HackerTrans
トップ新着トレンドコメント過去質問紹介求人

perryflynn

no profile record

投稿

How encryption for Cinema Movies works

serverless.industries
230 ポイント·投稿者 perryflynn·昨年·120 コメント

Force Devices to use Pi-hole

serverless.industries
9 ポイント·投稿者 perryflynn·昨年·1 コメント

コメント

perryflynn
·昨年·議論
Well, the DCI system relies on trusted (TPM-ish) hardware. One server vendor has used insecure certificates. So if a AES key for a movie is encrypted / shipped for such insecure certificate the AES key for the movie can be decrypted outside of the actual projector hardware.

This is one reason why they use Device lists, if such a issue becomes public, they will just block this specific projector or the whole product line for future movie releases and the leak is contained.

Also only movies which got assigned to that projection system are affected. So the damage is low/medium.
perryflynn
·昨年·議論
Yes, I added some notes/improvements while the discussion was happening here.

Changelog: https://github.com/perryflynn/serverless.industries/commits/...
perryflynn
·昨年·議論
No. They use a unique IV for each frame:

> Every Frame is using a unique IV (Initialization Vector), which ensures that the AES Block Cipher generates always different cipher texts and makes brute force harder. This works similar to a Password Salt.
perryflynn
·昨年·議論
One movie can be 200G to 1TB large. The chunked encryption allows it to seek the movie without decrypting from the beginning.
perryflynn
·昨年·議論
The frames are sent encrypted into the projector. The projector has special hardware for decrypt and decode.
perryflynn
·昨年·議論
It also contains watermarks. So theatres which failed to prevent recording will run into serious issues. See https://dcpomatic.com/forum/viewtopic.php?t=2372