Page 1 of 1

SandForce SF-2281 Controller Cannot Do AES-256 Encryption

PostPosted: Mon Jun 11, 2012 11:15 pm
by Ian
Intel has discovered that SandForce's SF-2281 controller cannot do AES-256 encryption. If you own an Intel SSD 520 Series and care about such things, you can get a refund.

http://communities.intel.com/message/158716#158716

As part of ongoing quality assurance, Intel Corporation has discovered a limitation of the AES (Advanced Encryption Standard) encryption feature in the Intel® SSD 520 Series, code-named Cherryville. Intel has published a specification update for the Intel SSD 520 Series product, updating the specification from AES 256-bit encryption to AES 128-bit encryption. Other Intel Solid-State Drives with data encryption, such as Intel SSD 320 Series, also feature AES 128-bit encryption.

The AES feature in the Intel SSD 520 Series, when used in combination with a strong user and master HDD password (if supported, consult your system manufacturer), helps secure the data from access by anyone that does not know the password. AES 128-bit refers to the length of the key used for data encryption. In the Intel SSD 520 Series, the key length is 128 bits. The higher the number of bits in a key, the stronger the level of encryption. Intel believes AES 128-bit encryption meets the data encryption requirements of most customers.

Intel stands behind its products and is committed to product quality, and is working to bring AES 256-bit encryption to future products. If, however, our customers are not satisfied with the 128-bit encryption in an Intel 520 Series SSD purchased before July 1, 2012, they can contact Intel customer support prior to October 1, 2012 to return their product and Intel is offering to provide a full refund of the purchase price. For further information or questions about this specification change, consumers should contact Intel Customer Support.

Re: SandForce SF-2281 Controller Cannot Do AES-256 Encryptio

PostPosted: Mon Jun 11, 2012 11:18 pm
by Ian
Looks like SandForce is already on it.

http://www.sandforce.com/index.php?id=189

LSI Corporation is committed to delivering the highest quality and most reliable Flash Storage Processors (FSP) in the marketplace. As part of a detailed validation and quality assurance analysis of the security implementation in the SF-2000 series FSP, it was discovered that the AES-XTS engine was restricted to 128-bit encryption.

This issue affects the limited set of users who currently require 256-bit encryption. The necessary hardware and firmware updates are currently in process to enable full 256-bit encryption for those customers who need it.

“AES-128” and “AES-256” refer to encryption key lengths of 128 and 256 bits respectively; the higher the number of bits in a key, the stronger the level of encryption. Click here for a detailed AES encryption overview.

LSI believes AES 128-bit encryption meets the data encryption requirements of most customers. Customers that believe they require 256-bit encryption should contact their SSD manufacturer to obtain specific information about their SSD.

Re: SandForce SF-2281 Controller Cannot Do AES-256 Encryptio

PostPosted: Mon Jun 11, 2012 11:58 pm
by Ian
Kingston has weighed in on this as well..

Kingston Digital, Inc., the Flash memory affiliate of Kingston Technology Company, Inc., the independent world leader in memory products, along with LSI, its SSD processor partner, have recently been in discussions related to the encryption capabilities of the SF-2000 platform. It was discovered that the ’self encrypting’ feature that Kingston® markets on both the SSDNow V+200 and KC100 lines runs in 128-bit AES encryption mode, not the originally stated 256-bit mode. Both AES modes encrypt and secure the data on the SSD from unauthorized access ― just to different encryption standards.

Kingston is working with LSI to correct this and to ensure that future production of the aforementioned drives delivers 256-bit AES encryption mode.

Feedback from Kingston's customer base regarding the SSDNow V+200 and KC100 model SSDs does not indicate that the encryption feature is critical or widely used in most deployments. Kingston’s teams will work closely with customers who require 256-bit AES encryption to ensure that they are taken care of, and are able to swap out their current drives for ones with the correct encryption level when it becomes available. Kingston customers with further questions are encouraged to contact Kingston technical support for additional clarification.

Kingston will notate the 128-bit AES encryption mode going forward on all literature to avoid confusion until the issue is remedied. Please note that this issue affects all manufacturers of SSDs utilizing the SF-2000 family of products and is not a Kingston-centric issue. Kingston believes in the importance of a great customer experience and will continue to communicate openly with our valued customer base.