Sign in with
Sign up | Sign in
Your question

SSD native encryption vs. TrueCrypt

Tags:
  • SSD
  • Encryption
  • Storage
Last response: in Storage
Share
April 1, 2012 1:13:46 AM

Hi folks,

According to the OP in this superuser question,
Quote:
Software encryption will negate the speed benefits that an SSD provides - because of the need for the SSD to send a delete command, then a write command, for every encrypted write - instead of just writing over data like a regular HDD would.

I am putting an SSD into my netbook. I am paranoid, so if someone steals my netbook, I don't want them to have a chance in Hel (not a typo) to retrieve my personal data.

But the above worries me; the reason I want an SSD is because they are blazing fast. Further, according to this 2010 benchmarker, SSD performance might gradually deteriorate if encrypted. Is this last-mentioned detail old news?

I have come across some disks which have native AES encryption (example). How does this encryption perform in comparison to TrueCrypt encryption? How does native encryption solve the problems above?

Is native encryption only solving the issue that SSDs cannot be securely wiped? Because that problem is easily avoided by making sure that unencrypted data has never been written to the disk prior to full-disk encryption.

What are the issues involved in applying full-disk encryption on an SSD, and how are these issues "solved" with native encryption?

Thanks,
Willard.

P.S.: Related thread.

P.P.S.: In case you are just as paranoid as me, and have a running setup: I also want a potential thief to, per default, boot into a typical OS (Windows if possible, otherwise Ubuntu) with daemons running which do their best to "call home". The thief should never need to decrypt the drive, because if he needs to do that, he will wipe the drive, eliminating any chance I have to ever see my netbook again. The option to boot into "my" OS (Arch Linux) should be hidden, and only active for via a special key combination in a ~1 second time window during boot. Anyone know how to do this?

More about : ssd native encryption truecrypt

a b G Storage
April 1, 2012 2:07:26 AM

The benchmark you linked at least did out taken into account the performance hit that is the result of CPU bound bottleneck. It uses an old CPU that does not support AES encryption as quickly as newer ones. Using True crypt in any system, SSD or not would incur this performance hit.

as far as I understand Truecrypt does encryption in RAM so does not cause any more read/write to SSD then without it.

answer for pps: True crypt have this feature implemented. See hidden OS section of their guide.


m
0
l
April 27, 2012 4:23:46 PM

The quick answer is that you will see a performance dip using Truecrypt because it fills the entire SSD with random data. The amount of a dip will depend on the SSD you get, and the what CPU you are using.

Hardware encryption solves Truecrypt's issue, by not filling all of the SSD's blocks with random data. This is a less secure method, especially if the attacker knows what a large chunk of the data on the drive is, such as what OS you are using. In reality, this is not a major concern because it would still take an unreasonable amount of time to crack it.

There are pros and cons to both hardware and software encryption. You won't get the same plausible deniability with hardware encryption, but hardware encryption doesn't store your unencrypted key in system RAM. Software encryption, like Truecrypt, has been tested for security holes several times over, so it is a fairly trustworthy package. Hardware encryption does not get the same level of review. You generally have to take the manufacturer's word that it is secure. Hardware encryption does not produce the same performance dip, and is generally more power efficient when performing encryption/decryption functions(important for laptops).

Hardware encryption security in SSD's is questionable at the moment though. Samsung's 470 drive is the only consumer level SSD that received FIPS 140-2 certification that I am aware of. It is probably the only drive that I would trust.

I have heard reports that Intel's 320 drive turns into a "brick" if you can't remember the password. Intel says it is unserviceable and nobody can wipe it and reuse it. That seemed to be a concern of yours.

As a side note, it really depends on what type of threat there is to your data as to whether getting an encrypted drive is very beneficial. Most vectors of attack for personal information don't stem from physical access to your storage, but rather network connections, email, malware, physical mail, telephone marketing, etc... Following safe practices when it comes to all of those potential threats are more important than using an encrypted drive to protect personal information.
m
0
l
December 11, 2012 12:09:31 AM

Thanks for all the infos in this treath! I'm looking at the same question, but specially about the speed question Drives whit data compression (SandForce) and whit out. How big is the loose there?
m
0
l
!