Solid State Disks and Full Disk Encryption = Cr*p

This thread is also for my own reference. I considered purchasing an Intel SDD but it seems that this does not may any sense for security conscious users using full disk encryption.

All available alternatives (except for Drivecrypt Plus Pack which has not been tested so far) seem to reduce the performance of an SSD to the level of a normal harddrive.

1. No Encryption

http://www.smokey-services.eu/forum...9r04341l8sqbc1vt1v2s6&topic=49459.0;msg=96324

http://i176.photobucket.com/albums/w161/LindaLoo_photo/as-ssd-benchmark_afterBCVEremoved_0.png

and another one

http://www.abload.de/image.php?img=as-ssd-bench-unencrypt9a2q.png

and yet another test

http://www.abload.de/img/normal5km4.jpg

and one more

http://www.abload.de/image.php?img=benchmarkasssdbenchmard7bx.jpg

2. Best Crypt Volume Encryption

http://i176.photobucket.com/albums/w161/LindaLoo_photo/as-ssd-benchmark_withPGP_020310.png

http://www.smokey-services.eu/forum...9r04341l8sqbc1vt1v2s6&topic=49459.0;msg=96464

http://i176.photobucket.com/albums/w161/LindaLoo_photo/as-ssd-benchmark_withBCVE_010310.png

http://www.smokey-services.eu/forum...9r04341l8sqbc1vt1v2s6&topic=49459.0;msg=96324


2. Truecrypt

http://250kb.de/u/100124/j/t/cUYxy0HHyeNw.gif

http://www.hardwareluxx.de/communit...ruecrypt-erfahrungen-681287.html#post13834356

and version 6.1a

http://www.abload.de/image.php?img=as-ssd-bench-truecrypt1be1.png

and version 6.3a

http://www.abload.de/image.php?img=as-ssd-bench-truecryptb9jc.png

another Truecrypt test

http://www.hardwareluxx.de/community/12952984-post1684.html

http://www.abload.de/img/ssdtc6m2c.jpg

and more more

http://www.thinkpad-forum.de/thinkp...ung-auf-x4x-aes-truecrypt-mit-ssd/#post673944

http://www.abload.de/image.php?img=as-ssd-benchintelssdsaxw8n.png

3. Bitlocker

http://www.abload.de/image.php?img=as-ssd-bench-bitlockerkabg.png

4. Diskcryptor

http://www.abload.de/image.php?img=as-ssd-bench-diskcrypt5aaf.png


5. Safeguard

http://www.madshrimps.be/?action=getarticle&articID=965

On additional comment: The benchmark results are not directly comparable but show that any software reduces the performance of a fast SSD by at least 50%. The low benchmark results do not seem to directly result from low CPU performance. Most users reported that the CPU usage was below 50%.

 

Cryptographic operations on a normal processor have overhead, regardless of what kind of disk you are using. If you want to increase your performance to a native speed level, you need a processor that has onchip cryptographic functions, and an operating system that can take advantage of that. Your processor becomes your bottleneck. For approximately every 100Mhz of processing power, you can do about 128 KB / sec of transfer to your hard disk.

For example, check out the VIA C7 or later series chips. Using those results in no noticeable loss of performance.

 

There has been a topic on DiskCryptor forum, where a person with SSD has made some modification to the program so it would perform better on his system, and you can find it here.

 

Hi


The effect of the encryption on the time to write the data on the tag shows that encrypted data group takes 70 - 120 milliseconds for the transmission more than the unencrypted data group. While the encryption does not have a significant impact on the accuracy of R/W, the distance and cycle delay does. Also, the encrypted data takes longer to write to the tag. (encryption and decryption is done at the block or sector level not at the entire file level) so the encryption/decryption of the data generally doesn't result in reading/writing significantly more data!

Using a fast multi core processor and a fast system drive, preferably a Flash SSD, widens this bottleneck to an extent that makes TrueCrypt almost transparent—power users will complain, but most average users will not.

It is recommended to only go for multi-level encryption if you really have scenarios making this hardcore measure necessary. In this case there is a performance impact that is more noticeable, such as when you work with multiple applications with an anti-virus tool scanning the hard drive in the background

http://insidedanshead.spaces.live.com/blog/cns!25C1077A9D839288!193.entry

 

Some of the degradation in performance might possibly be due to fragmentation on the solid-state disk. Diskeeper offers a solution (see HyperFast) that is specifically designed for SSDs.

 

Also, if you’re concerned about speed, take note: some full disk encryption software products now utilize the new Intel 32nm Westmere core chips with embedded AES capabilities (“AES-NI”) for accelerated encryption performance.

As PGP explains, “with Intel’s new instruction set, AES-NI (available in Westmere processors), the performance of PGP Whole Disk Encryption is enhanced several times over” (see here).

 

@all

Thanks for you helpful input. I am now confident that at least Diskcryptor will be improved rather quickly and then the issue should be resolved.

 

Diskeeper: The only people who think SSDs need defragmenting. Their reasoning and logic on this subject is what's fragmented. But, of course, they seek to profit on their blatant misinformation.

There are multiple sources to check, I'll just throw out a random one:
http://www.ghacks.net/2009/01/03/should-you-defragment-a-ssd/

 

Yes, it is true that opinions about the efficacy of the HyperFast technology are mixed. Yet, interested readers may wish to examine this white paper for additional information.

Additionally, for an independent and empirical review of the technology, please see here.