EMC counters compliance flaw claims
EMC counters compliance flaw claims
EMC has reacted strongly to claims by experts that its Centera solution has faults within it that could result in the loss of vital data, meaning that it is not suitable for meeting government regulations for compliance.
Vulnerabilities have been pointed out in the MD5 algorithm, used to make digital signatures. As a result, experts believe that two files containing different data could be found at the same ID.
Users subject to SEC 17 a-4 have been warned about this and advised to wait until the National Institute of Standards and Technology officially warns that all use of MD5 for single-instance storage systems are non-compliant, before taking any action.
However, Clive Gold, the national product manager for EMC, explained why Centera users have nothing to worry about.
"The probability of two different pieces of content being recorded under the wrong ID is less than one in a billion through the MD5. Even so, if this happens, Centera has functions already built into the system to eradicate this problem.
"First of all, Centera checks the time stamp of each piece of content. If the content is not made at exactly the same time, it will not allow there to be two separate identities made.
"Secondly, through bit comparison, Centera analyses every piece of content inside each file. If two separate files with the same ID have different content, then they will be given different ID numbers.
"There is also a claim about hackers going through a process of reverse engineering to create two separate pieces of content with the same ID. This is impossible unless the hacker alters a file with exactly the same time stamp as the original piece of work, which is impossible."
Gold claims that people are inventing faults in the EMC Centera product because it is such a successful system and he claims that people want to shoot it down because it is doing so well.
Related Article: