Thread: DRM and AZW files
View Single Post
Old 08-23-2012, 08:53 AM   #40
geekmaster
Carpe diem, c'est la vie.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
Quote:
Originally Posted by ixtab View Post
... Testing 1,000,000 different keys takes about 35 seconds - and that is completely unoptimized code, which can certainly be made faster by at least an order of magnitude. ...
That indicates that they did not use enough hashing rounds in their key generation. PBKDF2 key generation started with 1,000 rounds in the old days, but changed to 2,000 rounds when computers got faster, and is now 10,000 rounds in some of the latest implementations. Is amazon REALLY only using a single round of hashing to generate and test keys? That is badly broken by even very old encryption standards.

They must be relying on the DMCA to protect them, rather than using "REAL" security practices. It is still a lot faster to crack the DRM using information obtained from an authorized reading device.

EDIT: You did not say how many hash rounds you used in your test. Even if it is more than a single round, testing 1,000,000 keys in 35 seconds may require more rounds for good protection.
Last edited by geekmaster; 08-23-2012 at 08:58 AM.
geekmaster is offline   Reply With Quote