways: It is correct that a correlation attack enables the recovery of the seed from a keystream at a complexity of 2¹⁶. But you have also to consider that CSS mangles the keystream with the plain-text to produce the cipher-text.

In case of title-keys, the mangling is one-to-one: the keystream can be recovered from plain- and cipher-text. Still, a plain-text prediction is required. Prediction based on the MPEG quantisation is almost always possible. Though you might need to examine a lot of packs. In rare cases it does fail! Furthermore, the manufacterer may decide not-to-encrypt vulnerable packs (since encryption is optional per pack). Then you'd need another approach.

In case of disc-key recovery (from the hash value) there is no keystream available. So the correlation attack won't work. Stevenson's exploit here has a complexity of 2²⁵ which may produce more than one key. So you have to sort out the genuine one.

In case of player-key recovery you can reverse the mangling to produce the keystream, sort of. Stevenson's exploit has a complexity of 2⁸. There are many false positives. So you need serval discs to sort out the genuine ones. Thereafter you can apply the correlation attack at a complexity of 2¹⁶. Helo2804 (talk) 13:52, 3 June 2015 (UTC)Reply

Removing from block cipher category while still keeping block size in infobox

Latest comment: 13 years ago1 comment1 person in discussion

Adding the block size to the infobox put this in the block cipher category. CSS is a strange cipher in that it encrypts sector-by-sector (2048 bytes each), that is it has a block size, but it is still a stream cipher in that one bit changed in the ciphertext changes one bit in the plaintext, that is, it is vulnerable to a bit-flipping attack. 174.111.239.203 (talk) 18:46, 30 March 2011 (UTC)Reply

Statement about 'Region 0' discs

Latest comment: 13 years ago2 comments2 people in discussion

The statement "however, most region 0 (all region) DVDs do not make use of it.", already marked citation needed, should be removed. There is no such thing as "Region 0"; it's a slang term at best and the proper term is "all region". Aside from there being no cite, the statement as written doesn't even attempt to explain why region coding would be related to the decision to use CSS. Occasionally commercial discs are all region due to licensing decisions, but that doesn't imply that CSS isn't used (even though of course that is also a possibility). If the statement is instead supposed to be an implication that certain categories of discs, such as homemade discs, or bootleg discs, which also happen to be "Region 0" (to use the incorrect term), don't use CSS, it should state that explicitly, rather than tie it to region coding. 216.243.36.196 (talk) 09:05, 1 May 2011 (UTC)Reply

I removed the offending sentence. Mfwitten (talk) 18:04, 2 May 2011 (UTC)Reply

Edit war between Mfwitten and Tyros1972

Latest comment: 8 years ago7 comments3 people in discussion

Apparently we've entered into an edit war, so until we've discussed the changes and come to a consensus, I'm going to revert the article to my last revision, which already incorporates some of the information that Tyros1972 has contributed. New changes are subject to consensus. Mfwitten (talk) 20:25, 1 September 2011 (UTC)Reply

Here is the existing discussion (taken from my talk page):

My edits are correct. What was there is false information regarding CSS. It is a sector level encryption, you cannot copy the files to a HDD. This is easy to test why don't you try it? CPPM is a file level encryption don't confuse the two.

I am an expert in optical media so for you to say my edits are irelevant and poorly written is a joke! Try doing some research before editing valid info asswipe! — Preceding unsigned comment added by Tyros1972 (talk • contribs) 18:05, 1 September 2011 (UTC)Reply

There is nothing being said about copying individual files; from the article before you changed it:

• CSS does not prevent the raw image of a DVD from being copied to a hard drive, but such a copy is unusable without the keys, which can only be retrieved with authentication.

It's talking about making an image of the entire disc. Notably:

• A disk image is usually created by creating a complete sector-by-sector copy of the source medium and thereby perfectly replicating the structure and contents of a storage device.

Mfwitten (talk) 19:30, 1 September 2011 (UTC)Reply

*you cannot* make an image file of a CSS disc why don't you try it? Image file OR copying to HDD is the same thing since you *cannot* do RAW on DVD.

Stop reverting the edits you obviously are not qualified for this. — Preceding unsigned comment added by Tyros1972 (talk • contribs) 19:38, 1 September 2011 (UTC)Reply

That's basically what the existing text already states:

• Disc keys are stored on the lead-in area of the disc, an area that a compliant drive is only supposed to read in a special way; CSS does not prevent the raw image of a DVD from being copied to other media, but such a copy is unusable without the keys, which can only be retrieved with authentication.

Mfwitten (talk) 20:25, 1 September 2011 (UTC)Reply

Perhaps it would be worthwhile to add something similar to the information provided by this VLC FAQ:

* Does VLC support DVDs from all regions?

This mostly depends on your DVD drive. Testing it is usually the quickest way to find out. The problem is that a lot of newer drives are RPC2 drives these days. Some of these drives don't allow raw access to the drive untill the drive firmware has done a regioncheck. VLC uses libdvdcss and it needs raw access to the DVD drive to crack the encryption key. So with those drives it is impossible to circumvent the region protection. (This goes for all software. You will need to flash your drives firmware, but sometimes there is no alternate firmware available for your drive). On other RPC2 drives that do allow raw access, it might take VLC a long time to crack the key. So just pop the disc in your drive and try it out, while you get a coffee. RPC1 drives should 'always' work regardless of the regioncode.

Mfwitten (talk) 20:37, 1 September 2011 (UTC)Reply

Well, this is also fairly old. Anyways: CSS employs three protection mechanisms. Besides the well known encryption of the MPEG stream, there is also some kind of protection provided by the drive (at least RPC Phase II). Until authenticated, the drive won't deliver any of the encrypted MPEG packs (there is a corresponding flag in the frame header). A read access to a related block (sector) fails with an I/O error. So you need "special" commands (beside read) to get access (see MMC). In case of a region mismatch, the drive could deny access completley (then you'd need to change the drive's region, flash the drive, or buy another one). However, most appear only to block the title-keys. Helo2804 (talk) 14:09, 3 June 2015 (UTC)Reply

Purpose of CSS

Latest comment: 8 years ago2 comments2 people in discussion

[Discussion moved from User talk:intgr#Content Scramble System]

Hi Intgr,

You restored parts of the Content Scramble System article on 12:31, 28 May 2015 (Purpose).

As I wrote in the Talk:Content_Scramble_System#Committed_Changes I'd like to rewrite the article (step by step, work in progress).

I dropped the paragraph (Purpose) because it sounds (to me) confusing. First, it's hard to read. And if you got thru, isn't it petty? The first paragraph simply says, you cannot play a copy because it is still encrypted. The second paragraph says that CSS is supposed to make drive manufacturers' life a bit harder (which I doubt).

Do you read more/other than that? Please take also a look at my notes (Talk:Content_Scramble_System#Article_Rewrite). Thank you!

Helo2804 (talk) 13:13, 28 May 2015 (UTC)Reply

(Discussion about this edit)

@Helo2804: Sorry, I hadn't read most of the talk page, I thought from your edit summary that your complaint was that this was too much content for the lead section, so I restored it under another section title. Some content being "hard to read" shouldn't generally be a reason to remove it; it's better to rephrase or tag it e.g. {{clarify}}.

After more thought about it, I agree that purpose #1 is silly (of course copying an encrypted stream without the key won't be readable). But #2 seems like a valid purpose, because implementing CSS without the other restrictions might be seen as circumvention of DMCA. But I'm not really up to speed about US law or CSS and it's not currently sourced well enough (WP:V, WP:SYN), so I won't object if you want to remove it again.

PS: It's generally useful to keep article-related discussion on the article's own talk page, so other interested people can join; use {{Ping}} to invite users to the discussion. -- intgr [talk] 13:30, 30 May 2015 (UTC)Reply

Rewrite

Latest comment: 8 years ago1 comment1 person in discussion

I had a closer look at the content scramble system (see GitHub) and updated the article. There might be inconsistencies that I do not see and I'm also no native speaker. Hence, a review would be highly appreciated! Helo2804 (talk) 11:55, 31 May 2015 (UTC)Reply

External links modified

Latest comment: 6 years ago1 comment1 person in discussion

Hello fellow Wikipedians,

I have just modified 2 external links on Content Scramble System. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://web.archive.org/web/20150530224136/http://www.dvdcca.org/Documents/CSS_license_ver_1_2.pdf to http://www.dvdcca.org/Documents/CSS_license_ver_1_2.pdf
• Corrected formatting/usage for http://www.dvd-copy.com/news/cryptanalysis_of_contents_scrambling_system.htm

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 15:30, 12 August 2017 (UTC)Reply