Does using TrueCrypt slow down disk performance?

J32P · Jul 3, 2011

Does using TrueCrypt slow down the performance of the encrypted drive (real world, not benchmark scores)? I'm talking about for the primary OS drive and for a storage drive that's fully encrypted?

My primary OS drive is an SSD too if that's a factor.
The storage drive I would like to encrypt is a WD black edition 1TB drive.

TIA

iroc409 · Jul 3, 2011

I use it on the only drive installed in my laptop, and I haven't really noticed any difference. Haven't benchmarked it, though. My CPU is a quad core i7 without AES-NI.

InternationalHat · Jul 6, 2011

Yes, significantly. I think I had an i5 in my laptop with an encrypted disk and it felt incredibly sluggish compared to a core 2 laptop with lower specs that didn't have an encrypted disk. It was mainly IO operations that were affected so you may have better luck with the SSD. I hated it. It was really bad with MS Office.

Neb · Jul 6, 2011

InternationalHat said:
Yes, significantly. I think I had an i5 in my laptop with an encrypted disk and it felt incredibly sluggish compared to a core 2 laptop with lower specs that didn't have an encrypted disk. It was mainly IO operations that were affected so you may have better luck with the SSD. I hated it. It was really bad with MS Office.

What type of encryption did you use? With an i5 and straight AES encryption there should be virtually no performance hit due to AES-NI.

Tytalus · Jul 6, 2011

Now the difficult question: why would you want to install TrueCrypt on your primary partition and require it to start the laptop? You lose some of the benefits of using TrueCrypt in this way.

Neb · Jul 6, 2011

What benefits of TrueCrypt are lost by using FDE?

Tytalus · Jul 6, 2011

Plausible deniability. Depending on your use-case this is the most important aspect of using TrueCrypt.

Looking at several worst-case scenarios....
- Search at an airport when entering/leaving the country
- Law enforcement home intrusion due to your less-acceptable activities
- Parents/friends snooping
- Terrorist/psychopath "give me the password or XYZ happens" type folks

....using several small, encrypted stores named innocuously (i.e. save your TrueCrypt blobs in your World of Warcraft directory and name them gamedat.0, gamedat.1, etc) it's less likely anyone will ever locate your encrypted information. If the machine turns on and a prompt asks you for your password you've already lost this battle and given the aggressor useful information: YOU USE ENCRYPTION. Now that they know this they can work on extracting the password from you.

J32P · Jul 6, 2011

Tytalus said:
Plausible deniability. Depending on your use-case this is the most important aspect of using TrueCrypt.

Looking at several worst-case scenarios....
- Search at an airport when entering/leaving the country
- Law enforcement home intrusion due to your less-acceptable activities
- Parents/friends snooping
- Terrorist/psychopath "give me the password or XYZ happens" type folks

Couldn't this be easily fixed with just creating two partitions on one disk and setting up two separate OS's. Than have one encrypted and one non-encrypted and have the non-encrypted one as the default OS? All you want have to do is hit F5 or F8 or whatever when booting to get to your encrypted drive and than enter password at that prompt (That no one sees but you).

(This is hypothetical as I've not done it yet...lol)

Plus encrypting your other files into their own separate encrypted containers for added protection from "The Man"....lol
All because I'm bored too...lol

Poplap · Jul 6, 2011

You could avoid the lossing the data and still give out a password by using a hidden FDE setup where there are two install that are encrypted but the second one has no data the is top secret etc on it.

http://www.truecrypt.org/docs/?s=hidden-operating-system

If you are really paranoid, an SSD is the worst for FDE as the trim data is no longer encrypted and, in theory, could be stolen.

http://www.truecrypt.org/docs/?s=trim-operation

Rudster816 · Jul 6, 2011

It shouldn't be a huge difference on a HDD. A good AES implementation can do around 100MB\s on average CPU's. Seeing as you're on a i7 930 at 4ghz, I dont think there will be any noticeable bottleneck whatsoever.

iroc409 · Jul 7, 2011

InternationalHat said:
Yes, significantly. I think I had an i5 in my laptop with an encrypted disk and it felt incredibly sluggish compared to a core 2 laptop with lower specs that didn't have an encrypted disk. It was mainly IO operations that were affected so you may have better luck with the SSD. I hated it. It was really bad with MS Office.

Were you comparing a machine with a 5400 RPM hard drive versus a 7200 RPM hard drive?

I have had absolutely no issues with my TrueCrypt install, without AES-NI.

The reason I use the full drive encryption is because I travel a fair amount. If the laptop is stolen or lost, I don't want people digging through personal files. I don't really need plausible deniability.

Tytalus · Jul 12, 2011

http://www.itworld.com/security/182433/should-judge-be-able-force-you-decrypt-your-laptop

This is why you want plausible deniability. You shouldn't have TrueCrypt installed on your machine and you shouldn't have a machine with obvious encryption. Nobody can demand you hand over evidence against yourself if they don't know it exists!

Neb · Jul 12, 2011

Tytalus said:
Plausible deniability. Depending on your use-case this is the most important aspect of using TrueCrypt.

Looking at several worst-case scenarios....
- Search at an airport when entering/leaving the country
- Law enforcement home intrusion due to your less-acceptable activities
- Parents/friends snooping
- Terrorist/psychopath "give me the password or XYZ happens" type folks

....using several small, encrypted stores named innocuously (i.e. save your TrueCrypt blobs in your World of Warcraft directory and name them gamedat.0, gamedat.1, etc) it's less likely anyone will ever locate your encrypted information. If the machine turns on and a prompt asks you for your password you've already lost this battle and given the aggressor useful information: YOU USE ENCRYPTION. Now that they know this they can work on extracting the password from you.

For cursory inspection, I keep my truecrypt FDE prompt as the standard windows boot disk not found error message for that reason. If someone tries boot up my laptop, they'll only find a windows error.

If I was full on paranoid I would use the hidden OS truecrypt setup.

J32P · Jul 18, 2011

But what about speed degradation? I heard the reasoning behind not using it on my OS drive, it even makes sense, but if I did still do it, what kind of speed decrease would I get on my SSD?

That's the question.

nick8571 · Jul 18, 2011

J32P said:
But what about speed degradation? I heard the reasoning behind not using it on my OS drive, it even makes sense, but if I did still do it, what kind of speed decrease would I get on my SSD?

That's the question.

The speed of the drive is mostly irrelevant - the encryption/decryption operations are performed by the CPU. As far as the drive is concerned, it's just a series of bits to be written or read, it doesn't care whether the data is encrypted or not.

With the rig in your signature, I reckon any performance hit will be completely unnoticeable in practice, certainly using AES alone and probably even with a ridiculous overkill of cascaded ciphers.

That said, why don't you just try it out and see for yourself?

Does using TrueCrypt slow down disk performance?

J32P

[H]ard|Gawd

iroc409

[H]ard|Gawd

InternationalHat

[H]ard|Gawd

Neb

2[H]4U

Tytalus

Supreme [H]ardness

Neb

2[H]4U

Tytalus

Supreme [H]ardness

J32P

[H]ard|Gawd

Poplap

Limp Gawd

Rudster816

n00b

iroc409

[H]ard|Gawd

Tytalus

Supreme [H]ardness

Neb

2[H]4U

J32P

[H]ard|Gawd

nick8571

Limp Gawd