Bookmark and Share


LSI Corp. on Monday acknowledged that its latest SandForce SF-2000 solid-state drives controllers fail to encrypt data using 256-bit AES algorithm. As a result, Intel Corp. and Kingston Technology will either recall solid-state drives with controllers incapable of 256-bit data encryption or will change them for new ones.

As part of a detailed validation and quality assurance analysis of the security implementation in the SF-2000 series controllers, it was discovered that the AES-XTS engine was restricted to 128-bit encryption, LSI said in a statement. The necessary hardware and firmware updates are currently in process to enable full 256-bit encryption for those customers who need it.

"LSI believes AES 128-bit encryption meets the data encryption requirements of most customers. Customers that believe they require 256-bit encryption should contact their SSD manufacturer to obtain specific information about their SSD," the official statement by the designer of the SSD controllers reads.

Both Intel and Kingston utilize SandForce SF-2000 controllers inside their 520-series and SSDNow V+200 and KC100 lines of solid-state drives. The two companies are working to bring AES 256-bit encryption to future products, but will replace or exchange SSDs incapable of 256-bit encryption to customers who require the feature.

"Customers not satisfied with the 128-bit encryption in an Intel 520-series SSD purchased before July 1, 2012, they can contact Intel customer support prior to October 1, 2012 to return their product and Intel is offering to provide a full refund of the purchase price," a statement by Intel reads.

Feedback from Kingston's customer base regarding the SSDNow V+200 and KC100 model SSDs does not indicate that the encryption feature is critical or widely used in most deployments. Kingston’s teams will work closely with customers who require 256-bit AES encryption to ensure that they are taken care of, and are able to swap out their current drives for ones with the correct encryption level when it becomes available.

Tags: LSI, SandForce, SSD, Intel, Kingston, NAND, Flash, Cherryville


Comments currently: 5
Discussion started: 06/12/12 04:31:06 PM
Latest comment: 11/16/12 11:16:26 AM
Expand all threads | Collapse all threads


This seems to be a software problem or is it an O/S problem. If it is not hardware related then the onus should revert to the software vendor or the O/S supplier not the hardware manufacturer. It is about time sloppily written closed source software be made to admit their failures. It would be great if their mistakes were to have fiscal repercussions. This might encourage open source software.
0 0 [Posted by: tedstoy  | Date: 06/12/12 04:31:06 PM]
- collapse thread

What are you talking about?

The article clearly says new hardware and software is on the way to fix this problem. If a firmware update would fix this then they wouldnt be offering refunds.

The reason they are only offering the refund on sales up to july 1st is because they will quickly change all the advertising literature to no longer say that it supports 256 bit encryption, that way its not a broken feature.
0 0 [Posted by: cashkennedy  | Date: 06/13/12 07:05:44 PM]
This is about software that runs inside the drive. They advertised some features which have bugs. So it's software from the HW manufacturer which only they can replace and which is bound to the HW and is OS independent.
0 1 [Posted by: mathew7  | Date: 06/14/12 12:26:14 AM]
The drive doesnt have a general purpose cpu, the abilities are mostly hard wired into the silicon to be more efficient / such as the ability to quickly encrypt and the ability to quickly compress data. These 2 tasks are handled much easier by dedicated units in the controller then having them run as software per say on a simple cpu. The article clearly says new HARDWARE and FIRMWARE is on the way to fix the problem.
1 0 [Posted by: cashkennedy  | Date: 06/14/12 04:36:30 PM]
The software that runs inside the drive is called "firmware".
This is a hardware issue. Oh, they need new firmware TOO. But if it was ONLY firmware then they would have simply released a new firmware that fixes the issue (as they have done in the past with other issues) rather then issuing a recall.
0 0 [Posted by: taltamir  | Date: 11/16/12 11:16:26 AM]


Add your Comment

Related news

Latest News

Monday, April 14, 2014

8:23 am | Microsoft Vows to Release Xbox 360 Emulator for Xbox One. Microsoft Xbox One May Gain Compatibility with Xbox 360 Games

Tuesday, April 1, 2014

10:39 am | Microsoft Reveals Kinect for Windows v2 Hardware. Launch of New Kinect for Windows Approaches

Tuesday, March 25, 2014

1:57 pm | Facebook to Acquire Virtual Reality Pioneer, Oculus VR. Facebook Considers Virtual Reality as Next-Gen Social Platform

1:35 pm | Intel Acquires Maker of Wearable Computing Devices. Basis Science Becomes Fully-Owned Subsidiary of Intel

Monday, March 24, 2014

10:53 pm | Global UHD TV Shipments Total 1.6 Million Units in 2013 – Analysts. China Ahead of the Whole World with 4K TV Adoption

10:40 pm | Crytek to Adopt AMD Mantle Mantle API for CryEngine. Leading Game Developer Adopts AMD Mantle

9:08 pm | Microsoft Unleashes DirectX 12: One API for PCs, Mobile Gadgets and Xbox One. Microsoft Promises Increased Performance, New Features with DirectX 12

3:33 pm | PowerVR Wizard: Imagination Reveals World’s First Ray-Tracing GPU IP for Mobile Devices. Imagination Technologies Brings Ray-Tracing, Hybrid Rendering Modes to Smartphones and Tablets

2:00 pm | Nokia Now Expects to Close Deal with Microsoft in Q2. Sale of Nokia’s Division to Close Next Month