378
submitted 1 year ago by L4s@lemmy.world to c/technology@lemmy.world

Tested: Windows 11 Pro's On-By-Default Encryption Slows SSDs Up to 45%::Windows 11 Pro defaults to BitLocker being turned on, using software encryption. We've tested the Samsung 990 Pro with hardware encryption to show how the various modes impact performance, and how muc

top 50 comments
sorted by: hot top controversial new old
[-] MooseBoys@lemmy.world 43 points 1 year ago

Deliberately using software encryption mode is slow; no shocker there. Their same testing showed no significant difference when hardware encryption mode was used.

[-] Spotlight7573@lemmy.world 11 points 1 year ago

There's a reason they default to software though, the hardware can't be trusted:

https://www.tomshardware.com/news/bitlocker-encrypts-self-encrypting-ssds,40504.html

Those people were actually worse off than anticipated because Microsoft set up BitLocker to leave these self-encrypting drives to their own devices. This was supposed to help with performance--the drives could use their own hardware to encrypt their contents rather than using the CPU--without compromising the drive's security. Now it seems the company will no longer trust SSD manufacturers to keep their customers safe by themselves.

Linked from that article:

https://www.zdnet.com/google-amp/article/flaws-in-self-encrypting-ssds-let-attackers-bypass-disk-encryption/

Researchers at Radboud University in the Netherlands have revealed today vulnerabilities in some solid-state drives (SSDs) that allow an attacker to bypass the disk encryption feature and access the local data without knowing the user-chosen disk encryption password.

The vulnerabilities only affect SSD models that support hardware-based encryption, where the disk encryption operations are carried out via a local built-in chip, separate from the main CPU.

[-] jvisick@programming.dev 7 points 1 year ago

Sure, but I suspect this is the real motivation for the article:

Windows 11 Pro force-enables the software version of BitLocker during installation, without providing a clear way to opt out

It sounds like many people may be using software encryption without realizing it, if Windows 11 Pro uses it by default.

[-] MrPoopbutt@lemmy.world 4 points 1 year ago

How does one use hardware encryption? Is that a feature that is ssd dependent?

[-] Spotlight7573@lemmy.world 5 points 1 year ago

It's SSD dependent and implementation quality may vary between manufacturers and models. Some may not actually protect your data all that well from someone trying to access your data, hence Microsoft defaulting to software they know works.

load more comments (1 replies)
[-] seaQueue@lemmy.world 37 points 1 year ago

Do we have comparable numbers for LUKS to contrast this with?

[-] Still@programming.dev 7 points 1 year ago* (last edited 1 year ago)

idk about the drive from the article but I get about 1GiB/s random reads with Luks on my wd sn 750 1tb and about 2 GiB/s without

sequential is almost identical

[-] BombOmOm@lemmy.world 22 points 1 year ago

I wonder how this compares to Veracrypt doing the same thing.

[-] popemichael@lemmy.sdf.org 11 points 1 year ago

That is a life changing program up there with 7zip, gimp, and notepad++

Its hard to find a better paid replacement

I mean, Veracrypt takes a while to mount a vault, because it basically has to dig through all the layers of encryption. Veracrypt is great for a lot of things, but speed isn’t the main consideration when you’re dealing with encryption.

[-] vividspecter@lemm.ee 7 points 1 year ago

We're not talking about mount times here, but read/write speeds. They might be slow too, but that's a different issue.

[-] Send_me_nude_girls@feddit.de 2 points 1 year ago

I'm no expert but as far as I know the mounting takes time, but once it's done, you got to deal with a bit added CPU time, but the read/write stays largely the same.

[-] autotldr 11 points 1 year ago

This is the best summary I could come up with:


While many SSDs come with hardware-based encryption, which does all the processing directly on the drive, Windows 11 Pro force-enables the software version of BitLocker during installation, without providing a clear way to opt out.

While we have results for higher queue depths, note that the QD1 numbers are far more meaningful in the real world, as this is the most common type of file access in typical operating system environments... and that's where software BitLocker impacted performance the most.

Lower latency delivers snappier performance in day-to-day use, and it's the primary reason the industry at large has moved from slow rotating hard drives to faster SSDs.

Given that this extra layer of latency, albeit at varying degrees, will also be added to slower types of SSDs, like QLC or low-tier drives, this could have a much bigger real-world impact in some systems.

Windows 11 disk caching might be a factor there, but QD256 is basically fantasy land for storage workloads (remember, low queue depths are the most common), so we don't put too much weight on it.

There's a curious "bump" with the 990 Pro that we've noted before on the read speeds, but write performance shows a smoother line with the software BitLocker trailing up until the 256KiB block size.


The original article contains 2,953 words, the summary contains 212 words. Saved 93%. I'm a bot and I'm open source!

[-] TenderfootGungi@lemmy.world 6 points 1 year ago

How bad do Macs slow down with encryption? Or can you even turn it off? They do have a dedicated chip, and section of chip, to handle encryption.

[-] kalleboo@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

They don't slow down with encryption to any real degree.

Even before Apple added their dedicated T or M chips, they used the AES instruction set in Intel CPUs for hardware acceleration and the performance impact was within the margin of error (3%) https://archive.techarp.com/showarticle0037.html?artno=877&pgno=1

load more comments (9 replies)
[-] pete_the_cat@lemmy.world 5 points 1 year ago

I turned this off as soon as I setup the PC, there's zero need for this on desktops. Once again, Microsoft's making a stupid move.

[-] SkyeStarfall@lemmy.blahaj.zone 5 points 1 year ago

Also, is always encrypting drives even a good or desirable thing for most users?

I don't know the details, but what if someone forgets the password, or some PC components get broken, but they still want their data put of there?

Disk encryption is something that should be a choice, opt-in.

[-] serratur@lemmy.wtf 2 points 1 year ago

but what if someone forgets the password, or some PC components get broken, but they still want their data put of there?

That is why backup of your data is a necessity regardless of encryption or not.

load more comments (1 replies)
[-] JunglGeorg@lemmy.world 3 points 1 year ago

Well that's just horrendous

load more comments
view more: next ›
this post was submitted on 22 Oct 2023
378 points (95.2% liked)

Technology

59174 readers
2113 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS