Blu-ray security master key leaked

A file circulating the Internet which claims to contain the master key to the HDCP anti-piracy system has been confirmed as genuine.

The key, which has been shared on Pastebin since Tuesday, contains a string of hexadecimal code plus instructions for creating both device keys and 'sink' keys for the High-Definition Content Protection system - the standard used to prevent full-resolution copies of Blu-ray discs being made over an HDMI connection.

Researchers at Intel have now confirmed that the key, and the instructions for using it, is genuine. Intel spokesman Tom Waldrop is quoted over on PCMag.com as stating that the company "has tested this published material that was on the Web, [and] it does produce product keys."

A brute-force attack against the HDCP master key has been a possibility since researcher Niels Ferguson discovered flaws in the algorithm back in 2001, when he claimed that a researcher with 50 HDCP-enabled displays and four computers would be able to calculate the master key.

Although the HDCP system has built-in key revocation capabilities, designed against the possibility that a product key would leak out through a manufacturer's carelessness, the master key is a one-off and cannot be revoked - meaning that this leak, from an unknown source, spells the end of the system as an effective guard against piracy.

Asked about the possibility of the key being used to make a software-based decoder for Blu-ray discs, Waldrop stated that a hardware chip was a more likely scenario.

The release of the master key could spell the start of a plethora of cheap, unlicensed Blu-ray players from the Far East - without the need to get their hardware officially signed, manufacturers could illegally skip paying for a licence to create a player. Professional pirates are also likely to be hoisting a flag to celebrate the release of the key.

So far there has been no official word from the organisations behind HDCP on what this means for their business model.