Re: Napster: thoughts and comments?

From: Adrian Tymes (wingcat@pacbell.net)
Date: Wed Jul 12 2000 - 18:48:48 MDT


"Michael S. Lorrey" wrote:
> Adrian Tymes wrote:
> > "Michael S. Lorrey" wrote:
> > > Lee Daniel Crocker wrote:
> > > > And no digital format will ever be "secure" except on
> > > > secure hardware, and even that is dubious.
> > >
> > > Actually, no. If the file is encrypted such that each successive play requires a
> > > new key to decrypt, which must be downloaded from the recording company's
> > > keyserver on a pay per play basis (i.e. no key can be used twice on the same
> > > downloaded file), then you have a very secure file format.
> >
> > But not completely secure. Make a backup of the file (and any
> > associated data, like hidden files or Windows registry keys) before you
> > play it, download the key to another file, trick the player into
> > "downloading" the key from the file rather than the company, then copy
> > the backup over the original, and there's your crack. (If the key
> > depends on the time as reported by the local computer, then trick the
> > player into thinking it's always the same moment. If the key depends on
> > the time as reported by the company's server, that can be specified as
> > part of the served key; it's no problem if the local computer and the
> > company's server have way out of sync clocks).
>
> Tricking the player is the thing. Since your format is proprietary, only
> approved players will be able to interpret your format, which can keep encrypted
> records of each key used, time stamp from the server, time stamp from the
> playing machine, etc. The player will not allow a key to be used twice, and will
> detect temporal anomalies.
>
> Reinstalling the player for every use MAY be possible to bypass it, but adding
> that level of difficulty to the problem makes it not worth the users while to
> cheat...which is all thats really needed.

So make an emulator of your current system, with ability to completely
refresh itself from some point, install the player to the emulator, and
refresh the system after each play. No logging possible. If this were
completely automated, the effort to the consumer would be near zero.



This archive was generated by hypermail 2b29 : Mon Oct 02 2000 - 17:34:27 MDT