Feeds

Hacker research team disputes ‘hack SDMI’ results

Not going quietly back into box

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

The SDMI (Secure Digital Music Initiative) group has announced, despite earlier claims to the contrary, that practically all of the 447 entries to the 'Hack SDMI' challenge bounced off. This would mean all in the garden was lovely, if it weren't for the pesky Princeton University researchers led by Edward Felten, who stoutly maintains that SDMI is toast, and says the Princeton team will be publishing its results by the end of the week.

The Princeton team entered the first stage of the challenge, but declined to move onto phase two. The aim of the challenge had been to test candidate watermarking and non-watermarking protection technologies to be used in the distribution of digital music, so a complete whitewash - as claimed by Salon, a couple of Register sources and the Princeton team, would have been highly embarrassing, and would have visibly set back the music industry's protection plans some considerable distance.

Stage two of the challenge, as Princeton points out, was secretive. Anybody who submitted a likely looking crack at stage one could move on to two (and had to do so in order to stand a chance of winning the money), but by doing so would be NDAed into total obscurity, unable to say a thing about the hack or the processes. By not playing, Princeton left itself free to publish results and blow whistles as necessary.

The final SDMI hack testing seems to have placed considerable emphasis on "golden ears" - real humans judging whether or not the hack degraded audio quality. This is obviously very much a subjective judgement, and potentially allows the goalposts to be moved around to wherever best suits SDMI. Not that we're suggesting anything of the kind, of course.

SDMI's line is that two of its five technologies were successfully attacked, but that only one attack was repeatable. Princeton says its attacks weren't counted because it didn't enter phase two.

The Princeton team also seems to feel it's been on the receiving end of some kind of smear campaign though. It insists that "contrary to the statements of the SDMI, their oracles [the automated systems that checked stage one] did check the audio quality of the submitted music," and accuses the RIAA of falsely claiming it admitted some of its entries had poor audio quality. "We obtained a number successful results on all watermark technologies, using various techniques," says the team.

SDMI will no doubt be awaiting the team's technical report with some interest. ®

Related Stories

Uni team claims SDMI cracked, and 'inherently vulnerable'
How the hack SDMI challenge was run

Related Links

Princeton team's preliminary report

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
What a Mesa: Apple vows to re-use titsup GT sapphire glass plant
Commits to American manufacturing ... of secret tech
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?