Question Encryption options on Samsung 850 EVO / Windows 10 Home

Coup27

Platinum Member
Jul 17, 2010
2,138
2
81
Hi,

I am (still) on Windows 7 Home Premium and I am preparing to secure erase my Samsung 850 EVO SSD and finally load Windows 10 Home. I did the free upgrade a few years to Windows 10 but I didn't like it at launch so I went back to Windows 7. This means I will be using the Home version of Windows 10.

I have 2 850 EVO's. One is just for Windows and a larger one for just data. I have never used the encryption features and before I perform this reload I want to know if they are worth bothering with.

I have read online that the encryption used in this model of drives, and others, has been found to be poorly implemented and from what I can see no firmware has been released from Samsung to patch the holes. The version of Windows I'll be using also does not have bitlocker which from what I've read is required to be used in conjunction with the encryption feature.

I don't want to go mad here with encryption but if it was a case of enabling encryption and just setting a HDD password in my BIOS I would have done it but it sounds like I would have to use a software based solution like Veracrypt instead? My CPU has AES-NI so does that mean there is no performance penalty if I did go that route?

I will read up online more myself but any assistance people are willing to offer is much appreciated.
 

Coup27

Platinum Member
Jul 17, 2010
2,138
2
81
I've read more into this and as my Windows SSD only has Windows and programs on it there doesn't seem any need to encrypt it. My second SSD is purely data and I could use Veracrypt to encrypt it with software. Veracrypt would allow me to encrypt it while still full of data meaning I wouldn't have to re-write all my data? I need to read more about how to do it before jumping in but does that sound a better route to take?

Thanks.
 

leexgx

Member
Nov 4, 2004
57
1
71
Hi,

I am (still) on Windows 7 Home Premium and I am preparing to secure erase my Samsung 850 EVO SSD and finally load Windows 10 Home. I did the free upgrade a few years to Windows 10 but I didn't like it at launch so I went back to Windows 7. This means I will be using the Home version of Windows 10.

I have 2 850 EVO's. One is just for Windows and a larger one for just data. I have never used the encryption features and before I perform this reload I want to know if they are worth bothering with.

I have read online that the encryption used in this model of drives, and others, has been found to be poorly implemented and from what I can see no firmware has been released from Samsung to patch the holes. The version of Windows I'll be using also does not have bitlocker which from what I've read is required to be used in conjunction with the encryption feature.

I don't want to go mad here with encryption but if it was a case of enabling encryption and just setting a HDD password in my BIOS I would have done it but it sounds like I would have to use a software based solution like Veracrypt instead? My CPU has AES-NI so does that mean there is no performance penalty if I did go that route?

I will read up online more myself but any assistance people are willing to offer is much appreciated.
buy a windows 10 pro key for under £/$ 5 and convert your windows 10 Home into pro (make sure internet is not connected if converting form home to Pro) or clean install windows 10 and put the Pro key in from there, don't pick windows 10 pro N

and bitlocker far simpler (any reason why you want to use disk encryption)
 

Charlie22911

Senior member
Mar 19, 2005
602
226
116
Here's some food for thought...

SSDs perform very poorly when filled with data. Encrypting a drive essentially "scrambles" the entire drive so that it looks like random data instead of anything usable. With that in mind, it would seem to me that this would have a considerable negative performance impact since the SSD controller wouldn't have any knowledge that encrypted free space isn't just random data.
IIRC bitlocker drives formatted as NTFS can still process trim commands, but it seems to me this would negatively impact the security of encryption since an adversary can tell which parts of the disk contain data (assuming that is what this does). If not, the the drive still thinks it is filled with random data; a negative either way I'd think.

As a user of both bitlocker and veracrypt (on HDDs), my opinion is that you shouldn't bother unless you are carting sensitive data around on a portable machine. The above may be a non issue, as I don't have any real understanding of how it is implemented.
 

leexgx

Member
Nov 4, 2004
57
1
71
Here's some food for thought...

SSDs perform very poorly when filled with data. Encrypting a drive essentially "scrambles" the entire drive so that it looks like random data instead of anything usable. With that in mind, it would seem to me that this would have a considerable negative performance impact since the SSD controller wouldn't have any knowledge that encrypted free space isn't just random data.
IIRC bitlocker drives formatted as NTFS can still process trim commands, but it seems to me this would negatively impact the security of encryption since an adversary can tell which parts of the disk contain data (assuming that is what this does). If not, the the drive still thinks it is filled with random data; a negative either way I'd think.
TRIM works with bitlocker fine with a SSD and will perform the same as if it was not encrypted (if you don't have a CPU with hardware AES it might be a little bit slower but it have to be a really old CPU for that)

even if they can see where the data is its encrypted it won't do them any good,, the time its a problem is when your actually trying to hide somthing in free space
 

ASK THE COMMUNITY