Encryption
Streamed content is encrypted by the Flash Media Server "on the fly", so that there is no need to encrypt the source file (a significant difference from Microsoft's DRM). For transmission ("streaming"), a special protocol is required: either RTMPE or RTMPS.
RTMPS uses SSL-encryption. In contrast, RTMPE is designed to be simpler than RTMPS, by removing the need to acquire a SSL Certificate. RTMPE makes use of well-known industry standard cryptographic primitives, consisting of Diffie-Hellman key exchange and HMACSHA256, generating a pair of RC4 keys, one of which is then used to encrypt the media data sent by the server (the audio or video stream), whilst the other key is used to encrypt any data sent to the server. RTMPE caused less CPU-load than RTMPS on the Flash Media Server.
Adobe fixed the security issue in January 2009, but did not fix the security holes in the design of the RTMPE algorithm itself. Analysis of the algorithm shows that it relies on security through obscurity. Amongst other things, this renders RTMPE vulnerable to Man in the Middle attacks.
Tools which have a copy of the well-known constants extracted from the Adobe Flash player are able to capture RTMPE streams, a form of the trusted client problem. Adobe issued DMCA takedowns on RTMPE recording tools, including rtmpdump, to try to limit their distribution. However in the case of rtmpdump, this led to a Streisand effect.
Read more about this topic: Protected Streaming