Thread: The fight for a reflowable e-document standard
View Single Post
Old 09-04-2006, 01:33 PM   #16
rlauzon
Wizard
rlauzon put the bomp in the bomp-a-bomp-a-bomp.rlauzon put the bomp in the bomp-a-bomp-a-bomp.rlauzon put the bomp in the bomp-a-bomp-a-bomp.rlauzon put the bomp in the bomp-a-bomp-a-bomp.rlauzon put the bomp in the bomp-a-bomp-a-bomp.rlauzon put the bomp in the bomp-a-bomp-a-bomp.rlauzon put the bomp in the bomp-a-bomp-a-bomp.rlauzon put the bomp in the bomp-a-bomp-a-bomp.rlauzon put the bomp in the bomp-a-bomp-a-bomp.rlauzon put the bomp in the bomp-a-bomp-a-bomp.rlauzon put the bomp in the bomp-a-bomp-a-bomp.
 
rlauzon's Avatar
 
Posts: 1,018
Karma: 67827
Join Date: Jan 2005
Device: PocketBook Era
Quote:
Originally Posted by b_k
So if I would think like you, PGP must be insecure cause the algoryhtms are well known and open-source. Anyone knows the times it would take to crack PGP-keys with a (as of now) secure algorythm? If I remember right, it would take quite a long time.
You need to re-read my message. I said that you get the lock design and key in an open source solution.

The application needs to have the key so that it unlock the content to display to the user. Since the application is open source, the key is available for anyone to see.

Quote:
Originally Posted by b_k
For the "how we treat customers"-thing I think the same way.
But I think it would not be impossible to develop a open source (=portable), user-friendly (=resell the drm-ed content) and secure DRM. To bad that is simply not what the book/drm-software publishers want.
I've given this alot of thought and PGP played a good part of it.

Given:
1. Public key crypto is pretty darn secure.
2. The purpose of DRM is to prevent someone from doing something with the content that is not approved by the copyright holder (ignoring that copyright holders don't legally have this authority).

Attempt 1:
The author encrypts the content with a public key. The reader then uses a private key to decrypt the content to display to the user.
- Problem: since the solution is open source, the private key is not secret. So anyone can create a DRM-removal program.

Attempt 2:
When you buy the eBook, you provide your public key. This is used to encrypt the eBook. You provide the private key to the reader to see the content.
- Same problem. You have the key to unlock the content. No security.

Attempt 3:
The author signs the eBook with his private key and encrypts with your public key when you purchase the eBook. You get the author's public key when buying the book.
- Still the same problem. The only benefit you get is that no one can edit the eBook and re-sell it because they cannot re-sign it, not having the author's private key.

So no matter what you do, if the DRM is open source, you, the attacker, have access to the algorithm and the key to unlock the content. The only way that DRM can work is for the reader to be closed and proprietary.

Quote:
Originally Posted by b_k
I as customer would like to see a fair and portable solution which does not lock me to one device/os/vendor, but again thats not what the industry wants.
And that's yet another problem.
rlauzon is offline   Reply With Quote