128 bit encryption is not undefeatable, but it is complex enough that nobody is going to reasonably bother for a very long time. It IS the basis of nearly all the e-commerce on the net now, but the idea is to make it so annoying to bust through it few people will bother and so far that's held true.

Although the concept you just stated is fundamentally correct and applies to copy protection as well as e-commerce ("encryption can be cracked, the question is how much trouble will the hackers go to"), there is a big difference between e-commerce encryption and CD copy protection/unlocking.

E-commerce encryption is only designed to prevent eavesdropping on the in-transit data stream, and it depends upon each transaction being unique and having hidden keys generated at both ends. It's useless if you have access to the machine at one end or the other.

CD copy protection/unlocking, on the other hand, has all the necessary data, code, and keys on the client machine all at once (at least at some point during the transaction), and has a fixed (non-unique) encryption for every session. This makes all sorts of hacks possible, from reverse-engineering to brute-force decryption.

___________
Tony Fabris