Is SSD encryption beneficial?

I have a 850 Evo SSD that currently has Windows 10 installed. I'm planning to install Linux in a few days on dual-boot.

I have installed some Linux machines. During installation the wizard gives me an option to encrypt my home folder. Never used that option (because I thought that could decrease performance) and the system works fine as supposed.

Now that I installed recently a SSD, Samsung Magician offers me as well to encrypt my drive. So, is SSD encryption bring benefits for my system? How it works?

Be in mind that I only used the Linux subject because it was my very first contact with encryption drives at all.

I'm running a i3-2120 @ 3.3 GHz, which do not have AES New Instructions

CaldeiraG

Posted 2018-04-12T10:51:58.543

Reputation: 2 504

In modern systems and particularly when running from a SSD the performance impact of encryption is negligible. – None – 2018-04-12T11:00:44.127

@MichaelBay The machines I installed Linux were kinda weak for Windows (it couldn't just run flawlessly), the best thing I done was installing Linux! I even installed on my own machine but my hard drive screwed up everything. So, encryption never crossed my mind – CaldeiraG – 2018-04-12T11:06:25.333

Encryption is only useful when there's sensitive data to protect and the ones the data should be protected from may gain physical access to the computer, as explained in the answer below. Otherwise you can go without it. – None – 2018-04-12T11:10:44.433

What CPU does the system have? This is important because if it has aes-ni support encryptio(simplistic speaking ) does not slow things down significantly - almost all new systems have it, but as you go back it time it was only available on some. – davidgo – 2018-04-12T18:07:08.363

@davidgo an i3-2120 @ 3.3ghz, it's a prebuilt system that I upgraded last month – CaldeiraG – 2018-04-12T18:20:39.040

This particular CPU does NOT support AES-NI so using encryption will noticeably slow disk reads and writes. – davidgo – 2018-04-12T18:30:45.400

@davidgo Thanks for the clarification. I don't intend to turn things slower. Make an answer instead if you don't mind. – CaldeiraG – 2018-04-12T18:35:23.677

3Many modern SSDs support self-encryption, meaning there is no CPU load whatsoever when using that. The tools for that are a little fiddly though. – Daniel B – 2018-04-12T18:41:31.693

I've added this to my answer (it's not an answer to the question you asked on it's own though). Thank you. – davidgo – 2018-04-12T18:42:39.687

Answers

In many Linux distros (including Ubuntu) there are 2 main ways to install encryption on setup -

Full disk encryption creates a small boot partition which is unencrypted with just enough stuff to start the OS and get a passphrase, then using this to mount the main partition and rest of the IS. It's is the more secure way to go because, excluding a well defined limited area, all data is encrypted. It's fine using luks - which is standard smong Linux distros, meaning you can recover data even if the computer fails and you need to use another one.

The alternate option is file level encryption. This generally only encrypts files in users home directories. It's conceptually more complex to implement and not as secure (the encryption is good, but unexpected data may not be encrypted, and hints can be leaked in file size -I and it has got a larger attack surface) - but as it's only encrypting some files it's less CPU intensive.

On your system, using encryption will have a noticeable performance impact because the I3-2120 CPU does not have aes-ni support to speed up AES encryption/decryption.

davidgo

Posted 2018-04-12T10:51:58.543

Reputation: 49 152

Unencrypted drives can be accessed easily by booting your machine via recovery media and resetting superuser password to whatever or adding the drive to other OS.

If you have data in your system that needs to be protected by password, it should be encrypted.

Mareks Zirdzins

Posted 2018-04-12T10:51:58.543

Reputation: 121

Another thing to add is that this is more relevant for SSDs as fully wiping an SSD is a lot harder then a HDD because it abstracts the disk from the computer because of the way it manages writes. – davidgo – 2018-04-12T18:11:55.097