First pangolin hardware and software located in a datacenter (worlds first!)

[masterpj]

The only way you could do this would be if you intentionally cracked the Pangolin encryption. Which is surely possible, given enough time and effort. And while I'm not qualified to comment on how easy (or difficult) that might be, it's clear that doing so would forever put you "on the shit list", so to speak! (Which I know you wouldn't want.)

More importantly though, I'm sure that you have no intention of breaking the encryption, since that would also mean that all your future content could easily be copied too. One of the reasons the LD-2000 system is so widely adopted is because people can create custom shows and secure them to a single serial number. That allows people to sell their shows with the knowledge that they can't easily be copied and passed around, and that created a vast market for custom content. Breaking the encryption would cause that market to shrink dramatically.

Adam

Exactly and I say a hell no to cracking the encryption, by all means I really respect pangolin and this company does mean quite a thing to me, both bussiness wise and friendship wise.
I certainly would agree that the one that thinks cracking the pangolin format for his abuse would quality as a dick so to speak.

We should not doubt encryption as that might as well whipe out all trust in doing bussiness and thats what I don't want.
Imho I made an excellent decision with the server decision, anyway other then this: please keep informed with the latest news by following this topic or off course by looking at the facebook or twitter page of everest laser

[j4cbo]

Bottom line: Without the QM-2000 in place, you have no way to access the secured frames that are tied to that QM-2000's serial number. Pangolin does not issue a stand-alone program that can do this in the absence of the QM-2000 harware, nor is there any other 3rd party software available that will do this. (That's the whole point behind the secure file format.) So you can't run Showtime, for example, on a server unless you also have the QM-2000 present. Period.

and pangolin is doing some code for us (that we need in the progress)

This effort already requires cooperation from Pangolin. A QM in the datacenter is required because Pangolin's serial-number-locking obfuscation code depends on its source being inaccessible to anyone other than Pangolin.

I'm well aware that PJ is "is simply working within the limits" of Pangolin's system. My point is that the "restrictions" involved here are purely artificial - there's nothing approaching good engineering involved.

[masterpj]

This effort already requires cooperation from Pangolin. A QM in the datacenter is required because Pangolin's serial-number-locking obfuscation code depends on its source being inaccessible to anyone other than Pangolin.

I'm well aware that PJ is "is simply working within the limits" of Pangolin's system. My point is that the "restrictions" involved here are purely artificial - there's nothing approaching good engineering involved.

Thats old information
anyway lets just keep this now for updates on how the server coding is going, we are not showing actuall code but some certain milestones that I find worth sharing and worth telling in advance.

[j4cbo]

We should not doubt encryption as that might as well whipe out all trust in doing bussiness and thats what I don't want.

Security through obscurity is not security. I've never actually touched a QM2000 or looked at the actual files involved - all I know is what I read here - but it looks like Pangolin's scheme involves putting a small amount of data obfuscation in an expensive box.

[masterpj]

Security through obscurity is not obscurity. I've never actually touched a QM2000 or looked at the actual files involved - all I know is what I read here - but it looks like Pangolin's scheme involves putting a small amount of data obfuscation in an expensive box.

Anyway it does the thing now and it works like I want to use it.
So since I'm not going to stay too long at that issue or think about it, I'm rather thinking about finishing the actual system and providing real feedback.
I understand ur assumptions and statements but they aren't really adding anything up to the topic, just saying

[heroic]

We should not doubt encryption

All good encryption is "doubted" constantly; to be secure, encryption must be open to examination, tested regularly by qualified cryptographers, and of an implementation that has been characterized by experienced mathematicians and computer scientists.

Pangolin does not employ any of these people.

[buffo]

the "restrictions" involved here are purely artificial - there's nothing approaching good engineering involved.

The restrictions may be "artificial" in the abstract sense only (because they are caused by a business decision imposed by Pangolin rather than a fundamental limit of encryption in general) but they are otherwise very real to the Pangolin end user.

As for the engineering involved, do you honestly expect Pangolin to remove the restrictions (or worse, engineer a new protection scheme that forgoes the LD-2000 harware altogether) just so Peiter can complete his project in a more elegant manner?

While that might be an admirable thing for Pangolin to do, the potential damage to their encryption scheme (and the custom content market that it has enabled) is simply not worth the risk. I certainly wouldn't choose that option.

It sounds like you're just upset about the way Pangolin has chosen to secure their frames. And if that's the way you feel, that's fine. It's certainly open for debate, though such a discussion really deserves it's own thread.

But don't let your opinion about Pangolin's encryption scheme take away from Peiter's work to make this project happen.

Adam

[j4cbo]

I think "upset" is the wrong word. I'd say that I'm saddened that PJ has had to devote considerable time and energy to working around a piece of phenomenally bad design, yes.

[buffo]

Pangolin does not employ any of these people.

Really? And just what do you base that statement on? Do you have first-hand knowledge of who Pangolin has contracted with over the last 12 years as the LD-2000 system was developed and improved?

I'll say this: if the Pangolin encryption scheme really amounts to nothing more than security through obscurity, then why is it still secure after over 12 years of use?

Adam

[heroic]

As for the engineering involved, do you honestly expect Pangolin to remove the restrictions (or worse, engineer a new protection scheme that forgoes the LD-2000 harware altogether) just so Peiter can complete his project in a more elegant manner?

Homebrewed encryption is a great way to get ripped off, massively and without warning. The history of cryptanalysis is littered with the corpses of businesses that thought they were smart enough to do it well, and discovered that they weren't.