14

I use full drive encryption (FDE) w/ TrueCrypt on my laptop. I have a 2nd gen I7 with AES instruction support, so honestly I can't even notice a speed change on the system with it on.

My question, is for those who know about SSD's a lot. I previously (early 2011) read articles about how software encryption will negate the speed benefits that an SSD provides - because of the need for the SSD to send a delete command, then a write command, for every encrypted write - instead of just writing over data like a regular HDD would (or something like this...honestly I can't remember...ha!).

Anyway, any improvements in this field? Is it pointless for me to grab an SSD if I'm using FDE?

Thanks all.

Improve this question

2 Answers 2

Reset to default
16

There are three main issues here: performance, SSD wear, and level of security.

Performance and SSD Wear

SandForce-based SSDs compress all data on-the-fly, in hardware, leading to some impressive performance improvements, i.e., increased write speeds. This also reduces the write-amplification factor (sometimes to below 1.0) which reduces the wear (the number of program/erase cycles) on the flash memory. If encryption is first done by software, such as TrueCrypt, the resulting data will be much less-compressible. This will reduce performance and increase wear.

Encrypting a non-SandForce SSD (or any SSD that doesn't encrypt in hardware) using TrueCrypt certainly reduces performance, but it's arguable that the SSD is not the bottleneck - the compression will be CPU-bound.

Security

Using TrueCrypt to encrypt an SSD (or any drive that has wear-levelling) can lead to security problems, so it is not recommend (although I'd argue that the risk is small).

SandForce-based SSDs and some other SSDs actually already encrypt all data on-the-fly. For the Intel 320, this can be used for full disk encryption, but it's not possible at the moment for SandForce drives:

SandForce drives, such as the Vertex 2, do encrypt the full drive contents, but do not provide [full disk encryption]. At the moment, the encryption feature is only useful for a quick secure erase of the drive.

Improve this answer
4
  • thanks, this helps... I guess I probably have more questions than I started with now. haha. So, what hard drive is the ideal SSD for using FDE w/ True Crypt? Would love some precise models.. I don't mind software encryption (vs. hardware) - because the I7 handles it fine. Beyond that, it sounds like I'm looking for one that does NOT use wear leveling - but what is the life I can expect out of this - half of normal??
    – Shackrock
    Commented Nov 16, 2011 at 18:09
  • We don't like to give specific shopping recommendations on Super User, but any non-SandForce drive should be fine. Even if you could find an SSD that didn't use wear-levelling, this would be a very bad idea. Not only will blocks start to fail relatively quickly, but the drive's performance will drop off.
    – sblair
    Commented Nov 17, 2011 at 13:34
  • ok. So, any non-SandForce drive that DOES use wear-leveling is a keeper?
    – Shackrock
    Commented Nov 17, 2011 at 14:42
  • Yes. There are other things to consider, such as overall performance, warranty length, and cost (obviously). So, as always, it's best to check a review or two before buying.
    – sblair
    Commented Nov 17, 2011 at 15:01
1

TrueCrypt performs encryption/decryption in RAM, so there should be no speed penalty. See TrueCrypt - Documentation:

Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM.

Edit: I think I misunderstood your question initially. There appears to be some issues with TrueCrypt and wear-leveling: http://www.truecrypt.org/docs/?s=wear-leveling

Improve this answer
3
  • Ah, just read this one too: superuser.com/questions/235420/… - some good results there.
    – Shackrock
    Commented Nov 16, 2011 at 16:12
  • It may be worth looking into the documentation on wear-leveling, if it applies to your SSD. See my edit above.
    – iglvzx
    Commented Nov 16, 2011 at 16:25
  • AH, I knew it....
    – Shackrock
    Commented Nov 16, 2011 at 18:01

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .