HackerTrans
TopNewTrendsCommentsPastAskShowJobs

perryflynn

no profile record

Submissions

How encryption for Cinema Movies works

serverless.industries
230 points·by perryflynn·tahun lalu·120 comments

Force Devices to use Pi-hole

serverless.industries
9 points·by perryflynn·tahun lalu·1 comments

comments

perryflynn
·tahun lalu·discuss
Well, the DCI system relies on trusted (TPM-ish) hardware. One server vendor has used insecure certificates. So if a AES key for a movie is encrypted / shipped for such insecure certificate the AES key for the movie can be decrypted outside of the actual projector hardware.

This is one reason why they use Device lists, if such a issue becomes public, they will just block this specific projector or the whole product line for future movie releases and the leak is contained.

Also only movies which got assigned to that projection system are affected. So the damage is low/medium.
perryflynn
·tahun lalu·discuss
Yes, I added some notes/improvements while the discussion was happening here.

Changelog: https://github.com/perryflynn/serverless.industries/commits/...
perryflynn
·tahun lalu·discuss
No. They use a unique IV for each frame:

> Every Frame is using a unique IV (Initialization Vector), which ensures that the AES Block Cipher generates always different cipher texts and makes brute force harder. This works similar to a Password Salt.
perryflynn
·tahun lalu·discuss
One movie can be 200G to 1TB large. The chunked encryption allows it to seek the movie without decrypting from the beginning.
perryflynn
·tahun lalu·discuss
The frames are sent encrypted into the projector. The projector has special hardware for decrypt and decode.
perryflynn
·tahun lalu·discuss
It also contains watermarks. So theatres which failed to prevent recording will run into serious issues. See https://dcpomatic.com/forum/viewtopic.php?t=2372