After the motion picture industry spent years negotiating the encryption standard for digital video discs (DVD), a small group of Norwegian hackers recently released a program, called DeCSS, that can break the encryption on almost any DVD disc. "This is a troubling situation," said Rick Clancy, a spokesman at Sony America. He said Sony is still gathering information on the purported hack and added that: "Sony is, of course, a strong advocate of content protection."
Each DVD disc has about 400 keys on it, to make the disk readable to all the various DVD players on the market. The players, in turn, also have the 400 keys licensed and encrypted in their hardware or software playback systems. Apparently one program, the XingDVD Player, from RealNetworks subsidiary Xing Technologies, didn't have its keys adequately safeguarded. The hackers were thus able to deduce how to crack DVDs, and released the DeCSS program, which will do it automatically.
Officials from RealNetworks weren't available for comment this morning.
The hackers are claiming the DVDs have only 40-bit encryption. In contrast, Netscape 4.7, the company's most recent exportable version, has 56-bit encryption. The secure version of Internet Explorer 5.0 has 128-bit encryption.
This isn't the first DVD encryption to be broken. DVDs have regional codes, so that they can only be played on players bought in that region. This helps the movie industry distribute DVDs in the same manner as films - open it in one market, then gradually release it to other markets. However, movie producers often don't use the codes, and players have sprung up that can play DVDs with any of the various regional codes.
Since the announcement of the hack, the DeCSS Web site has gone offline.