update 11/13/99
Since the posting of this article the mirror at www.rhythm.cx has been shutdown by motion picture industry lawyers. Their threatening letter has been posted here.

The November 25, 1997 edition of Off The Hook (relevant portion 21 minutes into show), reported that DVD copy protection had been defeated. The method involved a C program that hooks into the device drivers from Zoran's SoftDVD player to intercept decoded DVD data. Two years later, the encryption itself has been cracked.

Contents Scrambling System (CSS) is used in DVD copy protection to encode movies. Each DVD player, both software and standalone home theater systems, needs to have a key to decode the movie. Last week the Norwegian group Masters of Reverse Engineering (MoRE) discovered that the DVD player XingDVD did not encrypt its key for decrypting DVDs.

As a result they were able to create DeCSS, a free DVD decoder, that not only facilitated the creation of previously unavailable open source DVD players for Linux - also allowed people to copy DVDs. After the discovery of Xing's key they were able to derive over a hundred additional keys due to the weaknesses of the encryption algorithm. The ease in which this was accomplished can be blamed not just on Xing's sloppiness, but on the United State's notoriously antiquated encryption export laws that forced DVD manufactures to use weak encryption (40 bit) in the first place.

In the last few days there have been numerous reports of movie industry lawyers shutting down sites offering information about DeCSS. 2600 feels that any such suppression of information is a very dangerous precedent. That is why we feel it's necessary to preserve this information. We do feel sympathy for the DVD industry now that their encryption has been cracked. Perhaps they will learn from this. We hope they apply that knowledge in a constructive way. If they choose to fall back on intimidation, we'll just have to deal with that.

http://www.rhythm.cx/dvd - Has links to many mirrors and related sites (local mirror)