SandForce SF-2000 Controllers Limited to 128-Bit Encryption

[tecmo34]

In a quality audit, it was discovered that the SF-2000 Series Controllers don't operate at its 256-Bit Encryption specificaton, but currently is limited to 128-Bit Encryption

SandForce SF-2000 Controllers Limited to 128-Bit Encryption : Read more

 

[sixdegree]

It's always good to see companies address their costumers' dissatisfaction with such great care. I hope more vendors follow Intel and Kingston step.

 

[A Bad Day]

Well, at least they're admitting the problem and offering services. I'd wish more companies would follow Intel's and Kingston's step.

 

[josejones]

Is this an issue with Mushkin SSD's too?

 

[Guest]

This is not an issue at all. You shouldn't be using AES-256 anyway (http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf and http://www.schneier.com/blog/archives/2009/07/another_new_aes.html). This is now 3 years old.
The problem lies with the key scheduling algorithm, which affects AES-256, but not AES-128.
It's simply badly designed. It looked OK at first, but it's 3 years past it's sell-by date.
As a result of the design error, AES-128 has a best-known attack complexity of 2^128, but AES-256 has an attack complexity of only 2^119.
Both are safe from known brute-forcing today, but AES-256 has a *smaller* margin of safety than AES-128.

 

[jdamon113]

Boring

 

[rantoc]

[citation][nom]A Bad Day[/nom]Well, at least they're admitting the problem and offering services. I'd wish more companies would follow Intel's and Kingston's step.[/citation]

Agreed, at least they don't try to sweep the problem under the rug and provide a comedian solution for the issues once the truth got out. Intel handle hardware issues nicely, this and early SB were both handled nicely and show that they care about their customers... unlike some other company's, no need to mention them. Some shady company's get caught over and over while gambling with quality and worst of all is how their fanboy(esses) remain loyal to the company that pisses on them is well beyond me.

 

[applegetsmelaid]

Only 128-bit encryption? Now I feel like a sucker.

 

[eddieroolz]

Let the firmware updates flow in!

 

[freggo]

Nice for them to address the issue and not trying to sweep it under the rog. But I think it is fair to say that for most of us it does not matter. Not exactly Bond style secrets on our drives; unless you include the various future 'Bond Girls' of course

 

[dragonsqrrl]

[citation][nom]CryptoGeek[/nom]This is not an issue at all. You shouldn't be using AES-256 anyway (http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf and http://www.schneier.com/blog/archi [...] aes.html). This is now 3 years old.The problem lies with the key scheduling algorithm, which affects AES-256, but not AES-128.It's simply badly designed. It looked OK at first, but it's 3 years past it's sell-by date.As a result of the design error, AES-128 has a best-known attack complexity of 2^128, but AES-256 has an attack complexity of only 2^119.Both are safe from known brute-forcing today, but AES-256 has a *smaller* margin of safety than AES-128.[/citation]
...bad link dude.

 

[threefish]

[citation][nom]dragonsqrrl[/nom]...bad link dude.[/citation]
http://www.schneier.com/blog/archives/2009/07/another_new_aes.html

Take of the closing paren and the period...

 

[megahustler]

[citation][nom]CryptoGeek[/nom]This is not an issue at all. You shouldn't be using AES-256 anyway[...][/citation]

This is not really correct. The attack you mention is against a reduced-round AES-256, not the full AES-256. There are effective reduced-round attacks against AES-128 as well.

The best known attack against full AES-256 is about 2^254, AFAIK.

 

[hetneo]

[citation][nom]megahustler[/nom]This is not really correct. The attack you mention is against a reduced-round AES-256, not the full AES-256. There are effective reduced-round attacks against AES-128 as well.The best known attack against full AES-256 is about 2^254, AFAIK.[/citation]
Dude watch out, his name is CryptoGeek, he has credentials