Total, initial, hard drive encryption speed with VeraCrypt

Context: I decided to encrypt a 2TB Internal Sata II hard drive I use for personal files (photo collections, tax prep PDFs, hosting a synced Dropbox folder, some non-HD video files, driver install backups, etc). The drive is nearly full of content at this point; and I store new files to another larger disk, as well as backup the 2TB to the larger drive.

I'm using the current VeraCrypt version (VeraCrypt 1.0f-2). And I used the standard Volume Creation Wizard for full drive/partition encryption, with no wipe (fast), and basic AES settings... just to keep thieves hands off my data (I'm not worried about the CIA/NSA).

System is Win7 64bit OS (run off a nice SSD), Quad Core 2.6ghz AMD Athlon II, 8GB 1333 DDR3 RAM, the hard drive being encrypted is a fairly old Western Digital formatted to NTFS (it ran fine prior to this process being started).

Questions 1 + 2: Why is this going to take nearly 4 whole days to complete (96h; I estimated 6mbps)? Is this normal?

I can't find anything online that estimates initial hard drive encryption speeds for any quantities of data on any types of hard drives. Everything says "it just depends on hardware." Which is no help, for even general comparison.

I've read that encryption takes place in the processor, and that it generally runs faster when there are more cores because VeraCrypt uses them in parallel. But my processor is basically at idle! With Firefox open (10 tabs), a file browser, and the encryption taking place I'm averaging around 7% utilization across the cores (it only spikes for a second if I open another tab or start another activity elsewhere).

And the RAM utilization is only at about 25% (normal for just the OS and Firefox).

Questions 3 + 4: Is it normal for a processor to appear at idle while completing the initial encryption of a large hard drive/partition? And, is there an option somewhere that can tell VeraCrypt to use whatever resources it wants to speed up the process?

Note: The majority of the 'speed' questions I've encountered online are regarding the initial mounting with VeraCrypt--which is slower than with TrueCrypt because of added security measure--or on the fly encryption/decryption speeds. The questions I've asked are not about those things, but instead specifically being asked to learn from those with experience what kind of speed they experienced during the initial encryption of whole data drives/partitions, not their mounting or on the fly encryption/decryption; as well as what kind of resource utilization is normal (Processor/RAM %).

encryption

User832

Posted 2015-04-14T23:11:21.597

Reputation: 63

Encryption is a slow process, but I wouldn't expect it to take 4 days for 2TB. Unless VeraCrypt is written poorly. – RoraΖ – 2015-04-15T11:38:46.880

1Some of your problem is your drive is nearly full. So the encryption process is going to take longer for that reason. Its also possible the drive isn't healthy, and is encountering errors, or at least Windows is waiting for I/O events to be completed. I would ask this question on the Veracrypt project, why not ask the author, your use case is very specific and not easily replicated. – Ramhound – 2015-04-15T12:09:14.807

2@Ramhound I was hoping to hear from experience, like: "I encrypted a newer, 20% full, SATA III HDD with VeraCrypt (~1TB of data). It took 9hrs, and the encryption thrashed my processor." or "I've encrypted both mostly empty and full drives with VeraCrypt. The full ones took longer, regardless of size"... these types of answers share useful information, from experience. Of course, I noted all of that in the original question. – User832 – 2015-04-15T18:31:18.960

1@Ramhound I do however appreciate your confirmation that some of the issue is likely due to the drive being so full... I suspected that, obviously, but hearing it from somebody else is something. – User832 – 2015-04-15T18:31:42.823

@Rambound This is false. I have a brand new hard drive, a HDD connected in SATA, of 4TB and that I filled with about 2GB of data (so less than 1%) before using Veracrypt. Veracrypt says it's going to take 5 days to encrypt in place, with default settings as OP did. There's something wrong here. And I checked, my CPU has hardware acceleration support for AES (10 Gbit/s according to benchmark). I have a quite fast computer, it's made to compute a lot for research purposes. – gaborous – 2020-02-16T16:38:04.683

Correction: benchmark speed is 10GB/s for AES – gaborous – 2020-02-16T17:30:31.327

Answers

This may be an old question (asked in 2015, when I'm writing in 2019) but it's a top result in Google so my experience may be useful to any later reader. I installed VeraCrypt on a brand new, top-of-the-line AMD desktop that I built myself. Ryzen 7 2700X CPU, 16 GB DDR4 RAM, and a properly fast 512GB m.2 hard drive (can't remember exact speed ratings, but it's somewhere around 6Gb/s, proper m.2 speed), and a Nvidia 1060 GPU. The only installed programs are Windows 10 Pro and it's updates, Chrome, and the most recent version of VeraCrypt itself. I told VeraCrypt to encrypt the entire drive, as it's all a single partition.

VeraCrypt has been running for 1 hour and is at 40%, and it estimates it will need another 75 minutes to complete. It had initially estimated 20 minutes to encrypt the entire drive, but that estimate steadily increased. Total CPU usage is around 2%, and the breakdown actually shows VeraCrypt using 0.0%, whereas Task Manager at least uses 0.5%.

There are some assorted accounts of very slow write performance on SSDs on VeraCrypt's forums; I've only skimmed those threads. If it is also this slow when saving data to storage, I'll remove VeraCrypt and use only Windows file encryption, which I know is less secure but at least is usable.

user3685427

Posted 2015-04-14T23:11:21.597

Reputation: 141

If the CPU is nearly idle, this is a good sign that whatever you're doing is IO-limited.

It's not clear from your question, but I think you're doing in-place encryption (converting a hard drive with data on it into an encrypted hard drive, preserving the data). The safe way to do this (with no chance of data loss in the event of a crash or power failure) is to read the unencrypted data, encrypt it, write the encrypted data to a temporary location, then write the encrypted data back over the unencrypted version. This ensures that there's always at least one complete copy of the data, but is very slow, requiring writing to a number of different locations on the disk for each block of data that's converted.

Mark

Posted 2015-04-14T23:11:21.597

Reputation: 1 304

the first paragraph says "I decided to encrypt a 2TB Internal Sata II hard drive I use for personal files (photo collections, tax prep PDFs, hosting a synced Dropbox folder, some non-HD video files, driver install backups, etc). The drive is nearly full of content at this point" ... what is 'not clear' about what is being encrypted? – User832 – 2015-04-15T02:28:14.820

do you know if VeraCrypt uses the method you suggest to encrypt the data? because that might actually explain some of the delay,.. but not really cause it would be reading from a fast enough drive, encrypting to a very fast SSD (500mbps), and then rewriting over the original on the decently fast drive. should be faster than 6mbps. – User832 – 2015-04-15T02:31:38.347

@User832 - Truecrypt did it, and Veracrypt is a fork of Truecrypt. – Ramhound – 2015-04-15T12:06:46.470

@Ramhound did what? – User832 – 2015-04-15T17:52:51.243

You asked if Veracrypt uses the method Mark describes. I indicated that Truecrypt used the method and that Veracrypt was a fork of Truecrypt. – Ramhound – 2015-04-15T18:03:40.407

-1

I use a esata or USB cradle and always have spare drives so I encrypt a empty drive of similar size and takes about 45minutes to an hour for 2 terr. Then load data from unencrypted drive to encrypted drive with no speed penalty other then the normal amount of time to fill the disk. In my case it had 1.5 terrabytes of data and took 4 hours. So about 5 hours total. This is with a X79 and Ivy Bridge 6 core which supports hardware encryption. Veracrypt & Truecrypt sites have chip info on hardware support. If your disk is very full this would be the only way to get it done in a reasonable time. I would suggest if your using in place encryption defrag (except SSDs) before encrypting.

sonoma95446

Posted 2015-04-14T23:11:21.597

Reputation: 1

Why the downvote? – Scott Biggs – 2019-09-30T07:23:51.833

@ScottBiggs probably because the reply is using encryption with formatting, instead of in-place to keep the content. – gaborous – 2020-02-16T16:42:21.600