More Info on Pentium III, /dev/random, etc.

nuxx writes "Looks like Mr. Tom Pabst from Tom's Hardware Guide has some more info concerning the Pentium III including a tidbit about how the random number generator will work. " Interesting stuff about the ID tagging and stuff too.

Reboot?

[Mike Hicks]

So if you turn off this feature, then decide (for some strange reason) that you want to use it again, you have to reboot? What's up with that?

A Windows lowlevel driver...

[cduffy]

...or something of the sort. (Needless to say, I haven't done any win32 programming in quite a while, and even then I didn't do much/any lowlevel stuff).

The change really has nothing to do with privacy

[Kenneth L. Hamer]

Unique processor IDs give us two things:

1) Intel can write software which will be able to tell for sure what MHz a chip is supposed to be running at. This will allow them to easily detect chips relabelled by vendors. This is IMHO a good thing, because while a hobbyist might want to overclock his or her chip, he or she doesn't want to pay a 400 MHz price for a chip rated at 350 MHz.

2) Software licenses can be locked to specific machines. This is commonplace on systems like Suns where each machine has a unique hardware-accessible ID (in the NVRAM in Sun's case). In the future, expect Microsoft's license manager to work a lot more like flexlm.

- Ken

Thank god I own a Mac.

[SoupIsGood Food]

Even if it means I have to live for the rest of my life in a shack deep in the wilderness with nothing but a set of rusty weasel traps and my Powerbook, it will be a -very- cold day in hell before I allow myself to be tagged, branded, and monitored via my deck.

If IBM and Motorola jump on this bandwagon, I'm moving to Alpha. If Alpha Inc. goes over to the darkside, I'll go Sun. If all the chip manufacturers decide to make themselves complicit in foisting this orwellian nightmare on the world, I'll stockpile old PowerMac clones and toss on another node to the Beowolf cluster when it looks like I'm lagging behind the performance curve.

Never. Ever. Will I submit to being branded like cattle because I use a computer.

If you hate Apple, buy AMD peecees. Buy Alphas. Buy Netwinders. Screw Intel.


SoupIsGood Food

SMP???

[X]

Has anyone thought about how this would work for those who own SMP boxes? Supposedly SMP is the way of the future, so you'd think they'd have thought about this.

Fitting

[alany]

SPARCs have 'The NSA Instruction'.

Now Intels will have 'The MS Instruction'.

The only possible use of this stupid hardware ID is tracking or software copy 'protection'.

The random number source is nice, but I sure hope it is _random_. Wouldn't suprise me if it is actually pseudo-random and based on the ID.

Danger of monopolistic use?

[Noel]

If people start believing that the Intel CPU ID is the only way to get true security on the Internet, it won't be long until sites say, "I'm sorry, but unless you provide you Intel CPU ID, we cannot provide you with secure access. Please buy a new Intel CPU now." Well, not those exact words, of course...

There's already a lot of sites that are so hardware-intensive that you can't use them without having a relatively powerful system, but at least they don't require that you purchase that system from a certain company.

Whether or not this CPU ID actually makes anything more secure is quite debatable. But reality often doesn't matter if marketing is powerful enough.

I hope this is just paranoid delusional rambling...

Hmm... now we can all try out the PEAR experiments

[sengan-home]

Like to have Telepathically controlled Linux box?
http://slashdot.org/articles/98/11/04/2341226.sh tml

What I'd like to know is...

[JazzyJ]

What happens when you upgrade your system and buy a new cpu? Do you have to go to all these e-commerce sites and update your key?...and will you be able to? Same goes for if software manuf. use it as a key....wtf??!

Cammon...

[Lalo Martins]

The OS can probably find a way to not send the ID number right? Actually I can't see a way to keep the OS from doing that. The processor doesn't know which piece of data is a network packet. So, since we have the sources to our OS, what is that we're so worried about?

CPU ID cannot possibly be useful

[David Jao]

I am with the majority of posters here. I cannot see any way Intel's CPU ID can possibly be useful to anyone.

Intel has given two arguments in favor of CPU ID. The first is that software licenses can be tied to CPUs. The second is that e-commerce sites can use it to identify customers. Both arguments are bogus.

Tying software licenses to CPU ID would prevent software vendors from selling to owners of AMD chips, Cyrix chips, or the existing installed Intel Pentium I/II base. No software vendor would ever go for that.

If e-commerce sites required CPU ID for transactions, they would in effect be limiting their customer base to Intel Pentium III based PCs running Microsoft Windows. Well, guess what? Not all internet clients are PCs. Of the PCs, not all of them are Intel. Of the Intel ones, not all of them are Pentium IIIs. And not all the Intel Pentium IIIs run Windows.

So are e-commerce sites going to require CPU ID? Not unless they want to royally piss off Mac users, Linux users, and anyone who already owns a 486, Pentium, or Pentium II today.

Id

[Tsk]

This reminds me the early days of Be Inc, the BeOS and the bebox (when the only supported Hardware was the bebox : les beaux jours chez Be, nostalgie, nostalgie quand tu nous tiens).
They said they would endebed an ID on each machine so that dev could sell licenses depending on those IDs - great, but then they started supporting the mac and the idea was thrown in the garbage.

NOw ok if intel goes for it but then you'll just have to switch to other chip maker like AMD - software dev could'nt rely on that kind of argument because ALL chips would not support such feature.

If you don't want such feature in a proc then mail intel saying you'll go see elsewhere if the don't stop now .....


ludo

True Authentication

[Digital Commando]

True Authentication would require that Intel implement an authentication protocol in hardware, such as a zero-knowledge proof mechanism. If they can write unique serial numbers into the chips, then they could compute moduli and key pairs and store them in the chip. They could provide instructions to read the modulus, read the public key info (but never the private!), and calculate a response to a challenge number. This would effectively eliminate remote replay attacks. By making the instructions privileged, the kernel could attempt to limit access to them from malicious userland code, like buffer overflow exploits and ActiveX controls.

A positive look at this

[Mawbid]

Slashdotters always point out the bad stuff, especially if big brother is anywhere in sight. I've read and agreed with most of the concerns posted here, but would like to point out some good thing that can come of this:

If I write software for a certain target group, it is now a hell of a lot easier for me to make it a hell of a lot harder for people to use the software without paying for it.

(This target group is naturally confined to owners of P3's or later, and quite possibly excludes open-source os users.)

Sure, it's not enough to do something dumb like
if (cpuid()!=get_cpuid_embedded_in_executable()) {
exit_and_report_pirate_to_global_police();
};
but with the cpuid, you have something to build on. Problems such as those with cpu upgrades and mass installation aren't necessarily insurmountable.

The cpuid also makes it potentially very easy to see if the chip you're about to buy is legit (not remarked or stolen).
--

Unique ID: is it a joke or A FRAUD?

[Nicolas MONNET]

I think they're basically lying. This thing (the unique ID) is USELESS and NOT ANY MORE SECURE THAN HAVING A RANDOM NUMBER-FILLED FILE ON YOUR HARD DISK.
Whoever (hacker?) has access to your hard disk can as well have access to your processor, and it would be trivial to alter whatever "e-commerce" program to return a fake (someone else's?) ID instead of the hardware one!
I'm not a "conspiracy theory" fan, and by a huge margin, but who are they trying to kid???

History...

[kevin lyda]

This story is amazing. Don't people have any memories? CPUID's have
existed a looooong time. Sun SPARC's have them for s/w licensing purposes
(as far as I've seen them used at least). A quick search on dejanews or
some similar usenet archiving system will turn up questions on getting
an id on a computer, again for licensing systems. In my mind that's
what Intel's CPUID is most useful for. Using it as some unique customer
ID is just goofy, and denies the realities of upgrades, people sharing
computers, and a rapidly changing industry.

In your article someone mentioned using ethernet card (NIC) MAC's to seed
random number generators and to provide a unique ID. Awful. First,
computers can have zero to many NIC's, so which MAC (if available) do
you pick? MAC's only need to be unique on a LAN and most cards let you
set them. MAC's *are* published on a LAN - it's their whole point - so
they certainly aren't private. In general software developers looking
to MAC's for a unique ID for licensing have been told it won't work for
those and other reasons.

If there's one thing USENET and the 'net in general are good info resorces
for, it's technical info. I wish to god journalists would ***DO SOME
RESEARCH FIRST***!!!!

Would you read my comment?

[AShuvalov]

... At the "Samovar awrds" page:
http://www.ecsl.cs.sunysb.edu/~andrew/awards/199 9/January.html

Take fun!

Intel being cool? Cool.

[cmaxx]

I've long held that a quantum-noise RNG should be on-chip. It should be possible to read a *real* RN from a register every clock.

I'd also love there to be a UTC register so gettimeofday() would be trivial and no longer the performance monster in Motif etc. that it currently is.

The unique ID has no detractors, the press is being groundlessly alarmist. If it's used by OS's and software we write, we trust and we want to use it's fine, even potentially useful. If not, then it won't be used at all.

I'd love to know if it'll push the price of the chips up a few pence though - after all uniqueness is anathema to mass production.

I'd also like to know if there's any hardware included in the RNG to test for the characteristics of randomness - just in case Intel make mistakes, or there are manufacturing flaws, we need to know we can depend on the RNG, or it too will become a costly waste of space and time.

Altogether though, this stuff makes me happy that Intel have done something genuinely useful and relatively innovative.

Emulator

[Slef]

If Virtual PC (mac) ever releases an update with Pentium III emulation, it wouldn't be difficult to be able to set the Processor ID to whatever you like... If the ID is used by any soft for authentification, you can just fake being anyone with just a click, if you know their ID!

Anybody have info on ID scheme?

[sgifford]

I don't see at all how a CPU ID can provide any
type of Internet security. Does anybody know
of how they plan to implement this, or where I
can find a white paper or other document on it?

prices for software won't fall anyway

[TrentC]

They claim they do it to stop pirates. They also say the prices of software are high because of them.

Ah, but don't forget, Microsoft insists that piracy actually keeps the prices lower for their products...

(Which, to me, actually makes more sense. I know that I'm less likely to buy a program if they raise the price with no evident benefit...)

Jay (=

A true random number generator

[BonzoDog]

Cool. I wonder if it's possible to access it other than through the encrypt ID BS. Alan Turing's idea about RNG hardware device for computers becomes reality.

About the ID thing: I don't know. I really don't trust Intel on this. Of course, that's a natural reaction when someone says "Trust me..."

Re:

[account_deleted]

Comment removed based on user account deletion

Some Thoughts

[IntlHarvester]

1) I wonder if this is really a concrete plan or if it is just being 'floated' to gauge user and IT reaction. Washington politicians do this sort of thing all the time.

2) Having a machine-based CPU ID seems to run counter to the MS-backed Smart Card initiative, which associates the unique ID to the user, not the computer. MS's "Intellimirror" app distribution system is based on user credentials rather than computers, for example.

3) Anyone who thinks they can re-introduce copy protection in general market software has really been smoking lots of crack. Copy protection only kinda-sorta worked in the early 80s, when the computer market was much much smaller. (Or for very low volume apps, like those on Sun.) Imagine if even 1% of Windows XX users had some sort of copy protection problem due to to a CPU UID problem. That would be enough support calls to drive MS out of business.

This is a copy protection scheme

[Howard Roark]

The only real advantage (which Intel fails to mention) is to enable software license managers to work and to prevent software from running on systems that do not match the license key. This has been the holy grail of the commercial software industry for years.

Even worse, many commercial software products will require its use and you will be forced to run with it enabled all the time. So much for privacy.

My Computer. My Way. Linux.
--
Howard Roark, Architect

INTEL... who really cares

[Aggrazel]

This is just another ploy by Intel to get people to stop using their processors altogether and switch to AMD. What more reasons do we need?

K7 = Faster + Better - CPUIDS
K6 = Almost as Fast + lots cheaper - CPUIDS

INTEL = Intel Knows Totally, Everyones Lives

Go AMD [amd.com]!

MEEPT!!

[The GloriousMeept!!]

Welcome to meept's second comment on the page, however, you only get to see this one, because for the protection of your privacy the moderators, who haven't had sex for over a month now, have erected an edit which means that you can't see the other one.

MEEPT!!

Open Source is immune

[jurgen]

Just another reason to use only Open Source software... Open Source Software is completely immune to any abuse of the processor id. With Open Source software you are free to choose what you're going to send down the wire.

The change really has nothing to do with privacy

[Gary Gnu]

Gee whiz! Now everytime you have to upgrade your processor you'd have to reinstall/reconfigure software. CPU IDs don't work with Operating System software either so expect to see Windoze [whatever] and other commercial operating systems to be pirated by warez kiddies.

Most companies use some kind of disk imaging software to copy hard drives to do corporate-wide deployment of workstations. Now they will have to register each piece of software on every machine. Although this could be avoided by implementing the network computing concept it is still going to be a problem for alot of companies who don't have enough networking power to provide such capabilities

Doesnt ANYONE fear big brother?

[strider5]

Yanno, to me this sounds a alot like the whole
"we want a copy of everyone's private encryption
key so we (government) can protect you (suckers)
from wrongdoing...and we *promise* not to use
your key without a court order (or unless we're
really bored)..."
I'm sick to death of companies claiming to be
protecting users' information (while selling
the info to spammers) and denying the last breakin
to their mainframe where the crackers made off
with all our "safe" information.
Long live encryption...screw CPUIDs

Sure, we'll protect your privacy...

[Evan927]

It's quite simple, really. Live by my motto:

Don't trust anybody.

modification --> illegal

[DJK]

Simple way to stop the OS from modifying the hardware's value: convince the stupid legislators/voters that changing the hardware ID of the CPU is illegal (immoral, wrong, bad for the ozone, etc...).
Once that's outlawed, sw & hw companies (and the govt.) can have their way with you.

This could be a good thing...

[omnix]

I have been watching this, and I believe the uses Intel have devised for this sucks. That number should not be available over the net. Between the spammers, and malicious crackers it could be abused real quickly. Any form of personal identification will get misused and abused unless it is kept secret and never used as a public identifier (e.g.-social security numbers for those of us in the US).

On the other hand, if I wanted a system to be secure, especially the data on it, I could use that number as part of an encryption scheme. That way, even if I pulled the harddrive out, and moved it over to another system, when I tried to access it, I wouldn't be able to. Sure there will be ways to hack it, but that's just one more obstacle. I could even see a firmware driver that adds additional support.

Maybe someone should add this into Linux as part of an encrypted-journal file system.