• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

SSD's and Full Disk Encryption - any data?

M

Metaluna

Junior Member
Much analysis and testing has been done surrounding SSD long term performance issues. In other words, it seems like the industry has a pretty good handle on how to manage things like garbage collection, TRIM, reserved space, write amplification, wear leveling, etc. when used on a normal file system.

My question is, has anyone ever looked at the implications (if any) of using FDE on an SSD? I don't know how most FDE software works, but my understanding is at the extremes you either have a completely new on-disk format with new filesystem drivers, or else just a huge encrypted file with its own internal filesystem, or an implementation that's somewhere in between.

So it sounds like something like this could potentially mess up the assumptions SSD firmware makes when implementing garbage collection and TRIM (i.e. would TRIM even be useful if all you're ever doing is overwriting sections of a huge file). Have there ever been any tests along these lines?
 
Last edited:
TrueCrypt = encryption on file containers right? NOT FDE! FDE would make TRIM unusable; that would be your issue.

So yes TrueCrypt containers would be better, but it wouldn't be full disk encryption. Besides i highly doubt Windows can implement FDE on the system disk; only FreeBSD can if i recall - requiring you to enter the system disk password when booting the kernel.
 
TrueCrypt has a full disk encryption option. Also, it is possible to have a large container. In both cases, one capacity of the container worth of data is used for initialization of the container (i.e. each sector in the container is written to once), and you lose TRIM. Other than that I can't think of any obvious issues.
 
Thanks for the info. I'll check out the TrueCrypt forums. I didn't realize there was a distinction between FDE and "container" encryption. The reason I ask is that I'll be upgrading my work laptop soon and we are required to use Checkpoint Pointsec (which I think is FDE), so I'm trying to anticipate if there will be any issues with the Dell 128GB SSD that my employer is putting in new laptops.
 
My work laptop has an intel x-25m and uses pgp wholedisk and i havent had any problems with it since i got this set up. its fast too
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top