Protect Your Data! TrueCrypt 7.0a's Performance, Analyzed

Conclusion: AES-NI Preserves Performance Reserves

When it comes to a basic assessment of TrueCrypt, the benchmark results do not really matter that much. The open source program is a mature and highly recommended security solution that allows you to effortlessly encrypt partitions and hard drives, keeping files and folders on your computer safe. Regardless of whether you are running TrueCrypt on Windows, Mac OS, or Linux, the files selected by the user are encrypted using strong algorithms, at all times protected from access by unauthorized third parties.

Its versatility enabled even the previous TrueCrypt version 6.1 to stand out from competitors, such as BitLocker. It only lacked AES-NI support. This has now been taken care of in TrueCrypt 7.0a, finally making it our encryption tool of choice. We're even extending that recommendation to computers without hardware acceleration of AES. Compared to an unencrypted system, TrueCrypt encryption does affect system performance (as expected). But it in no way interferes with the user, and it doesn't demonstrate a performance impact that would be noticeable on a mainstream PC.

However, you should not install TrueCrypt by default if you are running a system that relies heavily on I/O (a database server, for example). Even if it can handle real-time encryption, the program cannot match the I/O performance and data throughput of an unencrypted system yet.

Exploiting the AES-NI instruction set is highly recommended if your computer is equipped with an Intel CPU that offers the feature. This includes the 32 nm Clarkdale-based processors, six-core Gulftown-based CPUs, and second-gen Core i5/i7 chips that center on Intel's Sandy Bridge architecture (Sandy Bridge-based Core i3s do not support AES-NI, unfortunately).

For simple encryption, the performance gain attributable to AES-NI is not that large compared to standard non-accelerated AES encryption. However, the CPU load drops significantly when the feature is active, giving the computer more power reserves and enabling even higher levels of security if necessary. AES-NI-compatible systems allow for more flexibility when setting up the encryption, and can handle a double encryption without any noticeable performance hit.

Create a new thread in the US Reviews comments forum about this subject
This thread is closed for comments
Comment from the forums
    Your comment
  • truchonic
    can we send this to sony?
  • eddieroolz
    I like the jab at Sony in the opening page!

    Anyhow. I've used TrueCrypt 7.0a for about a year now to secure my sensitive information. I've only encrypted a non-system partition as of now, but for the purpose of storing sensitive files the performance hit is unnoticeable. Took a bit of time to set up, but in the end, all worth it.
  • kikireeki
    TrueCrypt is the best, but anyone who uses it should keep in mind that the data encrypted by it is not meant to be recoverable.
  • Anonymous
    I encrypted my HP dm1z "netbook" system partition with Truecrypt. Even without AES-NI support by AMD E-350 the computer is still very responsive for non-gaming tasks. Thanks to Truecrypt for their great encryption utility and also to AMD for making a decent low-end APU.
  • jrnyfan
    True Crypt pwns. fin.
  • alidan
    a strong password and change it often...
    yea thats so not happening.

    i could make my password look like that,
    but it would be REALY HARD to remember, and changeing it on a, lets say, monthly basis.... who are you kidding.

    i have a 5 letter password
    i have an 8 letter password
    and i have a 6 letter password for when places force me to use a number, but at the same time, wont let me have 2 letters that are the same in a password.

    i find it agonizingly annoying that i cant use a 5 letter password for everything, because i despise having more than 1. its my account, i will make it as secure as i want. i pay 10$ a month for id theft protection, is an account is lost because of "hacker" i tell someone about it and the account is dead to me.

    i have only had 1 hacker in my life go for any one of my 100's of accounts (i mean 100's literally) and that is my gaia account that i made when gaia was new, and someone tried to brute force the account, 5 times back in 2008 (i have the emails in a special folder labeled F@$#ING BRUTEFORCER, without the censoring) and not a f@#$ was given by gaia (i didn't care, i stopped using it years before, i just informed them that some a$$hole was hacking my account to hopefully ban them, but they told me to p!SS off in almost those exact words). honestly security is overrated, yea id theft is bad, if you are parinoid, get protection and stop worrying, get a password that is 10 letters and number long, as no one is bruteforceing that, refuardless of where the account it, as long as they don't have your info or actually hacked the service.
  • memadmax
    hackers use bruteforce as last resort as it takes so long.
    Now they do the sneaky worm into your keyboard with a keylogger most times. Or if they are really targeting you, or want you bad, they will dig in your garbage....
    Net Security 101...
  • sudeshc
    You want best encryption deal with the drawbacks as you find them or else write your own encryption logic.
  • alidan
    memadmaxalidan,hackers use bruteforce as last resort as it takes so long.Now they do the sneaky worm into your keyboard with a keylogger most times. Or if they are really targeting you, or want you bad, they will dig in your garbage....Net Security 101...

    not realy, what they do first and formost, is check any online foot mark you have. usualy your password is something you know, such as mothers maden name or a birthday. i use to use my birthday completely spelt out, but that is to long for MANY passwords, and, as you can see, my spelling is atrocious, so i spell it wrong 9 times out of 10.

    but its my point exactly, they will get the info weather you want them to or not, and odds are, they will dumpser dive a hospital, dentist office, or doctors to get the info before they will ever go online.
  • Wamphryi
    I think that some may be missing the point about the benefits of encryption. For data on more portable media Truecrypt is most excellent. Also to be considered is that the data thief you should worry most about is not the Super Hacker on line but the opportunist thief who happens to steal your laptop. Your mail and photos etc in the hands of some petty thief?
  • Anonymous
    "i find it agonizingly annoying that i cant use a 5 letter password for everything, because i despise having more than 1. its my account, i will make it as secure as i want."

    It's your account, but it's their service. You're just a user, while they are an owner. They will decide the baseline for password length/complexity and you will comply because they take a serious PR hit if your password is hacked.
  • tommysch
    I decrypt EAS 256-bit at 3.3Gbps on a 2500K. Decryption is faster than the drive...
  • awood28211
    I work as a software developer for an organization that keeps private records on thousands of individuals... records that US law states MUST be confidential. My primary workstation is my laptop which at all times contains complete copies of source code for intranet site(s), applications and complete databases that these access. It would be devastating for this laptop to "walk" away from my desk, out of my car, my home or to be wrangled from my shoulder as I walk through a parking lot... It is a job requirement that I can be mobile and able to work at any time which is why I carry this information on my laptop.

    TrueCrypt is my encryption program of choice. I run Windows 7 and encrypt the entire system drive. My password is long, uses no real words, mixed case, #s and symbols. It is vital this password not be guessed by anyone. Only 3 people know this password, myself, a fellow developer and my department manager. I have an i7 cpu that supports the AES accelaration and my system is always quite responsive. TrueCrypt was installed the same day as the OS so I took away the worry from myself that I'd notice a before and after performance difference.

    I feel VERY confident that using TrueCrypt will keep anyone away from this data. While a "lost" laptop might result in some lost source code or database changes that have not been committed to our repository plus the cost of replacing the laptop (insurance FTW), I'd much rather re-do 8 hours of work than fret over exposing all this data to anyone savvy enough to explore a SQL database. I am aware of TDE for SQL2008 but our requirements are for more than the data (source code too!) and I feel double encryption (the file system and the DB on top) is not necessary.
  • Bolbi
    Unfortunately, not quite every Sandy Bridge CPU supports AES-NI. Two of the low-end mobile Core i7 processors (2630QM and 2635QM) don't offer the extra instruction set. And my new laptop uses the 2630QM...
  • TrinityTP
    "Brute force is as good as futile, given the 256-bit-strong AES encryption algorithm."

    Please don't spread this drivel... Your OMFG 1000million bit key is ultimately protected by your volume password. So guess what? It's the password they will brute force and that is only slowed down by key hardening (which true crypt does) and not the key size.

    By the way, brute force on 128bit is still way way out of reach of current hardware (even the power consumption of a perfectly efficient computer to run though 2^128 states is truly staggering). People only consider 256bit as important in case fast quantum computation becomes viable in the next few decades since a quantum computer can break a 256bit with "only" 2^128 steps.
  • Anonymous
    Would it be possible to rerun the IOMETER tests using an SSD which isn't based on a SandForce controller, i.e. one which doesn't mind whether you are dealing with compressible or incompressible data?
  • Anonymous

    lol...... im guessing you got nothing of strategic value to a hacker, seriously how many of your 100s of accounts hold strategic value? i would more then happily give a weak password for my spam collector e-mail but the one that's attached to my online Bank account is hella strong same way i presume you would not want to use a 5 digit password for your online bank account, and if you really do have that many accounts i suggest you use a password vault, that way you dont have to go around remembering all those strong password, one strong one would be enough (sometimes i wonder if i really am i commenting on a tech website)

    ID theft protection is close to useless if your personal information has become compromise, it is merely a damage control tool, if the criminal ever get a hold of enough personal info to ID theft you, you more or less become a victim for life
  • dgingeri
    From a support standpoint, I hate full drive encryption like this. I've had to rescue so many laptops where the MFT was damaged, and the only way to do it was to pull the hard drive, attach a USB adaptor, hook it up to another machine, and run chkdsk /f to rescue any data.

    With these programs, that recovery is impossible. Just before I left my last permanent job, we had just implemented a program like this, and I had 3 users lose everything because of that full drive encryption program in less than a year. In all three cases, the drive was physically fine, and I could have rescued the data if the drive wasn't encrypted.

    It just makes support so much more difficult.
  • Niva
    I would've liked to see 6.1 in the benchmarks and how it compares to 7.0

    Been using TC for years now, I think since version 4.something and find it absolutely essential for storing my secure info like tax returns and passwords. You can actually use triple-encryption and etc.

    I've never done a whole encrypted drive.

    Very long passwords are easy to remember, you can create giant passwords like! and it will make you smile every time you type it in. :)
  • lasaldude
    "IT service provider Unisys found the following: while 72% of the people asked feared the possibility of identity theft, only 37% of them used strong passwords and changed them regularly. In plain English, in the face of a vague threat, people prefer taking a risk over making an effort. Clearly, this is a true revelation of human nature (Ed.: that's just dripping with sarcasm)."

    That's not true, I work for Unisys in SLC, I'm here right now at work reading this. All the companies I support required password changes frequently all the Time and to use complex requirements for their password.