Re: Audio fingerprinting (was Re: hacksdmi?)

["Bluefish (P.Magnusson)" <11a () GMX NET>]

> And somebody put up $30k for this?!

You seem not able to coope how extremly little money everything bellow $1M
is to these big companies. Compare $30k with the numbers the avarage
lawsuit costs.

They not only spent money on it, they did so with numerous people arguing
against the entire concept.

> .. reading your log a little more carefully, you never actually say
> whether you submitted your modified WAVs to the oracle for analysis
> (ie, to get a yes-or-no on whether the watermark reader can actually
> detect the watermark.) Did you actually test this?

> From what *I* gather, he could set all "offending" bits to 0, or random,
and they'd have no chance what so ever of finding it. Without knowing
which source originally has been tampered with, a checking program
couldn't possibly detect the mark - it simply isn't there any more.

What SDMI says about it isn't overly interesting, is it? They can basicly
say whatever they want; I'd like to point out that Schneier in old
cryptogram archives rather clearly point out reasons why you shouldn't
assume contests to be either fair or actually prove anything.

> Are you _positive_ that only the low eight bits change? Did you check
> the entire file? Are you sure that some of the bytes that changed +/-
> 1 or 2 weren't high-order bytes?

Agree, they could do that as well. However, doing so while not damaging
sound quality, survive compression, and not clearly show up in analysis
seem very hard to do...

> Un-fucking-real! You were able to break all three watermarks by adding
> five bits of noise? You realize that means that just downsampling the
> audio to 10 bits/sample (let alone 8) nukes the watermark??

Agree, it would do. With greater analysis of what can be removed without
changing the greater sound quality, I'd estimate losses to about 14
bit/sample should be possible (I'm no expert on this though, I still
haven't passed my signal&system exam ;)

One requirement was that it shouldn't loose more quality than
WAV->MP3(64kb/s) conversion. Given the sound quality of most 64kb/s mp3's,
I'd say 10bit/sample (44.1kHz) is well in range.

> Please tell me that the cream of Verance's DSP people can come up with
> something that withstands 3 lines of C code or 30 seconds alone in a
> room with CoolEdit.

No publicly presented, well analyzed, algorithm has survived to date. It
is not proof, but evidence (the words has quite different meanings), that
it is extremly hard to do or impossible, to make a watermark proof against
attackers who knows the algorithms or characteristics of the watermark.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

             http://www.eff.org/cafe