- After a three-week challenge aimed at improving the standard's security, the Secure Digital Music Initiative (SDMI), the music industry's proposed standard for secure digital music, has been cracked, according to a report at the Web magazine Salon.com.
Basing its story on three anonymous sources, Salon reported Thursday that all six encryption technologies included in the Hack SDMI challenge have been cracked in repeatable, nontrivial ways.
SDMI, a consortium of music, computer and electronics companies, had offered $US10,000 to anyone able to crack one of the encryption schemes in a contest from Sept. 15 to Oct. 8. In order to claim the prize money, entrants had to submit their cracks to SDMI to verify that they were repeatable and nontrivial. The consortium received 447 entries, according to an SDMI press release.
SDMI, whose members had been meeting in Los Angeles this week, has denied that any such cracks have occurred, stating that they have only just begun to examine the submissions. However, many on the Internet have taken the breaking of SDMI as a fait accompli.
Users on the open source news Web site Slashdot.org, many of whom have been vocal critics of SDMI, have responded with a mixture of frustration and glee. Many Slashdot users have been among the most vociferous supporters of the boycott of the Hack SDMI challenge, as they charge that SDMI will eliminate a number of traditional consumer rights.
A number of Slashdot users expressed disbelief that any of their fellow hackers would have participated in the contest.
"While I'm pleased to see that SDMI was so trivially cracked, I'm disappointed that the individuals mounting the successful attack chose to inform the recording industry," wrote a Slashdot user under the moniker "ewhac."
"You don't brag to the enemy that you've broken their codes," ewhac wrote. "The idea here is to cause the enemy to commit time and resources to a futile exercise. If the crackers had waited until SDMI had been fully deployed in the marketplace, it would have cost the recording industry and anyone else foolish enough to follow their example at least a few billion dollars; enough money to make them seriously reconsider the whole misguided notion of copy protection as too costly to pursue."
That SDMI's encryption was cracked so quickly has, to some, raised the specter that the end of SDMI may be near. But not all see that as a victory. After all, the goal of the challenge, ostensibly, was to point out weaknesses in SDMI so that they could be fixed before the technology comes to market. Rather, some would like to see the industry's focus shifted in another direction.
"Regardless of what format they use (SDMI or whatever), it will be cracked somehow. ...What the RIAA (Recording Industry Association of America) should focus on is selling it cheap enough that people would actually buy it. ...The whole problem with the RIAA is that they say that prices need to be higher because of piracy, but piracy happens mostly because of high prices," wrote one poster on Slashdot.
SDMI, in San Diego, California, can be reached at http://www.sdmi.org/.