1
My company wants full disk encryption throughout all organizations; however, I have read that there are noticeable impacts to both spindle HDDs and SSDs. The explanation for the SSD slowdown is that it must rewrite entire blocks, rather than intelligently writing within blocks, due to the data being encrypted and in turn affecting the TRIM commands. With that said, would it be beneficial to format disks with a smaller allocation/block size during the imaging process? In theory, wouldn't this reduce the write time for SSDs if it is always rewriting entire blocks?
By trade I am a developer, so this is a new area of learning for me. Please feel free to reference applicable URLs, etc.
I am also aware of SEDs as a potential solution, in the case a particular machine needs optimal RW speeds.
3" have read that there are noticeable impacts to both spindle HDDs and SSDs" - Where did you read this? I use Bitlocker on every device I have, on every storage device connected to those devices, and I have not noticed this myself. – Ramhound – 2018-01-31T18:08:40.317
@Ramhound: You haven't noticed it since it's small, at most 5%. It's usually only noticeable in disk tests. – harrymc – 2018-01-31T18:17:05.717
Hi @Ramhound I read various articles on the web, but my context is very limited and I am in no way knowledgeable enough to confirm or deny what any of them say. In your case, what are the hardware specs of your machine(s) and have you done any benchmarks or general comparisons? – Tucker – 2018-01-31T18:17:53.050
@harrymc - Honestly, I consider a 5% performance drop within the margin of error, but I don't often do benchmarks on external drives because the use of Bitlocker is required. – Ramhound – 2018-01-31T18:20:01.030
@Tucker - I am not going to attempt to find the articles you read. Can you supply specifics? – Ramhound – 2018-01-31T18:20:39.637
You do understand that Haswell which is 4th generation, supports
AES-NI
right? Of course, this assumes that BitLocker is tied the AES-NI instructions. Based on my research only Windows 10 Version 1511+ clients can use Bitlocker AES encryption. It isn't clear that Bitlocker would even use AES-NT to implement AES-XTS though. – Ramhound – 2018-02-01T16:07:32.180@Ramhound you are correct, I confused the generations.Now that I have my head around it a little more, it seems that there should not be a huge impact with BitLocker- with the greatest bottle neck being spindle HDD vs SSD (which is a typical leap in efficiency anyways). – Tucker – 2018-02-01T16:59:21.557
@Tucker - Which is the reason I pushed back and wanted to read what you read because it didn't match my own experiences. Encryption will encounter some performance loss, but in my experiences, you don't notice it. The performance costs associated with say HTTPS, on the other hand, could be noticed which is the reason it took so to overcome (partially due to optimization but in reality, pure computing power can overcome a great deal). – Ramhound – 2018-02-01T17:35:01.100