by Andy Patrizio
LSI Corp. and two SSD OEM partners have issued a recall and replacement program due to defective encryption controllers, but the good news is that the problem only affects a small number of customers and there is no risk of data loss.
Both firms will make replacements available free of charge.
LSI’s SandForce subsidiary announced on June 11 that its SF-2000 series of SSD controllers had a problem in their AES-XTS encryption engine that restricted to 128-bit encryption. Customers who wanted to use a 256-bit encryption string weren’t getting the full encryption.
“LSI believes AES 128-bit encryption meets the data encryption requirements of most customers. Customers that believe they require 256-bit encryption should contact their SSD manufacturer to obtain specific information about their SSD,” the company said in a statement.
A spokesman for the company confirmed the loss to Desktop Review that there is no risk of data loss or data corruption. “This issue affects only the limited set of users who currently require 256-bit encryption. For the vast majority of users, AES-128 encryption provides an extremely high level of security to meet their data encryption requirements,” said Brian Garabedian, a spokesman for LSI.
While there is no risk, Intel and Kingston Technology, two OEMs of the SF-2000 processor, are taking no chances. Intel uses the SF-2000 in its 520-series of drives while Kingston uses it in its SSDNow V+200 and KC100 lines of solid-state drives.
The two companies have said they will replace or exchange SSDs incapable of 256-bit encryption to customers who require the feature. “Customers not satisfied with the 128-bit encryption in an Intel 520-series SSD purchased before July 1, 2012, they can contact Intel customer support prior to October 1, 2012 to return their product and Intel is offering to provide a full refund of the purchase price,” Intel said in a statement.
“Feedback from Kingston’s customer base regarding the SSDNow V+200 and KC100 model SSDs does not indicate that the encryption feature is critical or widely used in most deployments. Kingston?s teams will work closely with customers who require 256-bit AES encryption to ensure that they are taken care of, and are able to swap out their current drives for ones with the correct encryption level when it becomes available,” said Kingston in its own statement.
Even if you don’t work for the CIA, you might want to replace your drive, suggests Jim McGregor, principal analyst with Tirias Research. “Since it difficult to determine which applications require AES-256, I would recommend exchanging the units because this standard is common in many applications, and securing your data should always be a priority. Even if you don’t require it today, security standards are always increasing to new threats,” he said.