Using TrueCrypt (software encryption) with an SSD

ssd encryption truecrypt

I use full drive encryption (FDE) w/ TrueCrypt on my laptop. I have a 2nd gen I7 with AES instruction support, so honestly I can't even notice a speed change on the system with it on.

My question, is for those who know about SSD's a lot. I previously (early 2011) read articles about how software encryption will negate the speed benefits that an SSD provides - because of the need for the SSD to send a delete command, then a write command, for every encrypted write - instead of just writing over data like a regular HDD would (or something like this...honestly I can't remember...ha!).

Anyway, any improvements in this field? Is it pointless for me to grab an SSD if I'm using FDE?

Thanks all.


There are three main issues here: performance, SSD wear, and level of security.

Performance and SSD Wear

SandForce-based SSDs compress all data on-the-fly, in hardware, leading to some impressive performance improvements, i.e., increased write speeds. This also reduces the write-amplification factor (sometimes to below 1.0) which reduces the wear (the number of program/erase cycles) on the flash memory. If encryption is first done by software, such as TrueCrypt, the resulting data will be much less-compressible. This will reduce performance and increase wear.

Encrypting a non-SandForce SSD (or any SSD that doesn't encrypt in hardware) using TrueCrypt certainly reduces performance, but it's arguable that the SSD is not the bottleneck - the compression will be CPU-bound.

Security

Using TrueCrypt to encrypt an SSD (or any drive that has wear-levelling) can lead to security problems, so it is not recommend (although I'd argue that the risk is small).

SandForce-based SSDs and some other SSDs actually already encrypt all data on-the-fly. For the Intel 320, this can be used for full disk encryption, but it's not possible at the moment for SandForce drives:

SandForce drives, such as the Vertex 2, do encrypt the full drive contents, but do not provide [full disk encryption]. At the moment, the encryption feature is only useful for a quick secure erase of the drive.


TrueCrypt performs encryption/decryption in RAM, so there should be no speed penalty. See TrueCrypt - Documentation:

Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM.

Edit: I think I misunderstood your question initially. There appears to be some issues with TrueCrypt and wear-leveling: http://www.truecrypt.org/docs/?s=wear-leveling

Related

Changing ALL System Fonts in Windows 7
What protocol does TeamViewer use?
Mouse wheel scroll causes zoom in/out in Google Chrome
Terminal tab completion [duplicate]
Does Windows allow multiple (remote) logins to the same account at the same time via whatever means?
FOR/DO command gives "Was unexpected at this time" when run from command prompt
50 USB webcams in a single computer. Is that really possible?
Use laptop as bluetooth keyboard?
What is the advantage of iSCSI over SMB?
Setting process priority everytime it is launched?
How can I change the binding order of network adapters in Windows 7?
Powershell slow starting on Windows 10