5
Possible Duplicate:
Does full-disk encryption on SSD drive reduce its lifetime?
I would like to encrypt an entire USB flash ("thumb") drive (as sdb
, not sdb1
) with cryptsetup
. Will this encryption adversely affect the life of the drive or its reliability by interfering with the wear-leveling?
From a discussion about encryption on solid states drives:
The makers of the open source encryption software True Crypt for instance recommend that "TrueCrypt volumes are not created/stored on devices (or in file systems) that utilize a wear-leveling mechanism (and that TrueCrypt is not used to encrypt any portions of such devices or filesystems)".
My interest is regarding the reliability of the drive over time, rather than potential security leaks which may result from encrypting a USB flash drive.
Links
- A similar question on Security.SE includes a link to a discussion on wear-leveling on the TrueCrypt web-site.
- Durability and performance testing of TrueCrypt on an SSD. The recommendation is to leave unpartitioned space on the drive for wear-leveling.
- Another TrueCrypt/SSD discussion which mentions leaving unpartitioned space. The author reports that encrypting the whole drive is the same as completely filling it with data. That is not my understanding on whole-drive encryption.
Edit
After further thought, the solution may be to create a single encrypted file container on the drive, rather than encrypting the entire drive. If this file did not occupy the entire drive, then (presumably) the drive's wear-leveling process would work as normal.
As far as I know on modern flash drives you don't really have to care about wear-leveling. It highly depends on the use case, though. – None – 2012-07-26T10:35:12.673
That warning is only about security not wearing it out. – Synetech – 2012-07-26T15:26:51.953
The part in those links that actually relates to wear-and-tear is the line
The bigger problem is that encrypting the whole drive is essentially equal to completely filling the drive with data
It’s true that when you enable encryption, the existing data has to be re-written as encrypted. If you want to encrypt a drive that’s already full of data, it is going to require re-writing the whole thing, but that’s not exactly a surprise. – Synetech – 2012-07-26T15:32:41.510@Syntech: I included that information to indicate that I had researched wear-leveling and had not yet found a clear answer. I plan to encrypt a new drive. – SabreWolfy – 2012-07-26T18:02:43.103
Well then it should be okay. If the drive is already empty, then there will be no (significant) extraneous writes as data gets encrypted/decrypted before/after the write. Of course it varies by encryption module and implementation. An old drive combined with a poor encryption routine may be a bad combination, but in most cases, it will not reduce the life of the drive by any significant amount. For (random, contrived) example, rounded down to the nearest day, it may reduce the drive’s life from 2190 days to 2189 days. – Synetech – 2012-07-26T18:17:21.200