Talk:Content Scramble System

Untitled
So... what's the point of using CSS? :-) --Ihope127 16:28, 26 August 2005 (UTC)
 * Control. You can't sell a DVD player unless you pay $25 for a license from the DVD CCA.  And they won't sell you a license unless you configure the software on the DVD player a certain way (honor DVD region codes and User Operation Prohibitions on certain DVD chapters). --Pmsyyz 20:47, 26 August 2005 (UTC)
 * Also, the average Joe doesn't go looking on the internet for a program to de-css a disk, so that he can copy it. For most it's too much work, too involved, or they are afraid of the MPAA, if anything this article needs a section on fair-use and backing up your disks

CuBiXcRaYfIsH 03:00, 29 December 2005 (UTC)

Actually I would also pretty much be interested in the reason behind CSS. As I read in Lawrence Lessig: The Future of Ideas, css does not intended to stop the copying of DVDs. It zas just a way to make it more difficult to play them. It would be got to elaborate more on this topic, but I don't feel myself a laz expert.Viktor.nagy 14:09, 24 October 2006 (UTC)

Incorrect Title
Shouldn't this article be titled "Content Scrambling System"? "Scramble" doesn't make sense, grammatically or historically. algocu 19:09, 2 April 2007 (UTC)
 * It is known, officially, as the Content Scramble System. It is not an incorrect title. Just because it doesn't make sense to you does not mean that it is wrong. System names tend to be like that - only making sense to their designers. --Jmccormac 05:35, 3 April 2007 (UTC)
 * http://www.dvdcca.org/css/ -- intgr 08:19, 3 April 2007 (UTC)

"Ironically"??
...which could be brute-forced by a 450Mhz processor in less than a minute. Ironically, a 450MHz processor was stated... I'm sure the statistic on brute force used a 450MHz processor because it was the industry-stated minimum, in which case, there's no irony here. This part should be rewritten. D a n si m a n ( talk | Contribs ) 16:32, 20 December 2007 (UTC)

The irony lies not in the fact that a 450MHz processor can crack CSS, since arguably any processor can do that, given enough time, but in the fact that it can do it in a timescale so short that it is essentially no more difficult than just playing a DVD normally. Maybe irony is the wrong word, but there is definitely something fittingly perverse about an encryption system so badly designed that it is “secure” only against people who have no reason to try to break it (by virtue of not having processors powerful enough to play DVDs smoothly). —Preceding unsigned comment added by 193.61.85.126 (talk) 17:09, 10 January 2008 (UTC)

Isn't the effective key length only 16bits?
"In addition, structural flaws in the algorithm reduced the effective key length to only around 25 bits, which could be brute-forced by a 450Mhz processor in less than a minute"

IIRC, the 40 bit key is split into two sections, one 16 bits and the other 24 bits which are then used to seed a 17-bit and a 25-bit LFSR (Linear Feedback Shift register) respectively. These are then combined in a trivial manner.

Surely an attack thus only needs to try all the 2^16 combinations of the first LFSR and, along with a known/guessed plain-cipher text pair, it can directly compute the other 24 bits of the key.

Simon Fenney (talk) 11:41, 15 January 2008 (UTC)


 * The important question here is: are there any sources documenting this? Otherwise it would be original research. -- intgr [talk] 22:26, 15 January 2008 (UTC)


 * A quick search turned up this which seems to confirm what I thought, i.e. "This streamcipher is very weak, a trivial 2^16 attack is possible"
 * Simon Fenney (talk) 12:53, 24 January 2008 (UTC)


 * There are different attacks to the CSS. If you have 5-6 bytes of known plain-cipher text the attack to the stream-cipher is 2^16 and can be accomplished even on a 450 MHz PC in a fraction of a second. It is quite difficult to know/guess plain text though, as this is compressed mpeg stream.  On the other hand, if you have access to the sector that contains the encrypted disc key (which can only be read after a successful authenticating procedure) and do not have a player key, you can attack the disc key hash by a 2^25 brute-force attack (this takes less than a minute on a 450 MHz PC). Afterwards, you can do another 2^16 attack to get an arbitrary player key.  This way all player keys (about 30) can be computed in less than a second.  When the player keys are known (which they are) there is no need to do any attack at all.  The disk key hash attack is described in chapter 4 of Frank Stevenson's article (see above), the known-plaintext attack is mentioned in chapter 2 and is also used to get the player keys after the disc key has been found. --132.230.166.181 (talk) 16:52, 23 April 2008 (UTC)


 * As for "It is quite difficult to know/guess plain text though" I'm not sure I agree. IIRC, the first N-bytes (~128 bytes) of each 2k(?) sector are not encrypted and the changeover frequently seems to straddle the MPEG2 quantisation tables. These are extremely predictable so obtaining known cipher+plain text may be rather simple.Simon Fenney (talk) 12:45, 6 May 2008 (UTC)


 * I know this is a rather old topic, anyways: It is correct that a correlation attack enables the recovery of the seed from a keystream at a complexity of 216. But you have also to consider that CSS mangles the keystream with the plain-text to produce the cipher-text.


 * In case of title-keys, the mangling is one-to-one: the keystream can be recovered from plain- and cipher-text. Still, a plain-text prediction is required. Prediction based on the MPEG quantisation is almost always possible. Though you might need to examine a lot of packs. In rare cases it does fail! Furthermore, the manufacterer may decide not-to-encrypt vulnerable packs (since encryption is optional per pack). Then you'd need another approach.


 * In case of disc-key recovery (from the hash value) there is no keystream available. So the correlation attack won't work. Stevenson's exploit here has a complexity of 225 which may produce more than one key. So you have to sort out the genuine one.


 * In case of player-key recovery you can reverse the mangling to produce the keystream, sort of. Stevenson's exploit has a complexity of 28. There are many false positives. So you need serval discs to sort out the genuine ones. Thereafter you can apply the correlation attack at a complexity of 216. Helo2804 (talk) 13:52, 3 June 2015 (UTC)

Removing from block cipher category while still keeping block size in infobox
Adding the block size to the infobox put this in the block cipher category. CSS is a strange cipher in that it encrypts sector-by-sector (2048 bytes each), that is it has a block size, but it is still a stream cipher in that one bit changed in the ciphertext changes one bit in the plaintext, that is, it is vulnerable to a bit-flipping attack. 174.111.239.203 (talk) 18:46, 30 March 2011 (UTC)

Statement about 'Region 0' discs
The statement "however, most region 0 (all region) DVDs do not make use of it.", already marked citation needed, should be removed. There is no such thing as "Region 0"; it's a slang term at best and the proper term is "all region". Aside from there being no cite, the statement as written doesn't even attempt to explain why region coding would be related to the decision to use CSS. Occasionally commercial discs are all region due to licensing decisions, but that doesn't imply that CSS isn't used (even though of course that is also a possibility). If the statement is instead supposed to be an implication that certain categories of discs, such as homemade discs, or bootleg discs, which also happen to be "Region 0" (to use the incorrect term), don't use CSS, it should state that explicitly, rather than tie it to region coding. 216.243.36.196 (talk) 09:05, 1 May 2011 (UTC)
 * I removed the offending sentence. Mfwitten (talk) 18:04, 2 May 2011 (UTC)

Edit war between Mfwitten and Tyros1972
Apparently we've entered into an edit war, so until we've discussed the changes and come to a consensus, I'm going to revert the article to my last revision, which already incorporates some of the information that Tyros1972 has contributed. New changes are subject to consensus. Mfwitten (talk) 20:25, 1 September 2011 (UTC)

Here is the existing discussion (taken from my talk page):

My edits are correct. What was there is false information regarding CSS. It is a sector level encryption, you cannot copy the files to a HDD. This is easy to test why don't you try it? CPPM is a file level encryption don't confuse the two.

I am an expert in optical media so for you to say my edits are irelevant and poorly written is a joke! Try doing some research before editing valid info asswipe! — Preceding unsigned comment added by Tyros1972 (talk • contribs) 18:05, 1 September 2011 (UTC)


 * There is nothing being said about copying individual files; from the article before you changed it:


 * CSS does not prevent the raw image of a DVD from being copied to a hard drive, but such a copy is unusable without the keys, which can only be retrieved with authentication.


 * It's talking about making an image of the entire disc. Notably:


 * A disk image is usually created by creating a complete sector-by-sector copy of the source medium and thereby perfectly replicating the structure and contents of a storage device.
 * Mfwitten (talk) 19:30, 1 September 2011 (UTC)


 * *you cannot* make an image file of a CSS disc why don't you try it? Image file OR copying to HDD is the same thing since you *cannot* do RAW on DVD.


 * Stop reverting the edits you obviously are not qualified for this. — Preceding unsigned comment added by Tyros1972 (talk • contribs) 19:38, 1 September 2011 (UTC)


 * That's basically what the existing text already states:


 * Disc keys are stored on the lead-in area of the disc, an area that a compliant drive is only supposed to read in a special way; CSS does not prevent the raw image of a DVD from being copied to other media, but such a copy is unusable without the keys, which can only be retrieved with authentication.
 * Mfwitten (talk) 20:25, 1 September 2011 (UTC)


 * Perhaps it would be worthwhile to add something similar to the information provided by this VLC FAQ:


 * * Does VLC support DVDs from all regions? This mostly depends on your DVD drive. Testing it is usually the quickest way to find out. The problem is that a lot of newer drives are RPC2 drives these days. Some of these drives don't allow raw access to the drive untill the drive firmware has done a regioncheck. VLC uses libdvdcss and it needs raw access to the DVD drive to crack the encryption key. So with those drives it is impossible to circumvent the region protection. (This goes for all software. You will need to flash your drives firmware, but sometimes there is no alternate firmware available for your drive). On other RPC2 drives that do allow raw access, it might take VLC a long time to crack the key. So just pop the disc in your drive and try it out, while you get a coffee. RPC1 drives should 'always' work regardless of the regioncode.


 * Mfwitten (talk) 20:37, 1 September 2011 (UTC)

Well, this is also fairly old. Anyways: CSS employs three protection mechanisms. Besides the well known encryption of the MPEG stream, there is also some kind of protection provided by the drive (at least RPC Phase II). Until authenticated, the drive won't deliver any of the encrypted MPEG packs (there is a corresponding flag in the frame header). A read access to a related block (sector) fails with an I/O error. So you need "special" commands (beside read) to get access (see MMC). In case of a region mismatch, the drive could deny access completley (then you'd need to change the drive's region, flash the drive, or buy another one). However, most appear only to block the title-keys. Helo2804 (talk) 14:09, 3 June 2015 (UTC)

Purpose of CSS

 * [Discussion moved from User talk:intgr]

Hi Intgr,

You restored parts of the Content Scramble System article on 12:31, 28 May 2015 (Purpose).

As I wrote in the Talk:Content_Scramble_System I'd like to rewrite the article (step by step, work in progress).

I dropped the paragraph (Purpose) because it sounds (to me) confusing. First, it's hard to read. And if you got thru, isn't it petty? The first paragraph simply says, you cannot play a copy because it is still encrypted. The second paragraph says that CSS is supposed to make drive manufacturers' life a bit harder (which I doubt).

Do you read more/other than that? Please take also a look at my notes (Talk:Content_Scramble_System). Thank you!

Helo2804 (talk) 13:13, 28 May 2015 (UTC)


 * (Discussion about this edit)
 * Sorry, I hadn't read most of the talk page, I thought from your edit summary that your complaint was that this was too much content for the lead section, so I restored it under another section title. Some content being "hard to read" shouldn't generally be a reason to remove it; it's better to rephrase or tag it e.g. clarify.
 * After more thought about it, I agree that purpose #1 is silly (of course copying an encrypted stream without the key won't be readable). But #2 seems like a valid purpose, because implementing CSS without the other restrictions might be seen as circumvention of DMCA. But I'm not really up to speed about US law or CSS and it's not currently sourced well enough (WP:V, WP:SYN), so I won't object if you want to remove it again.
 * PS: It's generally useful to keep article-related discussion on the article's own talk page, so other interested people can join; use Ping to invite users to the discussion. -- intgr [talk] 13:30, 30 May 2015 (UTC)

Rewrite
I had a closer look at the content scramble system (see GitHub) and updated the article. There might be inconsistencies that I do not see and I'm also no native speaker. Hence, a review would be highly appreciated! Helo2804 (talk) 11:55, 31 May 2015 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 2 external links on Content Scramble System. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20150530224136/http://www.dvdcca.org/Documents/CSS_license_ver_1_2.pdf to http://www.dvdcca.org/Documents/CSS_license_ver_1_2.pdf
 * Corrected formatting/usage for http://www.dvd-copy.com/news/cryptanalysis_of_contents_scrambling_system.htm

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 15:30, 12 August 2017 (UTC)