After the motion picture industry spent years negotiating the encryption standard for digital video discs (DVD), a small group of Norwegian hackers recently released a program, called DeCSS, that can break the encryption on almost any DVD disk. "This is a troubling situation," said Rick Clancy, a spokesman at Sony Corporation of America. He said Sony is still gathering information on the purported hack and added that "Sony is of course a strong advocate of content protection."
Every DVD disk has about 400 keys on it to make the disk readable to all of the various DVD players on the market. The players, in turn, also have the 400 keys licensed and encrypted in their hardware or software playback systems. But apparently one program, the XingDVD Player, from RealNetworks subsidiary Xing Technologies, didn't have its keys adequately safeguarded. The hackers were thus able to deduce how to crack DVDs and released the DeCSS program, which will do it automatically.
Officials from RealNetworks weren't available for comment this morning.
The hackers are claiming that the DVDs only have 40-bit encryption. By contrast, Netscape 4.7, the company's most recent exportable version, has 56-bit encryption. The secure version of Internet Explorer 5.0 has 128-bit encryption.
This isn't the first DVD encryption to be broken. DVDs already have regional codes so that they can only be played on players bought in that region. This helps the movie industry distribute DVDs in the same pattern as films: premiere it in one market, then gradually release it in other markets. But movie producers often don't use the codes, and players have sprung up that can play DVDs with any of the various regional codes.