Disk encrypt speed question under Microsoft Storage Space.

[Maigonis]

Hi.

Yesterday I setup my data disk full encryption. Started wizard, picked AES sha-256 encryption algorithm and when I saw time remaining I was surprised. I have two 4tb disks setup in mirror mode (RAID1) in Microsoft storage space and estimated time was 4 days (!). Disks are half full, so 2TB of data to encrypt, drive speed reported in task manager is 10-12mb/s. That is slow, super slow. My PC have i5-8600K CPU, its two years old, hardware should not be the issue.

Are those speeds normal? Maybe Microsoft storage space is the issue?

[Mounir IDRASSI]

I guess you are performing In-Place encryption.

In case of In-Place encryption, VeraCrypt encrypts all disk sectors without disntiguishing between used or unused sectors. So, VeraCrypt will encrypt the whole 4TB storage and 4 days are consistent with a speed of 10 MiB/s (even 2TB requires 2.5 days at this speed).

One would argue that we can encrypt only used sector and leave unused sectos are is. This has security implications since it can leak previously stored data that were deleted but not wiped securely. Moreover, we don't have a reliable way to get the used sectors list: if disk filesystem is mounted, then Windows offers a function to give us a snapshot of used clusters but there is no guarantee that disk content will not change after this snapshot is given. And if the disk filesystem is not mounted, then Windows can't help us and we need to do the scan of clusters outselves and we don't know how to implement this.