1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

SandForce 256-bit AES Encryption Limited to 128-bit, Fix En Route

Discussion in 'News' started by btarunr, Jun 12, 2012.

  1. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,869 (11.07/day)
    Thanks Received:
    13,716
    Location:
    Hyderabad, India
    Post acquisition, an audit by LSI reportedly discovered that the 256-bit AES native data encryption by SandForce SSD processors never was, and that the feature really just encrypted data with 128-bit AES. The problem has been resolved and a fix is in the works. LSI will share the fix with all SSD manufacturers with SandForce-based products, who could then release firmware updates to end-users.

    [​IMG]

    Source: TheSSDReview
     
  2. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,488 (11.47/day)
    Thanks Received:
    9,768
    does this open them up to lawsuits?
     
  3. L'Eliminateur

    L'Eliminateur

    Joined:
    May 22, 2010
    Messages:
    76 (0.05/day)
    Thanks Received:
    6
    smells like a destructive firmware update will be coming down the pipe for whoever wants this feature, i don't see how they can change the cypher length without maintaining the data...
     
  4. deleted New Member

    Joined:
    Jan 12, 2011
    Messages:
    80 (0.06/day)
    Thanks Received:
    14
    AES-256 as an encryption standard is broken. It's actually slightly less secure than AES-128 (though still secure enough that it's basically impossible to brute force). The fact that it took nearly two years for anyone to realize that this feature has never worked is a testament to how irrelevant it is.
     
  5. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,432 (2.55/day)
    Thanks Received:
    1,253
    Who cares except if you are using the security. So that means that 99% of users don't need it.

    With that being said, watch out, here come the lawsuits from idiots who don't even know the difference.
     
    10 Million points folded for TPU
  6. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,965 (6.24/day)
    Thanks Received:
    3,803
    Location:
    IA, USA
    Yes, but they're being proactive about fixing it and, unless there's some documents out there that SandForce knew about it and didn't do anything, the case would be weak against them.


    Flag the drive as 128-bit encrypted and require format to change to 256-bit encrypted.
     
    Crunching for Team TPU
  7. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (4.87/day)
    Thanks Received:
    5,616
    Location:
    Cheeseland (Wisconsin, USA)
    They really don't even need to do that. They could just release a utility that decrypts the data and re-encrypts it with a 256 bit cypher and writes it back to the drive.
     
  8. L'Eliminateur

    L'Eliminateur

    Joined:
    May 22, 2010
    Messages:
    76 (0.05/day)
    Thanks Received:
    6
    that would waste a ton of erase cycles on your flash, there's no chance in hell.

    it will be a flash upgrade->secure erase firmware, but as some of you said, completely irrelevant
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page