Tuesday, June 12th 2012

SandForce 256-bit AES Encryption Limited to 128-bit, Fix En Route

Post acquisition, an audit by LSI reportedly discovered that the 256-bit AES native data encryption by SandForce SSD processors never was, and that the feature really just encrypted data with 128-bit AES. The problem has been resolved and a fix is in the works. LSI will share the fix with all SSD manufacturers with SandForce-based products, who could then release firmware updates to end-users.

Source: TheSSDReview
Add your own comment

7 Comments on SandForce 256-bit AES Encryption Limited to 128-bit, Fix En Route

#1
Mussels
Moderprator
does this open them up to lawsuits?
Posted on Reply
#2
L'Eliminateur
smells like a destructive firmware update will be coming down the pipe for whoever wants this feature, i don't see how they can change the cypher length without maintaining the data...
Posted on Reply
#3
deleted
AES-256 as an encryption standard is broken. It's actually slightly less secure than AES-128 (though still secure enough that it's basically impossible to brute force). The fact that it took nearly two years for anyone to realize that this feature has never worked is a testament to how irrelevant it is.
Posted on Reply
#4
Steevo
Who cares except if you are using the security. So that means that 99% of users don't need it.

With that being said, watch out, here come the lawsuits from idiots who don't even know the difference.
Posted on Reply
#5
FordGT90Concept
"I go fast!1!11!1!"
by: Mussels
does this open them up to lawsuits?
Yes, but they're being proactive about fixing it and, unless there's some documents out there that SandForce knew about it and didn't do anything, the case would be weak against them.


[quote="L'Eliminateur, post: 2651891"]smells like a destructive firmware update will be coming down the pipe for whoever wants this feature, i don't see how they can change the cypher length without maintaining the data...[/quote]Flag the drive as 128-bit encrypted and require format to change to 256-bit encrypted.
Posted on Reply
#6
Kreij
Senior Monkey Moderator
by: FordGT90Concept
Flag the drive as 128-bit encrypted and require format to change to 256-bit encrypted.
They really don't even need to do that. They could just release a utility that decrypts the data and re-encrypts it with a 256 bit cypher and writes it back to the drive.
Posted on Reply
#7
L'Eliminateur
by: Kreij
They really don't even need to do that. They could just release a utility that decrypts the data and re-encrypts it with a 256 bit cypher and writes it back to the drive.
that would waste a ton of erase cycles on your flash, there's no chance in hell.

it will be a flash upgrade->secure erase firmware, but as some of you said, completely irrelevant
Posted on Reply