SSD and Drive Encryption

[garethevans1986]

All,

 

My current laptop I use for work holds clients data on so I've got the drive encrypted using TrueCrypt. I'm looking to swap the HDD with an SSD to see if this will improve performance but still want to encrypt the disk - so I was wondering whether anybody else has done the same and had problems before?

 

The SSD I've purchased is http://www.ebuyer.com/474680-sandisk-256gb-ultra-plus-ssd-sdssdhp-256g-g25

 

If I can't use it in the laptop then it'll go in my workstation in the office instead :)

 

Thanks

GE

[articuno1au]

It can be done. Depending on the processor in the computer, it should keep up comfortably, but if you have something really slow you might see a bottleneck.

 

SSDs are no different to an OS than a HDD. You have nothing to worry about here :)

[Torolol]

but you might not want to change the encryption key too often,

as it would means more massive re-writing to the SSD,

and that could easily depletes the SSD's over-provisioning

especially if theres much data that need to re-encrypted.

[garethevans1986]

but you might not want to change the encryption key too often,

as it would means more massive re-writing to the SSD,

and that could easily depletes the SSD's over-provisioning

especially if theres much data that need to re-encrypted.

 

This is my main concern at the moment, too much writing to disk will kill the drive quicker....especially if the rest of the unused space on the drive is filled too.

 

Thanks

GE

[articuno1au]

This is my main concern at the moment, too much writing to disk will kill the drive quicker....especially if the rest of the unused space on the drive is filled too.

 

Thanks

GE

Yeah, but that's part of a disks life cycle. Honestly, completely writing the disk for a full drive encryption, then changing the key will, at most, take 3 write cycles.

 

That's not enough to worry the disk. Also, the disk is designed to deal with that, so it won't actually write all over the disk.

 

Don't worry about the number of writes, it won't effect you unless you are repeatedly writing all over it. Just do it and keep an eye on the smart read outs if you are concerned.

 

I've abused the hell out of a Vertex 2 for years, no issues at all. Doing it to a Vertex 4 now, same answer :)

[Odom Member]

What articuno1au said (Y)

 

Unless you write 10GB of data more than a few times a day, every day of a year, don't worry about the life-cycle of the SSD.

[Jason S. Global Moderator]

i use encryption on my work laptop that has an SSD. i see no performance degradation. works just fine.

[snaphat (Myles Landwehr) Member]

Until two months ago, I used Truecrypt to encrypt both my laptop and work PCs (with SSDs) (this was probably for a period of 2 years in total). The only issues I had were as follows:

1. It can take time to start from hibernation because it has to decrypt the stored hibernation files. This is MUCH slower than just booting up from shutdown (possibly 3-5 minutes). Keep in mind laptop had no hardware AES instruction support, and that might make a difference.
2. Windows won't be able to do an update with an encrypted boot drive. I had to reverse the decryption to upgrade from Windows 8 to 8.1. Which brings me to number 3...
3. If there is some sort of corruption, this could leave your drive unable to be decrypted completely. I had to completely clobber my work PC drive because after my drive was ~95% decrypted, it BSOD'd and would BSOD if I tried to continue the decryption process from then on*. 

* Note: It was also not possible to chkdsk/scan to repair the drive either because that would cause Truecrypt to try to decrypt the corrupted data and result in a BSOD (this shouldn't come as a surprise). I could still boot and run the OS, presumably, fine even with the corruption.

[primexx]

don't use TrueCrypt or software encryption on SSDs. They're already encrypted you just have to set an ATA password for the drive in BIOS. It didn't do ###### for HDDs because HDDs aren't by themselves already encrypted, but with SSDs the ATA password is used to encrypt the encryption key that is used to encrypt the actual SSD itself by default. This way you don't suffer any performance or wear hits at all because the drive is doing exactly what it would have done anyway.

[snaphat (Myles Landwehr) Member]

don't use TrueCrypt or software encryption on SSDs. They're already encrypted you just have to set an ATA password for the drive in BIOS.

 

Good point, the problem I had with my laptop (and work PC) is that neither supported this feature which was the only reason I rolled Truecrypt instead.

 

EDIT: Ack, I just checked in the middle of my post and it appears the OPs drive doesn't have built in encryption!

[primexx]

Good point, the problem I had with my laptop (and work PC) is that neither supported this feature which was the only reason I rolled Truecrypt instead.

 

EDIT: Ack, I just checked in the middle of my post and it appears the OPs drive doesn't have built in encryption!

 

oh, well that's news to me... and sucks for OP i guess.

[snaphat (Myles Landwehr) Member]

oh, well that's news to me... and sucks for OP i guess.

 

I had completely forgotten that THAT was the issue with my Intel x25-m and not the laptop itself until you mentioned the drive encryption. I honestly wasn't even aware they were still making drives that weren't encrypted. I hope the evo 840 i just bought is...

[primexx]

I had completely forgotten that THAT was the issue with my Intel x25-m and not the laptop itself until you mentioned the drive encryption. I honestly wasn't even aware they were still making drives that weren't encrypted. I hope the evo 840 i just bought is...

 

the evo is.

[T3X4S]

Is worrying about disk rewrites as dumb as arguing over which thermal paste to use ?

Are we fretting over shaving a year off of a 75 year life span ?

Somethings that are geek-raged over are a little silly like the difference in 2 degrees in thermal paste, or that an SSD with 1.5 million hours MTBF "sucks compared to 2 million MTBF"

 

Im asking not mocking.

[primexx]

Is worrying about disk rewrites as dumb as arguing over which thermal paste to use ?

Are we fretting over shaving a year off of a 75 year life span ?

Somethings that are geek-raged over are a little silly like the difference in 2 degrees in thermal paste, or that an SSD with 1.5 million hours MTBF "sucks compared to 2 million MTBF"

 

Im asking not mocking.

 

more like 10-25 years at really high write rates. which is still wayy more than the vast majority of people will ever use before upgrading (or failure, i guess, the flash cells probably have much longer lifespans than every other component in the drive).

[T3X4S]

Until two months ago, I used Truecrypt to encrypt both my laptop and work PCs (with SSDs) (this was probably for a period of 2 years in total). The only issues I had were as follows:

1. It can take time to start from hibernation because it has to decrypt the stored hibernation files. This is MUCH slower than just booting up from shutdown (possibly 3-5 minutes). Keep in mind laptop had no hardware AES instruction support, and that might make a difference.
2. Windows won't be able to do an update with an encrypted boot drive. I had to reverse the decryption to upgrade from Windows 8 to 8.1. Which brings me to number 3...
3. If there is some sort of corruption, this could leave your drive unable to be decrypted completely. I had to completely clobber my work PC drive because after my drive was ~95% decrypted, it BSOD'd and would BSOD if I tried to continue the decryption process from then on*. 

* Note: It was also not possible to chkdsk/scan to repair the drive either because that would cause Truecrypt to try to decrypt the corrupted data and result in a BSOD (this shouldn't come as a surprise). I could still boot and run the OS, presumably, fine even with the corruption.

So what did you end up having to do ?

[snaphat (Myles Landwehr) Member]

So what did you end up having to do ?

 

For the corruption? reformat and start from scratch. 

[Odom Member]

My boss also used to encrypt a partition with Truecrypt. Something happened to it and he could no longer access it. He tried everything he could find, but in the end he lost everything. He did have a backup on an external drive, though. Also encrypted with Truecrypt :)

[snaphat (Myles Landwehr) Member]

My boss also used to encrypt a partition with Truecrypt. Something happened to it and he could no longer access it. He tried everything he could find, but in the end he lost everything. He did have a backup on an external drive, though. Also encrypted with Truecrypt :)

 

^This, with encryption you really have even more of a reason to keep backups.

[primexx]

^This, with encryption you really have even more of a reason to keep backups.

 

i have, a bunch of times, decided that it was a good idea to encrypt something for one thing or other then promptly forget what the psasphrase is. fortunately, most of those i knew exactly what was behind the encryption and had multiple copies, it just made it a bit more inconvenient for me. a few of those, i have no idea what i stored anymore, but i'm pretty sure it wasn't anything critical and have not found a reason to go and use anything that could possibly be encrypted in them yet, so I just keep the containers around just in case I figure out that I need one in the future.