Sign in with
Sign up | Sign in
Your question

SSD for FDE...

Last response: in Storage
Share
February 24, 2012 3:36:06 PM

Hello,

Can anyone recommend a 128g ssd that perform will with FDE (full disk encryption) like mcafee endpoint encryption.

I've tried Crucial M4 and OCZ Vertex 3. Performance dropped dramatically after FDE.

thx

More about : ssd fde

a c 279 G Storage
February 24, 2012 4:01:08 PM

No, but I can look for the various articles on why you should never use external FDE on an SSD. Seriously, there are a few. For one thing, the software makers specifically state that it's not secure, because writing the encrypted data back over the same block leaves the unencrypted version somewhere else. So a serious attacker could read your disk.

Plus, there is massive write amplification.

Look for a self-encrypting SSD. In the meantime, if I find the articles, I'll post links.
February 24, 2012 5:07:58 PM

WyomingKnott said:
No, but I can look for the various articles on why you should never use external FDE on an SSD. Seriously, there are a few. For one thing, the software makers specifically state that it's not secure, because writing the encrypted data back over the same block leaves the unencrypted version somewhere else. So a serious attacker could read your disk.

Plus, there is massive write amplification.

Look for a self-encrypting SSD. In the meantime, if I find the articles, I'll post links.


thx. But that's not what I'm looking. The reason I ask for FDE because my company requires us using it.
a c 279 G Storage
February 24, 2012 7:05:42 PM

Well, no SSD will perform well with these. They are known SSD-killers. The best thing that you can do is to start encryption on the disk while it is blank; that will be better then post-encrypting a loaded disk.

If the company's security officer is willing to listen, and if I find the links, you might get him/her to try a self-encrypting SSD instead of a setup that is known to work poorly and have security risks.

If you are not sick of me already, have a look at my post in this thread: http://www.tomshardware.com/forum/268261-32-full-disk-e... . It has links to the articles. To quote the TrueCrypt site: "Due to security reasons, we recommend that TrueCrypt volumes are not created/stored on devices (or in file systems) that utilize a wear-leveling mechanism (and that TrueCrypt is not used to encrypt any portions of such devices or filesystems). "
!