Quote:
Originally Posted by Taylor514ce
Re-read the post right above yours. A universal "crack" to public key crypto just isn't feasible. Maybe for the NSA. They read everything anyway.
|
Well, that depends on what you mean by "crack." The system you're describing involves giving customers encrypted content and the key to decrypt it with. They have the ciphertext
and the key. Ciphertext + key = plaintext. That's like the whole point of cryptography, right
. But that means in this case there doesn't have to be a "break" in the algorithm.
If you look at the Mobipocket DRM tool it's actually pretty funny. The device PID is the key. Using that to produce decrypted content from DRMed files isn't a matter of finding a cryptographic weakness in the algorithms used, but simply a matter of figuring the algorithm. Then key + algorithm + DRMed content = decrypted content.
This is what moz was getting at about "open DRM." Cory Doctrow has some articles about this, but all DRM -- or "DRM-like"? "DRM-ish"? systems -- depend on giving customers both the encrypted content and the keys to decrypt it with. To prevent "unauthorized" decryption you then have to hide either the algorithm or the keys or both. Which isn't possible -- that information can only be obfuscated.