A perspective on DRM

[KimB]

They can encrypt the software with different keys for each individual if it's an online sales model (but this is not really helping much because a pirate only needs to compromise one key to decrypt the whole thing). Or, they can use only one key, but require the user to "activate" the product with his/her CPU's public key. Since each product can have different keys, a compromised key only lead to public decryption of a single product. Actually, the game developer can easily change the key in a patch, so even if a key is compromised, new patches should still be secure.

Except then the pirate need only distribute the decrypted version after cracking one system.

 

[pcchen]

Except then the pirate need only distribute the decrypted version after cracking one system.

So I said "new patches" are still secure... and by "new patches" I mean those with bug fixes, new functions, etc. not just the same old executable with a new key.

 

[KimB]

So I said "new patches" are still secure... and by "new patches" I mean those with bug fixes, new functions, etc. not just the same old executable with a new key.

Right, so then the pirate just does the same thing with the new patch.

 

[pcchen]

Right, so then the pirate just does the same thing with the new patch.

How to do it? Let me just say it: all the pirates have is just an encrypted executable, with a "check" data to make sure that you are using the correct key. Assuming a proper encryption method is used, do you think it's easy to crack an AES-128 or even AES-256 key?

People like to say "everything system can be cracked" etc. In reality, proper designed system with important data accessed only to the hardware is hard to crack. Actually, it's very hard. PC based systems are relatively easy to crack because they are mostly software based. You can reverse engineering programs, monitoring the whole memory, every CPU registers, etc. It gets a lot harder if you take these abilities away.

 

[KimB]

How to do it? Let me just say it: all the pirates have is just an encrypted executable, with a "check" data to make sure that you are using the correct key. Assuming a proper encryption method is used, do you think it's easy to crack an AES-128 or even AES-256 key?

People like to say "everything system can be cracked" etc. In reality, proper designed system with important data accessed only to the hardware is hard to crack. Actually, it's very hard. PC based systems are relatively easy to crack because they are mostly software based. You can reverse engineering programs, monitoring the whole memory, every CPU registers, etc. It gets a lot harder if you take these abilities away.

Except in reality, it seems that systems are just too complex to be "properly designed" enough to prevent cracking. Furthermore, these sorts of security limitations can and frequently do get in the way of paying customers' enjoyment. As I've said, I think the only reasonable real answer is to limit DRM to things that add value to the game, such as with Stardock's Impulse which makes downloading and installing games/patches very easy for registered users.

 

[Frank]

Except in reality, it seems that systems are just too complex to be "properly designed" enough to prevent cracking.

That is mostly because of stupid political decisions , made without checking with the engineers who designed it. The systems aren't very complex as such. Or rather, not more so than designing it in the first place.

 

[KimB]

That is mostly because of stupid political decisions , made without checking with the engineers who designed it. The systems aren't very complex as such. Or rather, not more so than designing it in the first place.

I'm not sure I buy that. There always seem to be exploits discovered after the fact. Regardless of the causes, however, the fact remains that nobody has yet discovered an uncrackable system. So I think we should naturally assume that all systems are crackable, and work within that knowledge. The better thing to do, then, is provide positive incentives to legitimate customers, instead of negative incentives to pirates (since negative incentives to pirates almost inevitably are also negative to legitimate customers...sometimes even more negative to legitimate customers).

 

[Frank]

Well, running the encrypted code "directly" does allow Intel to have some use for 16-core CPU's. They might perform as well as a single core that runs unencrypted code.

 

[pcchen]

The better thing to do, then, is provide positive incentives to legitimate customers, instead of negative incentives to pirates (since negative incentives to pirates almost inevitably are also negative to legitimate customers...sometimes even more negative to legitimate customers).

In a sense, making something harder to copy is a positive incentive to legitimate customers. Especially when your friends tell you that "Why buy it? You can just copy it!" after you bought some DVD.

It's really not very hard to design a proper system. For example, AACS was cracked, but to this day all known cracked AACS keys are from software players. If there's no software players, I think there will be much less (probably none) cracked keys out there.

 

[KimB]

In a sense, making something harder to copy is a positive incentive to legitimate customers. Especially when your friends tell you that "Why buy it? You can just copy it!" after you bought some DVD.

What about when a person wants a backup of their original CD/DVD? What about when the online activation tells them they can no longer use their game because they've installed it too much after, say, having some problems on the install and reinstalling the OS? What if the company stops supporting (for whatever reason) the online activation, invalidating all new installs of the game? All of these things can make piracy more convenient.

 

[pcchen]

What about when a person wants a backup of their original CD/DVD? What about when the online activation tells them they can no longer use their game because they've installed it too much after, say, having some problems on the install and reinstalling the OS? What if the company stops supporting (for whatever reason) the online activation, invalidating all new installs of the game? All of these things can make piracy more convenient.

Except for the first problem, which is about fair use right, others are just examples of bad DRM implementations.

Even considering the first problem, for example, a book is not easy to "backup." But I don't see many people complaining about it.

 

[KimB]

Except for the first problem, which is about fair use right, others are just examples of bad DRM implementations.

Right, but they're bad implementations that seem to happen again and again and again, because publishers are more focused on punishing pirates than providing a good product to their customers.

Even considering the first problem, for example, a book is not easy to "backup." But I don't see many people complaining about it.

True, but a book can survive quite a bit of damage before becoming unusable. A CD/DVD, not so much. A small scratch on the data surface and it can be all over.

 

[pcchen]

Right, but they're bad implementations that seem to happen again and again and again, because publishers are more focused on punishing pirates than providing a good product to their customers.

I don't think this is what we are currently discussing.

True, but a book can survive quite a bit of damage before becoming unusable. A CD/DVD, not so much. A small scratch on the data surface and it can be all over.

Fair use right is a complex problem. Backup right is a very hard problem to solve. It's very difficult to make an open system which can permit an one-time backup system or something. However, other problems are easier to solve, for example, many game companies in Taiwan offer service for exchanging damaged game disks, for a little price.