• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

SSD drive and full disk encryption

blackangst1

blackangst1

Lifer
Ive done a little research, but have found vague info (read: no clear answer). I currently use Truecrypt for FDE, and am putting together a full new system this weekend, including an SSD drive for OS/programs. Does anyone have any advice regarding FDE on SSD? Performance hits? Any problems?
 
Off the top of my head, I can't think of a reason it would work any differently than a standard disk. Part of the purpose of FDE is that it only decrypts in RAM, so you shouldn't see more writes than you would without it I don't think...

I can't come up with any issues, but I'm not an expert.
 
Not sure if your encryption is similar to the one on madshrimps, but there's a short blurp on it.

http://www.madshrimps.be/?action=getarticle&articID=965

“Unfortunately on the laptop system with Utimaco Safeguard (full disk encryption) performance is too similar to a normal HDD to justify the expensive storage. Most likely the Utimaco software will have to be patched/tweaked for SSD usage to take advantage of its performance, currently all read/write actions pass through the encryption driver, causing the bottleneck, and it's not CPU bound either, it never goes over 10% during heavy file transfers...
 
Depends on if the encryption is hardware or software based.


hardware encryption should cause a very little hit in performance, software may cause a much more noticible hit.



I have to tell you that in my DR experience FDE drives are a nightmare, literally they are impossible to recover without the key, which is usually lost because thats why recovery is needed.


Keep a backup on an non FDE drive in a secure location.


Regards,
 
Russwinters said:
Depends on if the encryption is hardware or software based.


hardware encryption should cause a very little hit in performance, software may cause a much more noticible hit.



I have to tell you that in my DR experience FDE drives are a nightmare, literally they are impossible to recover without the key, which is usually lost because thats why recovery is needed.


Keep a backup on an non FDE drive in a secure location.


Regards,
Click to expand...

I actually keep a copy of the key offsite in a secure location so not worried about that. Worst case scenario, I lose OS and programs. I keep all my important stuff on a seperate HD, also encrypted, also with key offsite. And of course I do secure backups 😀
 
So does anyone knwo of an encryption setup that utilizes Westmeres AES acceleration?

I don't think Truecrypt does, and I don't have Ultimate to be able to use bitlocker.
 
blackangst1 said:
Ive done a little research, but have found vague info (read: no clear answer). I currently use Truecrypt for FDE, and am putting together a full new system this weekend, including an SSD drive for OS/programs. Does anyone have any advice regarding FDE on SSD? Performance hits? Any problems?
Click to expand...

I'd be curious about how this affects TRIM. Because for trim to work properly the filesystem and controller driver have to support it, IIRC. So if you've got an encryption driver intercepting filesystem calls, encrypting/decrypting the data and reissuing the calls with the new data it's possible whatever APIs or tags that tell the controller to do a TRIM on delete might get filtered out.

I'm also curious why you're encrypting your OS drive anyway, as long as you redirect your profile there shouldn't be any significant personal data on it.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top