Quote:
Originally Posted by FoxDisc
How much information do you think this discloses about the attacker?
|
Just a quick comment here: A Sequence Key is 64 bits. The row that any specific SK is on is identified by 16 bits. That's 80 bits of potential information about the attacker, and there are only 32 bits of different numbered revocable attackers in the whole Device Key/MKB AACS system.
Both the SK and its associated Row go into the decryption calculations and both are labeled as "confidential" in the specs.
I had been thinking that an attacker was associated with a specific set of shared SKs as discussed in the specs. Similar to the way that a set of DKs could specifically identify a device, I thought the SK system relied on identifying the device with a shared SK by knowing the "set of SKs" that the specs talk about. I now realize that's not necessary. The row that a specific SK is in also carries 16 bits of information (64K rows in the matrix) that are in addition to the 64 bits carried by the SK itself. If this process is repeated 6 or more times, there seems to be lots of potential information about the specific device used for a successful decryption.