Results 1 to 6 of 6
  1. #1
    New Lounger
    Join Date
    Apr 2010
    Posts
    22
    Thanks
    4
    Thanked 0 Times in 0 Posts

    TrueCrypt full-drive encryption on an SSD drive?

    I've seen conflicting information about doing full drive encryption with tools like TrueCrypt on SSD drives. I believe the issue has something to do with flash drives having a limited number of read/writes. Does anybody any solid advice on this?

  2. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    SSD's are improving all the time. They are becoming comparable to that of mechanical drives in terms of longevity.
    In terms of performance you will be far better off with an encrypted SSD than an encrypted 7200 RPM mechanical drive on a laptop .

    I doubt very much encryption will effect the overal lifespan significantly, but it may effect performance slightly depending upon your specs.
    It might also depend on the type off SSD one has chosen as well, sometime cheap realy does mean cheap. [crap]

    You should have an operating system that fully supports TRIM.
    Ensure you have the very latest firmware for the drive too.
    One might also consider having the encryption in place prior to placing sensitive data on the drive, preferably a fresh os install with little else.
    Last edited by CLiNT; 2012-01-27 at 07:54.

  3. #3
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    The Truecrypt documentation at http://www.truecrypt.org/docs/ indicates that it does indeed function with SSD's and supports Trim and wear leveling.

    There are some detailed issues with respect to data leakage and Trim, plus an increased attack surface (replicated sectors) by implementing wear leveling. Both of these negatively impacts the overall security of Truecrypt on an SSD, but I suspect, in almost all cases, it will still be perfectly adequae in defeating an attacker. One would need serious reverse engineering capabilities to take advantage of those weaknesses.

    If you wanted to play absolutely safe, rather that running to whole disk encryption, you could install a Truecrypt container file, which would be native to Windows and hence have no issues regarding data leakage or replication.

    I agree with CLiNT though that perhaps the best installation option is to encrypt a raw drive first, then install a clean OS that supports Trim. That way you can be sure the data is aligned to the SSD boundaries. Windows 7 does this out of the box and in so doing turns off performance ratings and defrag.
    Last edited by Tinto Tech; 2012-01-27 at 09:44.

  4. #4
    New Lounger
    Join Date
    Apr 2010
    Posts
    22
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Utilizing TRIM

    Thanks for the great input. I've got more confidence now to proceed. One other question, though. I am using Windows 7 (Professional, I think). Is TRIM something I need to configure, or is it simply part of the OS with no action needed on my part?

  5. #5
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    The only thing you need do is set the BIOS to use AHCI rather than IDE. When you install Windows, it will load AHCI drivers that support Trim. Everything else is invisible and non-configurable.

    You can verify the SSD is detected correctly because the Windows Experience Index (Performance, Information and Tools in the Control Panel) will be disabled by default - though you can run it manually. Also, defrag of the disk is disabled too.

    Defrag is meaningless in a Flash based drive - it only has an effect where there are mechanical heads that take time to physically locate the hard drive sector, whereas in and SSD seek time is a function of the address circuits and cannot be adjusted by short shifting for example.

    The experience Index tool is disabled because it runs disk performance checks, which may degrade the drive if used over-zealously. It is also possible, though I have no evidence either way, that the disk specific test that the Experience Index tool runs may be meaningless in an SSD (I am assuming that it measures seek time among other things).

  6. #6
    New Lounger
    Join Date
    Apr 2010
    Posts
    22
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Thanks!

    Thanks for all the great input!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •