Will Full System encryption DAMAGE my SSD?
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Im about to install a new Samsung 970 Evo
I want to run windows on it with VaraCrypt system encryption
But as SSD's need to "trim" and have "over provisioning", im worried Will Full System encryption will damage the drive? (make it age quickly)
Is this a valid concern? Or does VeraCrypt work well now with SSDs?
How much speed can i expect to lose?
I dont mind losing some speed, but this thread shows some MASSIVE impacts on write speeds
https://github.com/veracrypt/VeraCrypt/issues/136
As you can see from my other thread, i dont trust the hardware encryption...
Thanks
Last edit: sky net 2018-11-23
VeraCrypt does not block the TRIM function. If the operating system issues a TRIM command, VeraCrypt will pass it on to the drive. VeraCrypt does not make a drive age more quickly. The initial encryption operation will write once to every block on the drive, but after that, there is no more data written to the drive than before.
This depends on the speed of your CPU, whether or not your CPU supports hardware encryption acceleration, and what cipher you choose. I don't know what the people in the thread you quoted were using for their benchmark, but I have never seen performance that poor myself with VeraCrypt. My SSD is a couple years old, but I get 400MB/s sustained write with VeraCrypt and Serpent+AES cyphers. The drive you are naming has a turbo write mode to it, but with AES I suspect there wouldn't be much loss in speed even with that.
You will lose some speed, but I have never found it even noticable.
Hey Kurt, thanks for the reply.
Im running an intel i7 2600k
Ok, so maybe im wrong on this but i've read that when an SSD drive is completely full its performance and life is affected..
And while the drive isnt full of actual data, its full of FDE veracrypt cypher correct? All blocks are written to as you say.
perhaps this is a myth tho, and a full SSD behaves normally.
sounds like your still getting good performance.
Are you also leaving drive hardware encryption enabled?
I will use to AES for software as CPU has dedicated instructions for it.
Last edit: sky net 2018-11-24
The drive is not being filled in the way that affects its performance. However, since any SSD has a limited number of times you can write to every block, the encryption process does cause a tiny bit of "wear" on the drive. The number of times you can write to each block is in the range of 2000. Wear levelling evens this out across the whole drive, but when you do the initial encryption you are writing to every block on the disk. This means, for a brand new drive, you now have 1999 writes left. The act of encrypting your entire drive reduces its life by .05%. This is a one-time occurance and from then on it wears normally.
After the drive is initially encrypted, it will not wear any faster than before.
I do not use hardware encryption on my SSD. I have less than zero trust in SSD hardware encryption.
The performance hit is real and noticable. My SSD was often at 100% writing at 2MB/s. I ended up switching to Bitlocker and don't notice any performance hit (although it can be measured). I'd much rather use VeraCrypt, but Bitlocker will do the job if the computer gets stolen.
This sucks, I know, because with the rapid adoptation of SSD's most people don't want to take VeraCrypt's performance hit, unless they reallty need absolute security, hence making themself easy to identify.
i'm sorry but you'll have to settle with another encryption program.With a classic sata ssd you are fine but nvme ssds are a big problem, like to the point you will think you've wasted your money on it if you use it with vera cryptBitlocker and disk encrypter doesnt have this problem.The problem is known by vera crypt developers, the fix is known but they are not just motivated enough to fix it since is a complex problem and they don't seem to make any smart movement towards some donations either like using the kickstarter platform.
I think is safe to say we won't be seing this fixed any soon than 2-3 years even if nvme ssds are more and more common.
Would be nice to hear devlopers starting to work at this,slowly but something enough to say we have some progress towards it.
I am checking vera crypt monthly hoping to see a fix and will make my donation once i have a workable vera crypt for my nvme drive.
I have a suggestion for the the developers tho.
Have you consider being able to use vera crypt manage the hardware encryption directly like bitlocker can?I am thinking this could potentially fix the nvme ssd probems by interacting directly with their hardware encryption rather than having to change entirely the way the software encryption works to fix the problem.
Last edit: Andrei Matanache 2018-11-26
All SSD's are affected, including regular SATA, I have first hand experience. I only ran the benchmarks when I couldn't figure out why everything was so slow.
There must be something wrong with your setup. I get absolutely no performance hit on a SATA SSD with sequential r/w speeds of ~400MB/s, and sequential r/w speeds of ~700MB/s on a platter drive RAID (the bottleneck being the max speed of this RAID). This is using the AES cipher, with hardware accleration, on a 2012-ish PC.
Maybe try retrimming your SSD. Make one large file with
fsutil file createnewandfsutil file setvaliddatato fill all of the free space, and then delete it.Last edit: neos6464 2018-11-29
I have no performance hit on sequential read/writes going through VeraCrypt, but I have verified there is a significant performance penalty on random reads and writes. On my SSD it reduces random R/W speed by a factor of 8 for read and 4 for write. VeraCrypt is a significant bottleneck for IOPS.
Interesting finding. I've never thought to benchmark random access because, FWIW, I've never noticed any apparent performace decrease with just normal PC usage.
I concur. I do not notice any real-world performance degredation.
The random read/write stats on benchmark programs are essentially a worst case scenario. Seek, read a few K, seek, read a few K, rinse and repeat a hundred thousand times. Real world isn' t like that. No one is likely to see actual performance degrade from the use of VeraCrypt outside of a benchmark.