System Encryption SSD poor performance
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I am getting a very poor performance on my SSD drives when using full system encryption. i5 4670 CPU with windows 7. SSD is Samsung 850 pro 256gb, simple AES with SHA256. I have used both TC and DiskCryptor over the past year with the same hardware and full system encryption. Both had good results in fact DiskCryptor showed now slow down from my non encryption tests.
I moved the Vera because I want the extra security. I understand the boot up process would be slower and it is about 45 seconds with I am 100% OK with. I was thinking that the performance in windows would be very similar to DiskCryptor however its not. I use just AES encryption.
My sequential read and write speeds are fantastic and I am not concerned with any numbers over 300 which they are. The problem are my random write speeds which are terrible especially the read.
Below I will paste the benchmark with current Vera encyption. When using DiskCryptor the Seq speeds are close to the same and like I said I dont care about anything over 300 Sequential. Its the random speeds 4K-64 that take such a dive with Vera as you can see the Reads are so low.
DiskCryptor has some vague language about being optomised for SSD. But it isnt explained. This is part of the problem with DiskCryptor is lack of documentation and updates. This is why I wanted to use Veracrypt and its wonderful for all purposes except SSD system disc encyption for me the entire point of using an SSD as OS drive are the random read speeds.
AS SSD Benchmark 1.7.4739.38088
Name: Samsung SSD 850 PRO 256G SCSI Disk Device
Firmware: EXM0
Controller: iaStorA
Offset: 1024 K - OK
Size: 238.47 GB
Date: 4/16/2015 2:30:44 PM
Sequential:
Read: 489.06 MB/s
Write: 483.77 MB/s
4K:
Read: 20.76 MB/s
Write: 102.85 MB/s
4K-64Threads:
Read: 41.11 MB/s
Write: 146.84 MB/s
Access Times:
Read: 0.189 ms
Write: 0.027 ms
Score:
Read: 111
Write: 298
Total: 474
Question:
Why would you need to encrypt one of the Samsung evo / pro 850 or similar range drives via tools like Veracrypt when they are already encrypted. According to the Samsung specs they are pre encrypted out of the factory with hardware encryption. You can't disable it you can only manage the drive status "high or low". With security set to low this allows anyone access (data still encrypted) With High you can either set a password via BIOS/EUFI (manufacturer dependant also known as "HDD password" or "Class0" Samsung use to refer to it). Or Bitlocker if you have it with Windows 8 and above can manage the drive via Edrive which again depends on certain requirements. Edrive should manage the drive via its wizard.
Ref: Samsung site or google Samsung Evo / PRO whitepapers for full specs
http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/ssd850pro/specifications.html
http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/support/faqs_03.html
This can also apply to drives like the Crucial MX200 etc but not all SSD are SED's Self encrypting drives. Refer to individual manufacturers for full info
Last edit: Alex Effemey 2016-03-11
Thank you for these numbers. This needs to be looked at especially that you say that TrueCrypt doesn't exhibit this performance degradation on the same machine.
Compared to TrueCrypt, VeraCrypt added some extra checks to the code that handles sectors encryption/decryption and maybe this has side effects to SSD random access.
Will you be able to run tests/benchmark if I make available binaries that include modifications for this issue?
Yes I would be happy to help it doesn't take long at all to encrypt/decrypt my system ssd maybe 18 minutes. I already did it a few times because I wanted to compare all three TC, diskcryptor, and Vera on the same system.
And like I said I am very happy with Veracrypt in every aspect except for specifically random read/write on SSD system encryption.
Hi Mounir
Thank you to your team in continuing this great project. And making yourself visible/available to answer queries.
I have been using TC for years. But I am now replacing my hdd with ssd. As with other ssd users, I am concern about the performance of encryption software on ssd.
It seems that Diskcyrptor is the only one that I know that has "optimization" for ssd. As with OP above, I would like to follow up if there is a work being made for VeraCrypt to be "optimized" for ssd, same as Diskcryptor?
Thanks again for doing the world a favor in continuing this project.
If you are coming from a HDD even a SSD encrypted and "slowed down" with TC / VC will still be a revelation to you in terms of "snappy" quick reacting system.
The most important thing about SSD in everyday use is not the read/write speeds. They play a factor too, but in reality the extremely short latency and access times are what makes the device fast.
Also remember that those "advertising numbers" that go above 500MB/s in sequential file operations are only reachable because the SSD controller does transparent compression to the date. Ciphertext, such as written by any FDE software, is not compressible. Therefore the numbers automatically HAVE to be lower.
Despite this being the VC forum, for your productivity system I would suggest finding a version of TrueCrypt 7 or 7.1, verify the hash checksums to be original and go with that until VC is proven stable, secure and audited. DiskCryptor is somewhat sketchy to me. And to my knowledge it has not been audited from head to toes, unlike TrueCrypt.
Take into consideration that VeraCrypt's developer is not a hidden individual or team. Mounir is putting his personal reputation as a security developer on-the-line unlike TrueCrypt and DiskCryptor developer(s) that stay hidden in the shadows.
VeraCrypt was built from TrueCrypt source code and has addressed many of the issues found in the audit reports of TrueCrypt.
There are plans to audit VeraCrypt in the future once major enhancements have been completed.
https://veracrypt.codeplex.com/discussions/576521
Mounir is very active on the VeraCrypt forums if you discover a problem to log a ticket or have questions or want to discuss enhancements.
Have you search the Diskcryptor forums about SSD performance? Here is an interesting thread:
https://diskcryptor.net/forum/index.php?topic=4855.0
For criticism, respectively "reality alignment", DiskCryptor is the benchmark.
We can only measure VeraCrypt in: is % slower/faster as DiskCryptor.
And: ntldr have make more attempts to solve a problem with crypted disks and TRIM.
Please keep also it in sight.
4K multithreaded write speed drastically reduces by 60-80% on modern NVMe SSDs with all existing disk encyption software. Sequential performace usually takes a negligible hit. Using the BIOS password / SED Util / eDrive is the only way to retain full performance.
Last edit: Kurian Thampy 2017-05-24
I have raised simiar concerns here https://sourceforge.net/p/veracrypt/discussion/technical/thread/ead5ae6c/#2172 .
Could we have options to reduce security for performane or some code optimization? Using GPU or NVMe APIs? Would donate 10 USD for that.