Bookmark and Share


LSI Corp. on Monday acknowledged that its latest SandForce SF-2000 solid-state drives controllers fail to encrypt data using 256-bit AES algorithm. As a result, Intel Corp. and Kingston Technology will either recall solid-state drives with controllers incapable of 256-bit data encryption or will change them for new ones.

As part of a detailed validation and quality assurance analysis of the security implementation in the SF-2000 series controllers, it was discovered that the AES-XTS engine was restricted to 128-bit encryption, LSI said in a statement. The necessary hardware and firmware updates are currently in process to enable full 256-bit encryption for those customers who need it.

"LSI believes AES 128-bit encryption meets the data encryption requirements of most customers. Customers that believe they require 256-bit encryption should contact their SSD manufacturer to obtain specific information about their SSD," the official statement by the designer of the SSD controllers reads.

Both Intel and Kingston utilize SandForce SF-2000 controllers inside their 520-series and SSDNow V+200 and KC100 lines of solid-state drives. The two companies are working to bring AES 256-bit encryption to future products, but will replace or exchange SSDs incapable of 256-bit encryption to customers who require the feature.

"Customers not satisfied with the 128-bit encryption in an Intel 520-series SSD purchased before July 1, 2012, they can contact Intel customer support prior to October 1, 2012 to return their product and Intel is offering to provide a full refund of the purchase price," a statement by Intel reads.

Feedback from Kingston's customer base regarding the SSDNow V+200 and KC100 model SSDs does not indicate that the encryption feature is critical or widely used in most deployments. Kingston’s teams will work closely with customers who require 256-bit AES encryption to ensure that they are taken care of, and are able to swap out their current drives for ones with the correct encryption level when it becomes available.

Tags: LSI, SandForce, SSD, Intel, Kingston, NAND, Flash, Cherryville


Comments currently: 5
Discussion started: 06/12/12 04:31:06 PM
Latest comment: 11/16/12 11:16:26 AM
Expand all threads | Collapse all threads


This seems to be a software problem or is it an O/S problem. If it is not hardware related then the onus should revert to the software vendor or the O/S supplier not the hardware manufacturer. It is about time sloppily written closed source software be made to admit their failures. It would be great if their mistakes were to have fiscal repercussions. This might encourage open source software.
0 0 [Posted by: tedstoy  | Date: 06/12/12 04:31:06 PM]
- collapse thread

What are you talking about?

The article clearly says new hardware and software is on the way to fix this problem. If a firmware update would fix this then they wouldnt be offering refunds.

The reason they are only offering the refund on sales up to july 1st is because they will quickly change all the advertising literature to no longer say that it supports 256 bit encryption, that way its not a broken feature.
0 0 [Posted by: cashkennedy  | Date: 06/13/12 07:05:44 PM]
This is about software that runs inside the drive. They advertised some features which have bugs. So it's software from the HW manufacturer which only they can replace and which is bound to the HW and is OS independent.
0 1 [Posted by: mathew7  | Date: 06/14/12 12:26:14 AM]
The drive doesnt have a general purpose cpu, the abilities are mostly hard wired into the silicon to be more efficient / such as the ability to quickly encrypt and the ability to quickly compress data. These 2 tasks are handled much easier by dedicated units in the controller then having them run as software per say on a simple cpu. The article clearly says new HARDWARE and FIRMWARE is on the way to fix the problem.
1 0 [Posted by: cashkennedy  | Date: 06/14/12 04:36:30 PM]
The software that runs inside the drive is called "firmware".
This is a hardware issue. Oh, they need new firmware TOO. But if it was ONLY firmware then they would have simply released a new firmware that fixes the issue (as they have done in the past with other issues) rather then issuing a recall.
0 0 [Posted by: taltamir  | Date: 11/16/12 11:16:26 AM]


Add your Comment

Related news

Latest News

Wednesday, November 5, 2014

10:48 pm | LG’s Unique Ultra-Wide Curved 34” Display Finally Hits the Market. LG 34UC97 Available in the U.S. and the U.K.

Wednesday, October 8, 2014

12:52 pm | Lisa Su Appointed as New CEO of Advanced Micro Devices. Rory Read Steps Down, Lisa Su Becomes New CEO of AMD

Thursday, August 28, 2014

4:22 am | AMD Has No Plans to Reconsider Recommended Prices of Radeon R9 Graphics Cards. AMD Will Not Lower Recommended Prices of Radeon R9 Graphics Solutions

Wednesday, August 27, 2014

1:09 pm | Samsung Begins to Produce 2.13GHz 64GB DDR4 Memory Modules. Samsung Uses TSV DRAMs for 64GB DDR4 RDIMMs

Tuesday, August 26, 2014

10:41 am | AMD Quietly Reveals Third Iteration of GCN Architecture with Tonga GPU. AMD Unleashes Radeon R9 285 Graphics Cards, Tonga GPU, GCN 1.2 Architecture