Are movies encrypted not well enough or are these hackers just good at what they do?
Why is something like https said to be near impossible to hack whereas movies come out in these modern times and in a couple days there are people uploading it and making it free for many people to download. What makes movie files easy to hack and https harder to hack?
- oyubirLv 61 month agoFavorite Answer
It is not really a technology difference. It is the problem itself that is different.
HTTPS (SSL generally speaking) purpose is to prevent a 3rd party to listen to exchange between your browser, and the webserver you are visiting.
That is a very easy problem. And algorithm to make it impossible (literally impossible) are older than computers!
(There are encrypted documents of 150 years that nobody never managed to decrypt. Even tho the algorithm is known, but not the key). It is made less easy by the absence of preliminary key exchange, and by the fact that key is small (compared to message size). But, there, I enter technological detail. The point is, the problem itself (preventing a 3rd party to listen) is an easy problem.
If a 3rd party manage to break the cipher, well, get a better cipher (which is done. Again, ssl is near impossible to hack. Even NSA can't do it. Which is the reason why they pathetically tried to pose as open source contributors to standardize weaker algorithm, and why they try to tap communication before encryption, or after decryption)
Copy protection, on the contrary, is an impossible problem. I mean, blurays are designed to be read, right? You are supposed to decipher its contents. Otherwise, you couldn't enjoy it. There is no way around that. The key has to be known. So the problem is impossible. If you can decipher the disk to read it, then you can decipher the disk to copy it.
You can try to make it hard, because of legal problem (license to create bluray reader is granted only to manufacturers who commit to keep the keys secret. But, well, that secret is stored in your player. Usually hard coded in a chip, so you can't read it easily. But it exists. And all it takes is ONE leak to the world so that anybody know the key (which then will be revoked and unable to read future disk, sure).
Even if you don't want to go into those keys detail, you must understand that, at worst, you can still play the movie on your 4K set, and record it with a 4K camera! (that is a stupid way to do it, with a probable quality loss. But it shows how impossible a problem it is. They want to movie to be visible to your eye, but your eye only. That a very hard problem to solve technologically).
It is a little bit as the difference between making opaque envelopes that prevent anyone to read the content of your letters, without opening them; and making special ink to write letters that can be read, but can't be photocopied or photographied.
You would not ask "how come it is near impossible to read the content of a closed letter, and yet so easy to copy the content of an opened one", would you?
Well, that's the same. Without even going into details of envelopes and ink technology. it is obvious that one is a harder problem than the other. HTTPS is a closed envelope, that ensures that only sender and recipient can read. AACS is a special ink, that ensure that content can be read by anybody owning the reading material, but not copied.
- ∅Lv 71 month ago
i don't think you understand how movie files work, and what https means/does. so let me explain it, hopefully to your satisfaction.
https is just a "secure" http connection, for transferring files for webpages. the data is encrypted at the server end and decrypted on your computer (client) end. so your computer is the only one that can see it, and it totally gets the code to decrypt it.
modern https connections primarily use TLS encryption, which is designed specifically for this type of transaction, where the user's browser decrypts the signal using the decrypt code, which can now be up to 256-bit encryption, which is even more "unhackable" than its predecessor, SSL.
as for movie encryption, that is a much different animal, as what is being encrypted is in a common video format, the specifications for which are well known. you see, you need to use a "codec" to compress/decompress the video stream. if it is an uncommon codec, nobody will be able to "just play the videos". but the downside of using a more common codec is, because of its use cases, there are more ways to manage said video, and there are therefore more ways to capture and save it.
after all, the player HAS GOT TO decrypt the video to display it. and to decode it, it needs the encryption algorithm.
with TLS (https), it is being protected from outside attackers, but the information is not being encrypted from the users themselves.
with streaming video, it is actually BOTH being protected from outside attackers AND from being saved by the user permanently.
and because it is a common universal format, stripping the encryption after you have the code is quite simple...when you know what you're doing.
so TL;DR, it is really just because they are protecting different things from different people. if HTTPS kept users from printing webpages, you can be sure hackers would find a way around it!
- keerokLv 71 month ago
Movies don't need hacking. They're just there, sitting in servers, waiting to be downloaded. It's not the servers that need hacking too. They're already set up to allow you to download those movies (with just a simple quiz like "click on all cars or chimneys or traffic lights" (man, I can't believe I fail on those sometimes).
To simplify, if there's a new movie that's already ready for downloading in the internet, it's not because of hacking. It's just placed there by unscrupulous people dying to get credit for putting up something they think is valuable for free. So how did they get it? Most of the time, they paid for it or they are using an account of someone they know to get it.
- Anonymous1 month ago
HTTPS uses public-private key encryption; one side encrypts it using a public key, and the other side decrypts it using the private key. It's trivial to generate a new public-private key pair and give out a new public key. In Blu-Ray, it's basically one way and backwards. The player itself has the private key. Anyone with the private key can decode the Blu-Ray. Signing Blu-Rays with a new public key means the player has to download new firmware, if the manufacturer even makes one. And if the player's hardware is vulnerable, that may be where the hackers got the private key to begin with. Publishers have to choose between invalidating a very large number of their customer's players, or having their movies pirated. Many will simply tolerate the latter.