Vulnerability Development mailing list archives
Re: Audio fingerprinting (was Re: hacksdmi?)
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sun, 15 Oct 2000 23:10:29 +0200
And somebody put up $30k for this?!
You seem not able to coope how extremly little money everything bellow $1M is to these big companies. Compare $30k with the numbers the avarage lawsuit costs. They not only spent money on it, they did so with numerous people arguing against the entire concept.
.. reading your log a little more carefully, you never actually say whether you submitted your modified WAVs to the oracle for analysis (ie, to get a yes-or-no on whether the watermark reader can actually detect the watermark.) Did you actually test this?
From what *I* gather, he could set all "offending" bits to 0, or random,
and they'd have no chance what so ever of finding it. Without knowing which source originally has been tampered with, a checking program couldn't possibly detect the mark - it simply isn't there any more. What SDMI says about it isn't overly interesting, is it? They can basicly say whatever they want; I'd like to point out that Schneier in old cryptogram archives rather clearly point out reasons why you shouldn't assume contests to be either fair or actually prove anything.
Are you _positive_ that only the low eight bits change? Did you check the entire file? Are you sure that some of the bytes that changed +/- 1 or 2 weren't high-order bytes?
Agree, they could do that as well. However, doing so while not damaging sound quality, survive compression, and not clearly show up in analysis seem very hard to do...
Un-fucking-real! You were able to break all three watermarks by adding five bits of noise? You realize that means that just downsampling the audio to 10 bits/sample (let alone 8) nukes the watermark??
Agree, it would do. With greater analysis of what can be removed without changing the greater sound quality, I'd estimate losses to about 14 bit/sample should be possible (I'm no expert on this though, I still haven't passed my signal&system exam ;) One requirement was that it shouldn't loose more quality than WAV->MP3(64kb/s) conversion. Given the sound quality of most 64kb/s mp3's, I'd say 10bit/sample (44.1kHz) is well in range.
Please tell me that the cream of Verance's DSP people can come up with something that withstands 3 lines of C code or 30 seconds alone in a room with CoolEdit.
No publicly presented, well analyzed, algorithm has survived to date. It is not proof, but evidence (the words has quite different meanings), that it is extremly hard to do or impossible, to make a watermark proof against attackers who knows the algorithms or characteristics of the watermark. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team http://www.eff.org/cafe
Current thread:
- Audio fingerprinting (was Re: hacksdmi?) Geoff Schmidt (Oct 13)
- Re: Audio fingerprinting (was Re: hacksdmi?) Thierry (Oct 14)
- Re: Audio fingerprinting (was Re: hacksdmi?) Geoff Schmidt (Oct 14)
- Re: Audio fingerprinting (was Re: hacksdmi?) Bluefish (P.Magnusson) (Oct 16)
- Re: Audio fingerprinting (was Re: hacksdmi?) Geoff Schmidt (Oct 14)
- Re: Audio fingerprinting (was Re: hacksdmi?) Lincoln Yeoh (Oct 15)
- Re: Audio fingerprinting (was Re: hacksdmi?) Geoff Schmidt (Oct 16)
- Re: Audio fingerprinting (was Re: hacksdmi?) Thierry (Oct 14)