HDD Good for Encryption?

Question

Ok so I keep second guessing myself whether of not I should use encryption on this drive. I just found out it's not an SSD and here I was asking questions on encryption on SSDS. Huhh..... But yeah, just curious if this drive should be ok for disk encryption. I am concerned about wear leveling, etc.

Hard Drive Specs

 sudo hdparm -I /dev/sda

/dev/sda:

ATA device, with non-removable media
    Model Number:       WDC WD10JPVX-75JC3T0                    
    Serial Number:      WXJ1E744R55H
    Firmware Revision:  01.01A01
    Transport:          Serial, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0
Standards:
    Supported: 9 8 7 6 5 
    Likely used: 9
Configuration:
    Logical     max current
    cylinders   16383   16383
    heads       16  16
    sectors/track   63  63
    --
    CHS current addressable sectors:   16514064
    LBA    user addressable sectors:  268435455
    LBA48  user addressable sectors: 1953525168
    Logical  Sector size:                   512 bytes
    Physical Sector size:                  4096 bytes
    Logical Sector-0 offset:                  0 bytes
    device size with M = 1024*1024:      953869 MBytes
    device size with M = 1000*1000:     1000204 MBytes (1000 GB)
    cache/buffer size  = 8192 KBytes
    Nominal Media Rotation Rate: 5400
Capabilities:
    LBA, IORDY(can be disabled)
    Queue depth: 32
    Standby timer values: spec'd by Standard, with device specific minimum
    R/W multiple sector transfer: Max = 16  Current = 16
    Advanced power management level: 254
    DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6 
         Cycle time: min=120ns recommended=120ns
    PIO: pio0 pio1 pio2 pio3 pio4 
         Cycle time: no flow control=120ns  IORDY flow control=120ns
Commands/features:
    Enabled Supported:
       *    SMART feature set
            Security Mode feature set
       *    Power Management feature set
       *    Write cache
       *    Look-ahead
       *    Host Protected Area feature set
       *    WRITE_BUFFER command
       *    READ_BUFFER command
       *    NOP cmd
       *    DOWNLOAD_MICROCODE
       *    Advanced Power Management feature set
            Power-Up In Standby feature set
       *    SET_FEATURES required to spinup after power up
            SET_MAX security extension
       *    48-bit Address feature set
       *    Device Configuration Overlay feature set
       *    Mandatory FLUSH_CACHE
       *    FLUSH_CACHE_EXT
       *    SMART error logging
       *    SMART self-test
       *    General Purpose Logging feature set
       *    64-bit World wide name
       *    IDLE_IMMEDIATE with UNLOAD
       *    {READ,WRITE}_DMA_EXT_GPL commands
       *    Segmented DOWNLOAD_MICROCODE
       *    Gen1 signaling speed (1.5Gb/s)
       *    Gen2 signaling speed (3.0Gb/s)
       *    Gen3 signaling speed (6.0Gb/s)
       *    Native Command Queueing (NCQ)
       *    Host-initiated interface power management
       *    Phy event counters
       *    Idle-Unload when NCQ is active
       *    NCQ priority information
       *    Host automatic Partial to Slumber transitions
       *    Device automatic Partial to Slumber transitions
       *    READ_LOG_DMA_EXT equivalent to READ_LOG_EXT
       *    DMA Setup Auto-Activate optimization
            Device-initiated interface power management
       *    Software settings preservation
       *    SMART Command Transport (SCT) feature set
       *    SCT Write Same (AC2)
       *    SCT Features Control (AC4)
       *    SCT Data Tables (AC5)
            unknown 206[12] (vendor specific)
            unknown 206[13] (vendor specific)
            unknown 206[14] (vendor specific)

`curious if this drive should be ok for disk encryption.` Why not? What are you concerned about? — deviantfan, Sep 07 '16 at 00:09
I'm not convinced that there are drives better or worse suited to encryption. The drive doesn't care about what's written to it. I don't believe encryption causes any significant increase in read and write operations. — Macil, Sep 07 '16 at 01:32
The only case I could think that quality of the drive would cause you to not want to use encryption was if the drive was insanely fast compared to your CPU, and your CPU couldn't keep up with the I/O speed that the drive could do. Then you wouldn't be getting the most out of your drive. But modern desktop and server CPUs are very fast, often have encryption-accelerating instructions, and this drive isn't even an SSD, so I can't imagine this possibility could be the case here. — Macil, Sep 07 '16 at 01:36

score 2 · Answer 1 · answered Sep 07 '16 at 05:52

Looking at the specifications you've posted, its a SATA 3 compliant disk supporting 6 Gbps signalling speeds. That matches up to most current generation desktop/laptop hard drives which are quite capable in terms of I/O speeds.

The additional overhead of Disk encryption is actually placed on the processor and lesser overhead on the drive. If you're going to be using CPU intensive workloads coupled with disk I/O intensive workloads on your system then, disk encryption will definitely slow you down. To mitigate this somewhat you can switch over to the latest generation intel Broadwell processors have improved AVX instructions which speed up encryption workloads.

But when evaluating whether to deploy disk encryption, consider the costs and the impact of a possible data theft vs. cost of the solution and cost of performance penalty on the system.

CPU: Intel(R) Core(TM) i3-4130T CPU @ 2.90GHz – Thomas Byerly Sep 07 '16 at 16:02 — Thomas Byerly, Sep 07 '16 at 16:02

score 0 · Answer 2 · answered Sep 07 '16 at 07:27

With regards to disk wear / wear leveleing, any drive is fine for encryption. In general, storing encrypted data does not use the drive more or less, it's just the bits having different values.

The main load is on the device that does the encryption/decription, usually the main processor, or in some drives, a specific chip on it.

That said, some encryption tools may have specific storage patterns, which could wear a portion of the drive more than plain text storage. For example, specific regions of a drive may contain extra mapping data, which could be updated more frequently than other data. But hey, that's whats going on in any non-encripted drive too.

I was thinking of using Ubuntu's build in LUKS option with this processor: Intel(R) Core(TM) i3-4130T CPU @ 2.90GHz — Thomas Byerly, Sep 07 '16 at 16:03

score 0 · Answer 3 · answered Sep 07 '16 at 11:40

0

Any good HDD encryption tool does NOT increase the wear level of a drive.

If you write to in 1KB of normal data it's still 1KB of data if you write it encrypted. Same amount, different values.

Data safety and recovery is a totally different discussion.

answered Sep 07 '16 at 11:40

Overmind

8,779
3
19
28

1

This is not entirely true. Many are not capable of or designed not to issue TRIM command to the SSD, so the wear leveling algorithm have significantly less free space to work with. – billc.cn Sep 07 '16 at 13:46

HDD Good for Encryption?

3 Answers3