News
 

Bookmark and Share

(5) 

LSI Corp. on Monday acknowledged that its latest SandForce SF-2000 solid-state drives controllers fail to encrypt data using 256-bit AES algorithm. As a result, Intel Corp. and Kingston Technology will either recall solid-state drives with controllers incapable of 256-bit data encryption or will change them for new ones.

As part of a detailed validation and quality assurance analysis of the security implementation in the SF-2000 series controllers, it was discovered that the AES-XTS engine was restricted to 128-bit encryption, LSI said in a statement. The necessary hardware and firmware updates are currently in process to enable full 256-bit encryption for those customers who need it.

"LSI believes AES 128-bit encryption meets the data encryption requirements of most customers. Customers that believe they require 256-bit encryption should contact their SSD manufacturer to obtain specific information about their SSD," the official statement by the designer of the SSD controllers reads.

Both Intel and Kingston utilize SandForce SF-2000 controllers inside their 520-series and SSDNow V+200 and KC100 lines of solid-state drives. The two companies are working to bring AES 256-bit encryption to future products, but will replace or exchange SSDs incapable of 256-bit encryption to customers who require the feature.

"Customers not satisfied with the 128-bit encryption in an Intel 520-series SSD purchased before July 1, 2012, they can contact Intel customer support prior to October 1, 2012 to return their product and Intel is offering to provide a full refund of the purchase price," a statement by Intel reads.

Feedback from Kingston's customer base regarding the SSDNow V+200 and KC100 model SSDs does not indicate that the encryption feature is critical or widely used in most deployments. Kingston’s teams will work closely with customers who require 256-bit AES encryption to ensure that they are taken care of, and are able to swap out their current drives for ones with the correct encryption level when it becomes available.

Tags: LSI, SandForce, SSD, Intel, Kingston, NAND, Flash, Cherryville

Discussion

Comments currently: 5
Discussion started: 06/12/12 04:31:06 PM
Latest comment: 11/16/12 11:16:26 AM
Expand all threads | Collapse all threads

[1-1]

1. 
This seems to be a software problem or is it an O/S problem. If it is not hardware related then the onus should revert to the software vendor or the O/S supplier not the hardware manufacturer. It is about time sloppily written closed source software be made to admit their failures. It would be great if their mistakes were to have fiscal repercussions. This might encourage open source software.
0 0 [Posted by: tedstoy  | Date: 06/12/12 04:31:06 PM]
Reply
- collapse thread

 
What are you talking about?

The article clearly says new hardware and software is on the way to fix this problem. If a firmware update would fix this then they wouldnt be offering refunds.

The reason they are only offering the refund on sales up to july 1st is because they will quickly change all the advertising literature to no longer say that it supports 256 bit encryption, that way its not a broken feature.
0 0 [Posted by: cashkennedy  | Date: 06/13/12 07:05:44 PM]
Reply
 
This is about software that runs inside the drive. They advertised some features which have bugs. So it's software from the HW manufacturer which only they can replace and which is bound to the HW and is OS independent.
0 1 [Posted by: mathew7  | Date: 06/14/12 12:26:14 AM]
Reply
 
The drive doesnt have a general purpose cpu, the abilities are mostly hard wired into the silicon to be more efficient / such as the ability to quickly encrypt and the ability to quickly compress data. These 2 tasks are handled much easier by dedicated units in the controller then having them run as software per say on a simple cpu. The article clearly says new HARDWARE and FIRMWARE is on the way to fix the problem.
1 0 [Posted by: cashkennedy  | Date: 06/14/12 04:36:30 PM]
Reply
 
The software that runs inside the drive is called "firmware".
This is a hardware issue. Oh, they need new firmware TOO. But if it was ONLY firmware then they would have simply released a new firmware that fixes the issue (as they have done in the past with other issues) rather then issuing a recall.
0 0 [Posted by: taltamir  | Date: 11/16/12 11:16:26 AM]
Reply

[1-1]

Add your Comment




Related news

Latest News

Thursday, August 21, 2014

10:59 pm | Khronos Group to Follow DirectX 12 with Cross-Platform Low-Level API. Khronos Unveils Next-Generation OpenGL Initiative

10:33 pm | Avexir Readies 3.40GHz DDR4 Memory Modules. DDR4 Could Hit 3.40GHz This Year

12:10 pm | AMD to Lower Prices of A-Series APUs for Back-to-School Season. New Prices of AMD A-Series APUs Revealed

Wednesday, August 20, 2014

10:53 am | AMD to Cut Prices on FX-9000, Other FX Processors: New Prices Revealed. AMD to Make FX Chips More Affordable, Discontinue Low-End Models

10:32 am | LG to Introduce World’s First Curved 21:9 Ultra-Wide Display. LG Brings Curved Displays to Gamers, Professionals

9:59 am | AMD Readies FX-8370, FX-8370E Microprocessors. AMD Preps Two New “Mainstream” FX Chips