By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
However, he said he had no intention of publishing his findings because of fears of being prosecuted or sued in the US under the 1998 Digital Millennium Copyright Act (DMCA).
"Intel's High-bandwidth Digital Content Protection (HDCP) is fatally flawed," said Ferguson. "An experienced IT person can recover the HDCP master key in about two weeks."
Ferguson, a noted cryptographer who works as a consultant, first talked about his findings at the Hackers at Large 2001 conference in Holland at the weekend.
Ferguson has worked for, among others, the National Research Institute for Mathematics and Computer Science in Holland.
"The master key can be used to decrypt HDCP video content, to impersonate a device and to build new devices that will work with the official HDCP devices," said Ferguson. "To get the master key, an expert would need to have four computers and 50 DHCP panels running for about two weeks."
"If this master key is ever published, HDCP will provide no protection whatsoever. The flaws in HDCP are not hard to find," he said.
Intel previewed HDCP in February of this year. The technology is designed to encode digital video on the Digital Visual Interface (DVI) bus, which is expected to be contained in devices such as DVD players, PC monitors, TVs and digital video cameras next year. DVI is being touted as the successor to the Video Graphics Array (VGA) display systems.
Ferguson said that although he usually publishes his findings, he was not planning to disclose the weaknesses in HDCP. A lawyer with the Electronic Frontier Foundation (EFF) told him that he risked being prosecuted or sued under the DMCA, a controversial law that makes it a crime to circumvent copyright protection mechanisms built into software and devices.
"I would love to send my article to Intel, but don't know what the legal consequences would be," said Ferguson. "Intel has been very friendly."
Representatives at Intel were not available for comment.