Tested: Windows 11 Pro’s On-By-Default Encryption Slows SSDs Up to 45%::Windows 11 Pro defaults to BitLocker being turned on, using software encryption. We’ve tested the Samsung 990 Pro with hardware encryption to show how the various modes impact performance, and how muc
Deliberately using software encryption mode is slow; no shocker there. Their same testing showed no significant difference when hardware encryption mode was used.
There’s a reason they default to software though, the hardware can’t be trusted:
https://www.tomshardware.com/news/bitlocker-encrypts-self-encrypting-ssds,40504.html
Those people were actually worse off than anticipated because Microsoft set up BitLocker to leave these self-encrypting drives to their own devices. This was supposed to help with performance–the drives could use their own hardware to encrypt their contents rather than using the CPU–without compromising the drive’s security. Now it seems the company will no longer trust SSD manufacturers to keep their customers safe by themselves.
Linked from that article:
Researchers at Radboud University in the Netherlands have revealed today vulnerabilities in some solid-state drives (SSDs) that allow an attacker to bypass the disk encryption feature and access the local data without knowing the user-chosen disk encryption password.
The vulnerabilities only affect SSD models that support hardware-based encryption, where the disk encryption operations are carried out via a local built-in chip, separate from the main CPU.
How does one use hardware encryption? Is that a feature that is ssd dependent?
It’s SSD dependent and implementation quality may vary between manufacturers and models. Some may not actually protect your data all that well from someone trying to access your data, hence Microsoft defaulting to software they know works.
Most SSDs don’t even have hardware level encryption.
Do we have comparable numbers for LUKS to contrast this with?
I wonder how this compares to Veracrypt doing the same thing.
I mean, Veracrypt takes a while to mount a vault, because it basically has to dig through all the layers of encryption. Veracrypt is great for a lot of things, but speed isn’t the main consideration when you’re dealing with encryption.
We’re not talking about mount times here, but read/write speeds. They might be slow too, but that’s a different issue.
How bad do Macs slow down with encryption? Or can you even turn it off? They do have a dedicated chip, and section of chip, to handle encryption.
They don’t slow down with encryption to any real degree.
Even before Apple added their dedicated T or M chips, they used the AES instruction set in Intel CPUs for hardware acceleration and the performance impact was within the margin of error (3%) https://archive.techarp.com/showarticle0037.html?artno=877&pgno=1
What method would be the best to encrypt a Windows 11 Pro workstation? I had my PC at home but now I got an office so I have to rely on its security that it won’t be broken into.
I am a one man band and I work in video production. If someone would steal my PC/Synology NAS, they would access to my videos and all the invoices/client details. If I would use Bitlocker, I guess I would expect a lot lower performance when editing.
BitLocker can be configured to use the encryption provided by the SSD, so you can still use it, you just need to make sure that the SSD model you have supports it and doesn’t have any flaws/insecurities in its implementation.
I’m not sure what options are available for that NAS though.
Thanks! I have a 2TB 970 EVO Plus, when the projects are done, I copy them to a 10TB HDD and from there they go to the cloud and NAS. So I would have to encrypt multiple drives/devices.
Well that’s just horrendous
I turned this off as soon as I setup the PC, there’s zero need for this on desktops. Once again, Microsoft’s making a stupid move.
deleted by creator
It’s largely useful on mobile devices because you can easily forget them somewhere and all a tech savvy person has to do to get the data is remove the HDD (if it’s a laptop), or if it’s integrated, reset the admin password with something like NT Offline Password Reset. Smartphones are another can of worms I won’t get into, but I’m sure you understand.
With a desktop, it’s highly unlikely you’re carrying it around and will forget it some place. The only way someone can get the drive is to break into your residence and physically remove the drive, and as someone else said: if someone is breaking into your residence to get a HDD out of your PC, you have bigger problems.
deleted by creator
Please turn it off with a bootable linux usb mean u can hack it in 10mins flat
Blud does not know what BitLocker is
It prevents me from renaming a copy of cmd to sethc
