Jump to content
RESET Forums (homeservershow.com)

SSD and Encryption


Mr Bill
 Share

Recommended Posts

I have been listening about all of the advantages of an SSD. I am looking at replacing the HD on my netbook with an SSD. One of the concerns that I have is that I need to have my drive encrypted with TrueCrypt with the whole disk encryption option.

 

Are there any issues with running whole disk encryption on an SSD?

 

Thanks for your time.

 

 

Link to comment
Share on other sites

That's a great question. I don't have any SSD experience, but I'm looking forward to learning what you find out.

Link to comment
Share on other sites

On a quick check around on the idea of whole disk encryption, I came across this thought. The whole disk including free space is encrypted, right? That means there's no straight writes, the fastest kind, but rather each write must do the read/erase/write process which is significantly slower.

Link to comment
Share on other sites

You can do full drive encryption with SSD however bear in mind that as DVN stated, Truecrypt slows down your reads and writes by a factor of 2-3 times. Using an SSD with and entire drive encrypted is not going to yield much benefit as there are other bottle necks. You should consider a Truecrypt volume instead for your critical data and let the SSD speed up the OS and other things. Typically you only need to encrypt data. It also allows for easier backup when you do it this way. Just my two cents.

Link to comment
Share on other sites

You can do full drive encryption with SSD however bear in mind that as DVN stated, Truecrypt slows down your reads and writes by a factor of 2-3 times. Using an SSD with and entire drive encrypted is not going to yield much benefit as there are other bottle necks. You should consider a Truecrypt volume instead for your critical data and let the SSD speed up the OS and other things. Typically you only need to encrypt data. It also allows for easier backup when you do it this way. Just my two cents.

 

Hmm, is TrueCrypt really that slow? What i've figured from my BitLocker usage, it is pretty much undetectable in real world usage.

Link to comment
Share on other sites

Well, when using an SSD, the forums are saying that TrueCrypt slows it down fairly significantly. Of course, I'd recommend trying it in a test situation to verify this for yourself. But when I searched the phrase "whole disk encryption on an SSD" from your initial post, I didn't find anything that suggested there wasn't a hit to performance with whole disk encryption on an SSD.

 

As pcdoc suggests, and if whether to use whole disk encryption is your call and not your employer's, I'd just encrypt the files you actually need to protect with an encryption volume.

Link to comment
Share on other sites

Well, when using an SSD, the forums are saying that TrueCrypt slows it down fairly significantly. Of course, I'd recommend trying it in a test situation to verify this for yourself. But when I searched the phrase "whole disk encryption on an SSD" from your initial post, I didn't find anything that suggested there wasn't a hit to performance with whole disk encryption on an SSD.

 

As pcdoc suggests, and if whether to use whole disk encryption is your call and not your employer's, I'd just encrypt the files you actually need to protect with an encryption volume.

 

Whole disk encryption has the additional bonus of also protecting the operating system itself from offline attacks.

No way to crack the local SAM database, for one.

 

Also if you store company data on the computer, it's pretty much the employers say how you should protect that data. TrueCrypt protected volume doesn't offer much protection, if %badguys% can just do an offline-attack to replace the OS files to some which come with built-in malware.

 

edit: this was the about only thing i could (quickly) dig out about BitLocker and SSDs

 

Is Bitlocker’s encryption process optimized to work on SSDs?

Yes, on NTFS. When Bitlocker is first configured on a partition, the entire partition is read, encrypted and written back out. As this is done, the NTFS file system will issue Trim commands to help the SSD optimize its behavior.

We do encourage users concerned about their data privacy and protection to enable Bitlocker on their drives, including SSDs.

Edited by kermi
Link to comment
Share on other sites

Just a comment. There is very little protection from attacks once Truecrypt is open. Once you start the system, type your password, all bets are off. "Data" security is actually better in a small protected volume than the whole drive. Granted, the whole drive will prevent someone from getting but only is you are logged off or shutdown. Either way, you are not going to get your value of the SSD when using truecrypt. YOu should consider one of the new fast 7200 rpm laptop dirves. WD has a nice one that quick, 500 gigs, and close to SSD power usage. Save the SSD for a standard machine or your desktop.

Link to comment
Share on other sites

I'll guess that the spindle drive being replaced is also encrypted with TrueCrypt. So you should still see a good performance boost from an encrypted spindle drive to an encrypted SSD. However, there's quite a bit out there anecdotally where people aren't pleased overall with their SSD performance when running TrueCrypt. TrueCrypt also has a post on their website that says that SSDs encrypted with TrueCrypt may not be as secure because of the TRIM command.

 

http://www.truecrypt.org/docs/?s=trim-operation

 

So, if you HAVE to use TrueCrypt because of some regulation from your employer, I'd say give it a shot. Personally, I'd get an Intel SSD if nothing else to take advantage of their SSD Toolbox. Otherwise, if you're not forced to use TrueCrypt, I'd consider BitLocker or one of the OCZ Vertex 2 Pro or EX drives that have AES encryption built-in.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...