Bookmark and Share


LSI Corp. on Monday acknowledged that its latest SandForce SF-2000 solid-state drives controllers fail to encrypt data using 256-bit AES algorithm. As a result, Intel Corp. and Kingston Technology will either recall solid-state drives with controllers incapable of 256-bit data encryption or will change them for new ones.

As part of a detailed validation and quality assurance analysis of the security implementation in the SF-2000 series controllers, it was discovered that the AES-XTS engine was restricted to 128-bit encryption, LSI said in a statement. The necessary hardware and firmware updates are currently in process to enable full 256-bit encryption for those customers who need it.

"LSI believes AES 128-bit encryption meets the data encryption requirements of most customers. Customers that believe they require 256-bit encryption should contact their SSD manufacturer to obtain specific information about their SSD," the official statement by the designer of the SSD controllers reads.

Both Intel and Kingston utilize SandForce SF-2000 controllers inside their 520-series and SSDNow V+200 and KC100 lines of solid-state drives. The two companies are working to bring AES 256-bit encryption to future products, but will replace or exchange SSDs incapable of 256-bit encryption to customers who require the feature.

"Customers not satisfied with the 128-bit encryption in an Intel 520-series SSD purchased before July 1, 2012, they can contact Intel customer support prior to October 1, 2012 to return their product and Intel is offering to provide a full refund of the purchase price," a statement by Intel reads.

Feedback from Kingston's customer base regarding the SSDNow V+200 and KC100 model SSDs does not indicate that the encryption feature is critical or widely used in most deployments. Kingston’s teams will work closely with customers who require 256-bit AES encryption to ensure that they are taken care of, and are able to swap out their current drives for ones with the correct encryption level when it becomes available.

Tags: LSI, SandForce, SSD, Intel, Kingston, NAND, Flash, Cherryville


Comments currently: 5
Discussion started: 06/12/12 04:31:06 PM
Latest comment: 11/16/12 11:16:26 AM
Expand all threads | Collapse all threads


This seems to be a software problem or is it an O/S problem. If it is not hardware related then the onus should revert to the software vendor or the O/S supplier not the hardware manufacturer. It is about time sloppily written closed source software be made to admit their failures. It would be great if their mistakes were to have fiscal repercussions. This might encourage open source software.
0 0 [Posted by: tedstoy  | Date: 06/12/12 04:31:06 PM]
- collapse thread

What are you talking about?

The article clearly says new hardware and software is on the way to fix this problem. If a firmware update would fix this then they wouldnt be offering refunds.

The reason they are only offering the refund on sales up to july 1st is because they will quickly change all the advertising literature to no longer say that it supports 256 bit encryption, that way its not a broken feature.
0 0 [Posted by: cashkennedy  | Date: 06/13/12 07:05:44 PM]
This is about software that runs inside the drive. They advertised some features which have bugs. So it's software from the HW manufacturer which only they can replace and which is bound to the HW and is OS independent.
0 1 [Posted by: mathew7  | Date: 06/14/12 12:26:14 AM]
The drive doesnt have a general purpose cpu, the abilities are mostly hard wired into the silicon to be more efficient / such as the ability to quickly encrypt and the ability to quickly compress data. These 2 tasks are handled much easier by dedicated units in the controller then having them run as software per say on a simple cpu. The article clearly says new HARDWARE and FIRMWARE is on the way to fix the problem.
1 0 [Posted by: cashkennedy  | Date: 06/14/12 04:36:30 PM]
The software that runs inside the drive is called "firmware".
This is a hardware issue. Oh, they need new firmware TOO. But if it was ONLY firmware then they would have simply released a new firmware that fixes the issue (as they have done in the past with other issues) rather then issuing a recall.
0 0 [Posted by: taltamir  | Date: 11/16/12 11:16:26 AM]


Add your Comment

Related news

Latest News

Tuesday, July 22, 2014

10:40 pm | ARM Preps Second-Generation “Artemis” and “Maya” 64-Bit ARMv8-A Offerings. ARM Readies 64-Bit Cores for Non-Traditional Applications

7:38 pm | AMD Vows to Introduce 20nm Products Next Year. AMD’s 20nm APUs, GPUs and Embedded Chips to Arrive in 2015

4:08 am | Microsoft to Unify All Windows Operating Systems for Client PCs. One Windows OS will Power PCs, Tablets and Smartphones

Monday, July 21, 2014

10:32 pm | PQI Debuts Flash Drive with Lightning and USB Connectors. PQI Offers Easy Way to Boost iPhone or iPad Storage

10:08 pm | Japan Display Begins to Mass Produce IPS-NEO Displays. JDI Begins to Mass Produce Rival for AMOLED Panels

12:56 pm | Microsoft to Fire 18,000 Employees to Boost Efficiency. Microsoft to Perform Massive Job Cut Ever Following Acquisition of Nokia