Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.
posted by n1 on Wednesday October 21 2015, @04:55PM   Printer-friendly
from the would-you-like-the-good-or-bad-news? dept.

Update: Western Digital announced its acquisition of SanDisk on Wednesday for $86.50 per share, or about $19 billion.

Bloomberg reports that hard disk drive maker Western Digital (WD) is considering purchasing SanDisk Corp. for between $80 and $90 a share, or around $17-18 billion.

A merger would give WD access to SanDisk's NAND flash chip foundry deal with Toshiba and make WD an instant competitor in the solid-state drive market. As we reported last week, SanDisk is also partnering with Hewlett-Packard on Storage-Class Memory (SCM), a post-NAND competitor to Intel and Micron's 3D XPoint offering.

After three years of delay, Chinese trade regulator MOFCOM has approved WD's integration with HGST. The two businesses will be required to keep product brands and sales teams separate for two more years, but can begin "combining operations and sharing technology," such as HGST's helium-filled 7-platter hard drives. $400 million in annual operating expenses could be reduced by the integration.

WD can be expected to include helium-filled hard drives in its product lineup imminently. If WD merges with SanDisk, we may also see the inclusion of more large NAND flash caches in the form of hybrid hard drive (HHD/SSHD) products. The Xbox One Elite Bundle ships with a 1 terabyte SSHD, and Seagate recently released a 4 terabyte desktop SSHD.

It's not all good news for Western Digital this week. Security researchers have just disclosed multiple vulnerabilities in WD's "My Passport" and "My Book" self-encrypting hard drives that allow encryption to be bypassed.


mendax writes:

"Totally uselsss", the article from El Reg dubs it:

WD's My Passport boxes automatically encrypt data as it is written to disk and decrypt the data as it is read back to the computer. The devices use 256-bit AES encryption, and can be password-protected: giving the correct password enables the data to be successfully accessed.

Now, a trio of infosec folks – Gunnar Alendal, Christian Kison and "modg" – have tried out six models in the WD My Passport family, and found blunders in the designs.

For example, on some models, the drive's encryption key can be brute-forced, which is bad news if someone steals the drive: decrypting it is child's play. And the firmware on some devices can be easily altered, allowing an attacker to silently compromise the drive and its file systems. [...]

"In addition to this, other security threats are discovered, such as easy modification of firmware and on-board software that is executed on the user's PC, facilitating evil maid and badUSB attack scenarios, logging user credentials, and spreading of malicious code."

My Passport models using a JMicron JMS538S micro-controller have a pseudorandom number generator that is not cryptographically safe, and only cycles through a series of 255 32-bit values. This generator is used to create the data encryption key, and the drive firmware leaks enough information for this key to be recreated by brute-force, we're told.

"An attacker can regenerate any DEK [data encryption key] generated from this vulnerable setup with a worst-case complexity of close to 240,"....

The paper that describes their exploit can be found here.


Original Submission #1Original Submission #2

Related Stories

Intel and Micron Announce 3D XPoint, A New Type of Memory and Storage 17 comments

Intel and Micron have announced a new type of non-volatile memory called "3D XPoint", which they say is 1,000 times faster (in terms of latency) than the NAND flash used in solid-state disks, with 1,000 times the endurance. It also has 10 times the density of DRAM. It is a stackable, 20nm, technology, and is expected to be sold next year in a 128 Gb (16 GB) size:

If all goes to plan, the first products to feature 3D XPoint (pronounced cross-point) will go on sale next year. Its price has yet to be announced. Intel is marketing it as the first new class of "mainstream memory" since 1989. Rather than pitch it as a replacement for either flash storage or Ram (random access memory), the company suggests it will be used alongside them to hold certain data "closer" to a processor so that it can be accessed more quickly than before.

[...] 3D XPoint does away with the need to use the transistors at the heart of Nand chips... By contrast, 3D XPoint works by changing the properties of the material that makes up its memory cells to either having a high resistance to electricity to represent a one or a low resistance to represent a zero. The advantage is that each memory cell can be addressed individually, radically speeding things up. An added benefit is that it should last hundreds of times longer than Nand before becoming unreliable.

It is expected to be more expensive than NAND, cheaper than DRAM, and slower than DRAM. If a 16 GB chip is the minimum XPoint offering, it could be used to store an operating system and certain applications for a substantial speedup compared to SSD storage.

This seems likely to beat similar fast and non-volatile "NAND-killers" to market, such as memristors and Crossbar RRAM. Intel and Micron have worked on phase-change memory (PCM) previously, but Intel has denied that XPoint is a PCM, memristor, or spin-transfer torque based technology. The Platform speculates that the next-generation 100+ petaflops supercomputers will utilize XPoint, along with other applications facing memory bottlenecks such as genomics analysis and gaming. The 16 GB chip is a simple 2-layer stack, compared to 32 layers for Samsung's available V-NAND SSDs, so there is enormous potential for capacity growth.

The technology will be sampling later this year to potential customers. Both Micron and Intel will develop their own 3D XPoint products, and will not be licensing the technology.


Original Submission

SanDisk and HP Announce Potential Competitor to XPoint Memory 5 comments

HP and SanDisk have announced the development of Storage-Class Memory, a technology with attributes similar to Intel and Micron's 3D XPoint ("crosspoint") memory:

HP and SanDisk are joining forces to combat the Intel/Micron 3D XPoint memory threat, and developing their own Storage-Class Memory (SCM) technology.

SCM is persistent memory that runs at DRAM or near-DRAM speed but is less costly, enabling in-memory computing without any overhead of writing to slower persistent data storage such as flash or disk through a CPU cycle-gobbling IO stack. It requires both hardware and software developments. Micron and Intel's XPoint memory is claimed to be 1,000 times faster than flash with up to 1,000 times flash's endurance. Oddly enough HP and SanDisk say their SCM technology is also "expected to be up to 1,000 times faster than flash storage and offer up to 1,000 times more endurance than flash storage."

[...] The partnership's aim is to create enterprise-class products for Memory-driven Computing and also to build better data centre SSDs. The Storage-Class Memory deal is more long-term: "Our partnership to collaborate on new SCM technology solutions is expected to revolutionise computing in the years ahead."

[...] It's not yet known what the XPoint cell process is, beyond being told it's a bulk change to the material but not a phase-change. Analyst Jim Handy has written an XPoint report which said HP had abandoned its Memristor technology. This SanDisk partnership implies that this point is incorrect.

The HP/SanDisk duo also intend to contribute to HP's Machine concept, "which reinvents the fundamental architecture of computers to enable a quantum leap in performance and efficiency, while lowering costs and improving security."

As we previously reported, Intel and Micron plan to release SSD and DIMM XPoint-based products in 2016, with Intel marketing them under the brand name "Optane".

Is HP's memristor partnership with Hynix obsolete? Will HP Enterprise finally give birth to "The Machine" and change supercomputing? Will Crossbar's ReRAM wither and die, or will the company join the fray and compete to produce the ultimate post-NAND memory?


Original Submission

Western Digital, SanDisk, and the NAND Market 12 comments

Following Western Digital's purchase of SanDisk, now is a good time to look to the future of the disk and NAND flash storage industries:

Stifel [Managing Director] Aaron Rakers has taken a deep dive look at the SanDisk technology Western Digital is aiming to buy, and his report brings out cost-savings derived from HGST escaping payment of an Intel tax, 3D NAND timescales, and possibilities for future planar NAND node shrinks.

[...] Rakers points out that "the write attributes of shingled magnetic recording (SMR) technologies requires the usage of non-volatile persistent memory (NAND) in order to optimise write performance (e.g., transition tables)." HGST's 10TB HelioSeal disk drives use SMR and, if Rakers is right, will need to be hybrid flash/disk drives with flash being used for SMR block rewrite operations. SanDisk can supply the flash chips for this.

Unexpectedly, there could be another 2D planar NAND node shrink to below 15nm. Rakers writes: "We believe that SanDisk continues to prepare for the possibility of another planar node shrink (i.e. to 10/12nm); whether the company actually commences a subsequent planar node shrink depends on the cost effectiveness ramp of SanDisk's 3D NAND ... demand for various types of NAND in different use cases, and the difference in investment required to continue to produce 15nm TLC, convert to 3D NAND, build greenfield 3D NAND or further shrink planar."

[...] Raker's financial modelling of WD's post-SanDisk acquisition SSD costs indicates that building products using vertically-integrated SanDisk technology for enterprise SAS SSDs could save WD substantial amounts of money. He thinks that 80-85 per cent of the enterprise SSD bill-of-material (BOM) cost is for NAND flash. Modelling with an average 900GB SSD he reckons WD could be paying Intel as much as $0.60/GB for flash chips. It would save as much as 52 per cent of this by using SanDisk chips.

[More after the break.]

Western Digital Acquisition of SanDisk Approved, Finalized on May 12th 25 comments

Western Digital's acquisition of SanDisk has received regulatory approval from the Chinese Ministry of Commerce:

Western Digital announced the $19 billion SanDisk acquisition in October 2015 and that its shareholders approved the acquisition in March 2016, which left MOFCOM (the Chinese Ministry of Commerce) approval as the only remaining barrier to the merger. WD announced today that it has received regulatory approval from MOFCOM to proceed, and the transaction closes on May 12--a scant two days away. SanDisk is one of the early leaders of NAND development and holds over 5,000 patents, but broader management issues led to a dramatic weakening of the company's prospects last year. The resultant crash of SanDisk's stock price opened the door for WD to step in and purchase the company.

WD's absorption of SanDisk will be happening as the company continues to keep its acquired former hard disk competitor HGST at arm's length for another two years (a MOFCOM requirement).

Previously:
Western Digital Acquires SanDisk, MyPassport 256-bit AES Encryption "Useless"
Western Digital, SanDisk, and the NAND Market


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday October 21 2015, @05:30PM

    by Anonymous Coward on Wednesday October 21 2015, @05:30PM (#252842)

    WD QC is shit. Are they still hemorrhaging big accounts due to the garbage they shipped this past year?

    • (Score: 2) by takyon on Thursday October 22 2015, @12:28AM

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Thursday October 22 2015, @12:28AM (#253007) Journal

      WD or Seagate?

      https://www.backblaze.com/blog/3tb-hard-drive-failure/ [backblaze.com]

      There is no reliable hard disk drive these days. Maybe HAMR will improve things over PMR, maybe not.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 0) by Anonymous Coward on Thursday October 22 2015, @01:22AM

        by Anonymous Coward on Thursday October 22 2015, @01:22AM (#253025)

        When you get your (multi-)TB hdd, run a thorough test first - there is a Linux utility that writes and read back the entire disk a few times with multiple patterns. It will last a couple days to complete.

        Even that's no guarantee though. A disc failed after a few month even though it passed the test initially.

  • (Score: 1, Insightful) by Anonymous Coward on Wednesday October 21 2015, @06:08PM

    by Anonymous Coward on Wednesday October 21 2015, @06:08PM (#252853)

    Can it even be called encryption if the end user hasn't got full authority over the key?

    • (Score: 2) by Nerdfest on Wednesday October 21 2015, @06:34PM

      by Nerdfest (80) on Wednesday October 21 2015, @06:34PM (#252863)

      It can, although ROT13 can also be called encryption. As they say, security is hard, but in most cases problems occur because people try to "roll their own" rather than using reference implementations. Most of these common problems have been solved quite well if you take the time to research a bit.

    • (Score: 2) by frojack on Wednesday October 21 2015, @10:03PM

      by frojack (1554) on Wednesday October 21 2015, @10:03PM (#252942) Journal

      I suspect It is meant to serve the purpose of data protection in the case of theft. That's really all.

      I have no doubt that they (WD) would cough up the key to any police agency that asked.

      --
      No, you are mistaken. I've always had this sig.
  • (Score: 3, Interesting) by Rich on Wednesday October 21 2015, @08:03PM

    by Rich (945) on Wednesday October 21 2015, @08:03PM (#252891) Journal

    As the resident nerd, I recently was asked to have a look at a dead external hard drive (return favours were negotiated). The device in question was some 3.5" external USB drive from WD. Probably something with "Passport". IIRC, I was told that the drive was dropped. When plugged in, it seemed to spin up and do a few seeks, which sounded very much like a successful startup routine and self test. But it didn't register at the desktop at all. A look into "dmesg" revealed an error: "Logical unit access not authorized".

    Even an extensive search on the net left me none the wiser. If it was something possibly useful, WD should have it documented so it can be found. I suspect it might have something to with locking in the drive with its enclosure. Anyway, I handed the drive back and told them to throw it away or have it sorted with WD and/or their Windows-only maintenance software. I definitely wouldn't want to deal with such a situation myself. Because WD already had past sins booked on their account when they even refused to name the spindle speed of some new series, they're out of cred with me now.

    Pity that we can expect SanDisk, which always was a "better safe than sorry" choice for solid storage, to pull stupid tricks like the above too.

    PS: Just out of curiosity: Does anyone happen to know what this "authorization" logic is supposed to do and how it precisely works?

    • (Score: 3, Informative) by jmorris on Wednesday October 21 2015, @09:58PM

      by jmorris (4844) on Wednesday October 21 2015, @09:58PM (#252940)

      Have you looked into the ATA Security thing that all laptops/drives implement?

      Man 8 hdparm and look for "ATA Security Feature Set"

      Good luck figuring out what password they use though.

  • (Score: 1) by throwaway28 on Thursday October 22 2015, @07:42AM

    by throwaway28 (5181) on Thursday October 22 2015, @07:42AM (#253117) Journal

    FYI, an easy way to get encrypted block devices on linux, is

    echo "0 1024000000 crypt aes-cbc-essiv:md5 d41d8cd98f00b204e9800998ecf8427e 0 /dev/sdc 0" | dmsetup create encrypted
    mount /dev/mapper/encrypted /mnt/encrypted

    I began using this command in 2009; though d41d8cd98f00b204e9800998ecf8427e is /NOT/ my password.