SandForce SF-2000 Controllers Limited to 128-Bit Encryption

Status
Not open for further replies.

sixdegree

Distinguished
Apr 22, 2011
157
0
18,680
0
It's always good to see companies address their costumers' dissatisfaction with such great care. I hope more vendors follow Intel and Kingston step.
 
G

Guest

Guest
This is not an issue at all. You shouldn't be using AES-256 anyway (http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf and http://www.schneier.com/blog/archives/2009/07/another_new_aes.html). This is now 3 years old.
The problem lies with the key scheduling algorithm, which affects AES-256, but not AES-128.
It's simply badly designed. It looked OK at first, but it's 3 years past it's sell-by date.
As a result of the design error, AES-128 has a best-known attack complexity of 2^128, but AES-256 has an attack complexity of only 2^119.
Both are safe from known brute-forcing today, but AES-256 has a *smaller* margin of safety than AES-128.
 

rantoc

Distinguished
Dec 17, 2009
1,859
0
19,780
0
[citation][nom]A Bad Day[/nom]Well, at least they're admitting the problem and offering services. I'd wish more companies would follow Intel's and Kingston's step.[/citation]

Agreed, at least they don't try to sweep the problem under the rug and provide a comedian solution for the issues once the truth got out. Intel handle hardware issues nicely, this and early SB were both handled nicely and show that they care about their customers... unlike some other company's, no need to mention them. Some shady company's get caught over and over while gambling with quality and worst of all is how their fanboy(esses) remain loyal to the company that pisses on them is well beyond me.
 

freggo

Distinguished
Nov 22, 2008
2,019
0
19,780
0
Nice for them to address the issue and not trying to sweep it under the rog. But I think it is fair to say that for most of us it does not matter. Not exactly Bond style secrets on our drives; unless you include the various future 'Bond Girls' of course :)

 

dragonsqrrl

Distinguished
Nov 19, 2009
1,280
0
19,290
3
[citation][nom]CryptoGeek[/nom]This is not an issue at all. You shouldn't be using AES-256 anyway (http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf and http://www.schneier.com/blog/archi [...] aes.html). This is now 3 years old.The problem lies with the key scheduling algorithm, which affects AES-256, but not AES-128.It's simply badly designed. It looked OK at first, but it's 3 years past it's sell-by date.As a result of the design error, AES-128 has a best-known attack complexity of 2^128, but AES-256 has an attack complexity of only 2^119.Both are safe from known brute-forcing today, but AES-256 has a *smaller* margin of safety than AES-128.[/citation]
...bad link dude.
 

megahustler

Distinguished
May 19, 2010
39
0
18,530
0
[citation][nom]CryptoGeek[/nom]This is not an issue at all. You shouldn't be using AES-256 anyway[...][/citation]

This is not really correct. The attack you mention is against a reduced-round AES-256, not the full AES-256. There are effective reduced-round attacks against AES-128 as well.

The best known attack against full AES-256 is about 2^254, AFAIK.
 

hetneo

Distinguished
Aug 1, 2011
451
0
18,780
0
[citation][nom]megahustler[/nom]This is not really correct. The attack you mention is against a reduced-round AES-256, not the full AES-256. There are effective reduced-round attacks against AES-128 as well.The best known attack against full AES-256 is about 2^254, AFAIK.[/citation]
Dude watch out, his name is CryptoGeek, he has credentials ;)
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS