POST A COMMENT

45 Comments

Back to Article

  • jayhawk11 - Monday, June 11, 2012 - link

    How the heck do you screw this up? Reply
  • N4g4rok - Monday, June 11, 2012 - link

    Weird, As long as it's been out, i'm surprised this hasn't been discovered before. Hopefully it didn't mess too many people up. Reply
  • mckirkus - Monday, June 11, 2012 - link

    Step 1> Review features checklist on the side of the box.
    Step 2> Write test cases to ensure the features are working
    Step 3> Send to QA
    Step 4> Assume nobody will find out about bugs revealed by QA testing?
    Reply
  • dananski - Monday, June 11, 2012 - link

    I think Sandforce have a parallel step 3: release product to partners for public distribution.

    Is it a hard-to-spot bug, like it appears to be doing the encryption but it's not doing it / not in the way it should, or is it a blindingly obvious bug like you try to enable AES-256 and there is some big error / your data gets corrupted?

    Kudos to Intel on not only being the only ones with enough testing emphasis to spot this, but also immediately offering appropriate refunds.
    Reply
  • MrSpadge - Tuesday, June 12, 2012 - link

    It seems to be a bug which is hard to catch. Otherwise Intel wouldn't have needed as much time to do so, would they? Reply
  • Marsolin - Tuesday, June 12, 2012 - link

    It's hard to catch because the drive is doing the encryption, it's just 128-bit instead of 256-bit like the user expects. And since everything is done through the controller there's nothing else that sees the mistake. Reply
  • rs2 - Monday, June 11, 2012 - link

    Step 1> Review features checklist on the side of the box.
    Step 2> Write test cases to ensure the features are working
    Step 3> ???
    Step 4> Profit!

    There, I fixed it for you.
    Reply
  • meloz - Monday, June 11, 2012 - link

    Very embarassing, but at least they are handling the issue in a way to minimize the pain for consumers.

    I wonder when -if ever- we will see Intel return to using their in-house controllers again? They had to use SF because I suppose their internal design was too conservative (performance wise), but eventually you would expect them to do it all inside Intel.
    Reply
  • Kevin G - Monday, June 11, 2012 - link

    Considering the cut throat nature of the consumer SSD market, Intel will likely stay out of the controller side. They may return to the enterprise market however.

    In the long term, I do see Intel integrating their SSD controllers into mobile SoC to further reduce board space and improve performance.
    Reply
  • Kevin G - Monday, June 11, 2012 - link

    "If you purchased your 520 on or before July 1, 2012 you can contact Intel for a full refund of purchase price. "

    Because I like to go back to the future to order my SSD's.
    Reply
  • quiksilvr - Monday, June 11, 2012 - link

    Some people order before July 1st but shipping delays can cause it to come in later. In some cases, it can be interpreted as "Date received" not "Date ordered" as the date you "bought" it. This covers all bases and avoids confusion. Reply
  • JarredWalton - Monday, June 11, 2012 - link

    I believe the point is that anyone buying an SSD in the next 2-3 weeks is still eligible (i.e. maybe they didn't read about the problem). After July 1, Intel will presumably have packaging or other materials in place to alert users to the lack of AES-256 and thus if you buy a drive that doesn't advertise AES-256 support you can't complain and return it. Reply
  • magreen - Monday, June 11, 2012 - link

    Remember, we're talking about enterprise customers. That means action plans are approved and set into motion well before the actual purchase is made. By allowing refunds on purchases until 7/1, Intel is providing support to those whose plans are already in motion. Otherwise those customers could claim (after the fact) that it was too late to suddenly switch course when the AES-256 announcement was made. Reply
  • taltamir - Tuesday, June 12, 2012 - link

    They are being generous and assuming that people buying the drive in the next 18 days might not have heard about this recall. Reply
  • Tegeril - Tuesday, June 12, 2012 - link

    No one will ever come across this article of any of Intel's press releases about the topic after July 1. The entire world will have been informed via immediate brain-injection. Reply
  • DaveSimmons - Monday, June 11, 2012 - link

    The point of paying extra for an intel-branded Sandforce controller design was supposed to be that they had thoroughly tested it and found and fixed firmware problems.

    To miss that AES-256 doesn't work until after it shipped is a QA failure that undercuts the justification for buying intel instead of a cheaper brand.
    Reply
  • JeffFlanagan - Monday, June 11, 2012 - link

    You're assuming that the cheap brand would offer a refund when it doesn't perform as advertised. I think that's a huge oversight. Reply
  • JarredWalton - Monday, June 11, 2012 - link

    Let's also not forget that there are still plenty of SF-2281 SSDs out there that have BSOD issues; Intel's 520 does not. I know our own Ganesh for example has an HP EliteBook with an SF-2281 drive that he can't hibernate/sleep without running the risk of a BSOD. Reply
  • seapeople - Monday, June 11, 2012 - link

    You get your justification here: you bought an Intel, this bug bothers you, you get a refund. If you had bought a cheap brand you have no assurances of getting that refund. Reply
  • BSMonitor - Tuesday, June 12, 2012 - link

    Ummmm, it's not an Intel-Branded Sandforce controller. It's a Sandforce Branded Sandforce controller. Intel simply used the chip in its end product. When a CPU has bugs/etc.. do you blame Acer or Dell for that?? No, it's Intel's problem.

    ALL SF-2281 drives out there today have this issue. Intel is only able to address Intel drives, and are therefore offering a refund.

    As of yet, all other manufactures have missed this issue and are doing nothing about it.

    Please don't comment on something purely out of your anti-Intel bias.
    Reply
  • shatteredstone - Monday, June 11, 2012 - link

    AES-256 has been broken to below AES-128-level security (they are at approximately 2^100 complexity with -256 and still closer to ^128 with -128 IIRC)

    https://cryptolux.org/FAQ_on_the_attacks has some high level answers. The point being that anybody worried about their security after this screwup by Sandforce was not doing their job before (or is bound by needless bureaucracy which is not informed by facts).
    Reply
  • AllYourBaseAreBelong2Us - Monday, June 11, 2012 - link

    The AES-256 weakness is within the key-scheduler but, you would still need 2^100 encryptions which is impractical with current computational power. Increasing the number of rounds would fix the problem. Reply
  • ekon - Monday, June 11, 2012 - link

    There are problems with the full drive encryption for Intel's other SSDs well. I found the feature very appealing at first glance, but my pre-purchase research indicated it was extremely poorly documented and supported, with multiple deal-breaking limitations (e.g. may not work with the interface in AHCI mode, no guarantee you'll have a way to access the data on a different system due to fragmented support for ATA passwords, etc.).

    Unlike software such as TrueCrypt, it seems only a rare few attempt to use the FDE on SSDs, so the issues barely come to light. Here's one of the few discussions that delves into it:

    http://communities.intel.com/thread/20537
    Reply
  • bobbozzo - Monday, June 11, 2012 - link

    I've got a Kingston SSD with FDE, and their documentation doesn't explain how to move the drive to a different computer. Also it seems they've stopped selling FDE drives.

    Anyways, I called them, and the tech talked to an engineer or someone else who then explained how to turn off the encryption in the bios and move the drive, and turn it back on.

    No data was lost, but it makes me wonder where the encryption is happening if it can be disabled without re-writing the drive.
    Before buying it, I was originally told by Kingston marketing that changing the password would wipe the drive.
    Reply
  • Beenthere - Monday, June 11, 2012 - link

    Some like to harp (or believe) that Intel's products have better valadation than the competition and thus are more compatible/reliable but history continues to show this has simply not been the case in CPUs or SSDs. Reply
  • BSMonitor - Tuesday, June 12, 2012 - link

    Ummm, they do. This proves it. ALL SF-2281 have this AES-256 issue. Intel is just the first to find it and offer a refund for users who need that.

    EPIC FAIL on the Intel slam.
    Reply
  • etamin - Monday, June 11, 2012 - link

    So this bug is present in all sf-2281 devices? ...and only Intel is doing something about it? Reply
  • piroroadkill - Tuesday, June 12, 2012 - link

    I'm going to guess the bug is present in all of them, but Intel is doing something, yup. Reply
  • BSMonitor - Tuesday, June 12, 2012 - link

    Read the article. It is a SF-2281controller issue. Reply
  • ComputerNovice22 - Monday, June 11, 2012 - link

    To say that Intel isn't worth the extra cash over say a "cheaper brand" because they didn't catch this sooner...Is a bit silly to say the least, quite honestly I'd wonder why OCZ still hadn't found this issue or any of the other Sandforce sellers like Kingston,Corsair,Mushkin and others ... The other point I'd like to bring up is Intel was the only ones selling the Sandforce 2281 controllers that didn't suffer from random BSOD's issues so I'd beg to differ about Intel not being worth a little extra cash. Reply
  • ComputerNovice22 - Monday, June 11, 2012 - link

    Unless this is a Intel only issue, in which case it does make them look silly... So is this a Intel only issue or Sandforce related? Reply
  • BSMonitor - Tuesday, June 12, 2012 - link

    Sandforce. Read the article. Reply
  • ComputerNovice22 - Tuesday, June 12, 2012 - link

    I read the article however Intel made their own custom firmware for their 520 SSD so it's possible that something they did to their own special version of the SSD combined with the SandForce controller caused the issue, however it does appear to be Sandforce related since it says "it can't be fixed via a firmware update" which most likely eliminates Intel's special firmware as the cause (most likely). Reply
  • gamoniac - Monday, June 11, 2012 - link

    It sounds like this affects all SF-2281 SSDs. I wonder if other SF-2281 SSD vendors would offer the same return/refund Intel does? Given the amount of vendors and people that have collectively failed to find this bug, this has got to be the most embarassing tech HW moments in recent years. Reply
  • Tommyv2 - Monday, June 11, 2012 - link

    You're all missing the obvious thing - Intel isn't saying anything about the 330 series, because it only talks about the 256-bit on the 520. Ditto on the other vendors - no one promised it, hence no PR problem. Reply
  • Per Hansson - Tuesday, June 12, 2012 - link

    This article makes it clear that it was Intel that discovered the bug but "The SSD Review" has another view of it:

    http://thessdreview.com/latest-buzz/lsi-discovers-...
    Reply
  • BSMonitor - Tuesday, June 12, 2012 - link

    Of course the parent company would "say" that. Why would they paint it that they need their manufactures to find bugs for them. Reply
  • ekerazha - Tuesday, June 12, 2012 - link

    Actually, AES-128 is *more* secure than AES-256.

    Complexity to recover the key:

    AES-256: 2^99.5 (related-key attacks)
    AES-128: 2^126.1 (bicliques based attacks)
    AES-192: 2^176 (related-key attacks)

    Actually, AES-256 is the weakest.
    Reply
  • Narrlok - Tuesday, June 12, 2012 - link

    how many users actually use Intel's own FDE instead of using something like TrueCrypt or BitLocker? Does this affect anyone using these SSDs if they don't use Intel's FDE? Reply
  • ekon - Tuesday, June 12, 2012 - link

    The concept of FDE is actually very appealing to users of TrueCrypt/DiskCryptor/BitLocker, which have significant performance impacts on SSDs and question marks about wear effects.

    But FDE is undermined by poor (practically nonexistent) documentation for consumer end users, spotty implementation (no guarantee you'll be able to access the data if you move the drive from one motherboard to another) and significant limitations (e.g. not functioning when the interface is set to AHCI or RAID mode).
    Reply
  • chadwilson - Tuesday, June 12, 2012 - link

    What's funny is the 192 and 256 bit profiles for the AES spec have actually been shown to be LESS secure than the 128 bit profile. Sadly this is not common knowledge outside crypto circles.

    http://www.schneier.com/blog/archives/2009/07/anot...

    http://lukenotricks.blogspot.com/2009/05/aes-256-a...
    Reply
  • prophet001 - Wednesday, June 13, 2012 - link

    I don't need AES-256 anyway :D getting ready to get one. Reply
  • eightyeight - Friday, June 15, 2012 - link

    FYI.

    I just inquired about returning this, and they denied it. Saying it wasn't an issue.
    Reply
  • Guest9234 - Tuesday, June 19, 2012 - link

    Did you specifically point them to the article at:

    http://communities.intel.com/message/158716

    that guarantees your return, and say that you specifically were not satisfied with 128-bit AES encryption over 256-bit AES?

    I find it hard to believe you were flat-out denied your refund without some sort of reason.
    Reply
  • nextel2010 - Saturday, September 15, 2012 - link

    Well, this is great news. I bought an Intel 520 way back in March, and it's been nothing but trouble. BSOD's, freezes, and shutdowns on a system which was previously rock stable. Unable to resolve it after countless hours of troubleshooting. I know I have a five year warranty, and can request a replacement but I suspect the issue is with the controller, so I doubt another 520 will solve my problems. At least with this "recall", I can return it for a refund, and spring for a Samsung or Plextor unit. And that's too bad; I really really wanted to stick with Intel for a number of reasons, but I can't get this thing to work. Reply

Log in

Don't have an account? Sign up now