VeraCrypt performance vs no encryption
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I just wanted to know what the performance difference is between encrypting say a Windows 7 Hard drive to not having any encryption at all?
I have seen stats for BitLocker on the Windows site. They claim that encryption on the average computer will only affect performance by a percentage that its in the single digits (so 0-9%). Do we have stats like this for Veracrypt? When I do benchmarks on AES/TwoFish etc its good to see the stats but it doesnt give the non-encrypted performance.
Also, I have heard that CPUs these days have dedicated infrastructure to handle encryption/decryption, so that cpu performance drops are negligible, is this true? any information on this would be great.
I am deciding whether to go hardware encryption on SSD or veracrypt encryption. Obviously hardware is faster but has other drawbacks.
I have answered a similar question in the past: https://veracrypt.codeplex.com/discussions/551112
Basically, if you use a CPU with dedicated AES hardware (AES-NI, present in many Core-i7), then by using AES as your cipher, the performance degradation will be less than 3% (with AES-NI, encryption speed is around 3.3 GB/s!).
When using other ciphers, the performance can take a big hit depending on your CPU.
I would advice to always use CPUs that incorporate AES.
unfortunately my cpu was made few years before AES-NI was created.
Mine is a core 2 duo E8500, running at 3Ghz
A good way to see how much degradation you will get is to use the Benchmark tool provided by VeraCrypt (menu "Tools -> Benchmark").
This will give you the speed of the encryption algorithms on your machine and you can compare with the speed of your drive.
Thank you for that.
The only issue I have with this is that I dont know what the speed is like without encryption. How would I test this? Because the specifications of the SSD, in reality, are never reached. Its usually slower. So how could I test this?
I have terrible results for full partition ecnryption with Veracrypt 1.21 AES SHA-512 on Intel i7-7700HQ Samsung 950 PRO 256GB NVMe in CrystalDiskMark
https://superuser.com/a/1306590/89990
I have 3 usage for VeraCrypt:
1. Totally hidden partitions via hidden volume. (donated 10 USD)
2. Small TrueCrypt mode container files for sharing with Android. (not donated because no open source android client yet)
3. Default system encryption of my laptop. (not donated yet, will donate if perfomacne will be resonably sloser to BitLocker)
So 1 and 2 are still usages. But for 3 I will use BitLocker because of slowness of VeraCrypt.
Perfromance is hot topic https://sourceforge.net/p/veracrypt/discussion/search/?q=performance
Hello everybody,
I have ASUS X75VC laptop with 8 Go memory , core I5 dual core with AES-NI, Windows 10 1803 64 bits
when system not encrypted i can see the following:
Startup time 55 s, system responsive at 90s , hdd 97% busy I/O queuing < 5
when system encrypted:
Startup time 90s , system responsive at 240s, Hdd 100% busy I/O queuing > 50
The 3% encryption ovehead is sufficent to cross the boundary between HDD busy and HDD Trashing, in this 180s of trashing Systèm does't respond.
Also after startup i can see big increase in latency even for a simple explorer new windows
So today i prefer:
system not encrypted
stric separation betwenn system and usr data, data D: in veracrypt partition container
which is closed when system go to sleep or hibernate.
Best regards
Addendum
For performance problem i suspect the following
Most HDD now have a 512 bytes logical sector over 4K physical sector
Hopely NTFS work with 4K clusters, which with a good alignement of partition perform good
some process as logging need read of 4 k bloc update one or more 512 logical sectors then re write 4 K
performanes decrease because of theses supplementaries 4K reads.
I think that veracrypt driver continue to work with 512 physicals sectors so in place of simply write 512 Bytes i need to read a 4k bloc , update it, then rewrite 4K (This made by disk firmware)
so the big performance decrease vs NTFS native I/O handling
you can see Performance of Veracrypt 1.22-64bits in machine Ryzen1800X here:
https://postimg.cc/gallery/2ozzfxyuo/38eec175/
ATTENTION: do not give importance to performance as well as to reliability
1) reliability
2) features, easy of use, support
3) performance
4) price
I rejected Veracrypt because it is unstable and there is No support.
I am looking 3 weeks for help to recover lost partitions by Veracrypt, with no results
Veracrypt Not Recommended for anyone
Last edit: john axinos 2018-06-23
On HDDs, veracrypt (using 1.23 beta 1), performance is good...
On SSDs, currently horrible... on NVME drives, you'll see a 50% decrease
At the current state of Veracrypt, I wouldn't recomend using it on SSDs. Which is really a big deal, considering SSDs are the way to go on current systems--no one is recommending not using SSDs.