Earlier this month, a person using the alias "muslix64" claimed to have circumvented the content protection system used in High Definition DVD (HD-DVD). That system, called Advanced Access Content System (AACS), is designed to prevent duplication and unauthorized playback of AACS-protected disks. Now muslix64 says he's cracked Blu-Ray security, which also uses AACS.
AACS works by encrypting the digital content; encryption keys are then used to decrypt the data. The keys are embedded into the media players and the media. Media players use their key to access the key stored on the media. Then the media's key is used by the player to decrypt the digital content for playback.
The apparent weakness in AACS is that if the keys can be accessed, then the content can be manipulated in ways that the publishers might not want to occur. That weakness is exactly what muslix64 targeted to bypass AACS protection.
In response to muslix64's claims, AACS makers said that the fault resides with licensees of the technology. "This development is limited to the compromise of specific implementations, and does not represent an attack on the AACS system itself, nor is it exclusive to any particular format. Instead it illustrates the need for all AACS licensees to follow the Compliance and Robustness Rules set forth in the AACS license agreements to help ensure that product implementations are not compromised," said a spokesperson.
The Web site, Freedom to Tinker, discusses how AACS works in considerable detail and also discusses how people are using the code released by muslix64 to extract and publish encryption keys.