Understanding HDCP

Living with HDCP
HDCP has been in the consumer living-room/electronics market has been dealt with and is now accepted by users as a fact of life. For PC users however, the future is less simple. At this stage, a great deal of documentation exists to suggest HDCP is already a 'cracked' protocol, given it is susceptible to interception upon the 'handshaking' or negotiation process. In 2001, the first demonstrations of weaknesses in the protocol were shown to the public. Unlike The Da Vinci Code, this reasoning has a strong basis in the real world, and mathematical reasoning to boot. The cryptologists behind the findings were Scott Crosby (from Carnegie Mellon University) and Ian Goldberg (from Zero Knowledge Systems). Crosby made the following statement:

'I show that with the public and private keys from 40 devices and O(402) work I can violate the design requirement -- I can access the plaintext. Furthermore, with the 40 sets of keys and at most O(240) offline, I can usurp the central authority completely.'

Crosby (in saying that he could usurp the central authority) was pointing out that with enough keys, one could have enough 'guesses' at the correct checksum between two endpoints, in effect making a 'fake' device which is HDCP compliant, for the transmitter/receiver to bind and check against. There is however, another layer of complication to consider. This is known as HDCP+certs. The premise is that the central authority could (potentially) add cryptographic certificates to public keys. This would mean that each device would have a new secondary unique signature, signed by the central authority. It is speculated that this would use some standard algorithm such as RSA/DSA. This way, the HDCP receiver would send the public key and signed certificate with authentication only working if the certificate can be verified on the other side.

HDCP has a weakness from the beginning, much to the pain of Intel, being that it relies upon what we call Linear Key Exchange. As data is transferred from one point to another it's possible to eavesdrop on the data and see what's happening. Because of and based upon the 56-bit, 40 key set processes between the transmitter and receiver, it's possible to 'clone' any device, to make it look HDCP compliant. This in turn allows the user to prevent any black-listing of devices and ultimately completely circumvent the central key authority.

Whether you agree this is a good or bad thing depends on which side of the fence you sit. For the movie studios wanting to control how and when their products are used, this is obviously a bad thing. For the user who would like to play their purchase how and when they see fit, it could give them hope. That said, make no mistake that HDCP is much more resilient than anything that has come before it and there's no guarantee there will ever be any easy way to circumvent it.

HDCP begone: The Spatz DVIMAGIC HDCP stripper

It's in the gear
Well, maybe. As a combined hardware and software digital restrictions management system any form of trying to bypass is more than likely going to need a hardware solution. It comes somewhat as a surprise that there are already hardware solutions to the problem available on the market, known 'HDCP strippers'. These devices sit in between the source player and display device, and effectively (through a little tom-foolery of their own) strip out HDCP part of the protected content. The Spatz DVIMAGIC HDCP stripper is one way users who are left out in the cold by the HDCP revolution might deal with the issue of being unable to play HDCP content.

Through the use of a HDCP stripper, the user can output the protected signal to any capable device, whether it be analogue, digital, CRT, LCD, projector or otherwise, without the restriction of a HDCP keyset needing to be embedded in the receiver or target device.


Future proofing
At the time of writing no HDCP capable video cards for PCs exist on the market, and most display devices currently available are more correctly termed 'HDCP compatible' due to the use of an older version of the HDCP specification (1.0, as opposed to 1.2a). This apparently has been causing problems for early adopters, with reports of handshaking and connectivity problems for HDCP enabled content.

Ultimately, whether you like it or not, you will need to consider HDCP in your future purchases. If you buy cutting edge equipment now, be aware it's not HDCP enabled. It's possible you can get a new display that's at least using the 1.2a specification, and this will future proof you in terms of your display, but if you want to playback HDCP content on your PC and you also are in the market for a new video card from the range currently available, be aware you'll need to buy another card down the track once HDCP support becomes standardized.

As usual it's consumers getting the blunt end of the stick, all to satiate the paranoid delusions of the movie moguls.