Is it possible to encrypt an SSD without losing performance? As you probably know, when you install an Ubuntu-based distro you are given an option to:
a) Encrypt your full hard-drive, or
b) Encrypt your user folder
If your main drive is an SSD, what do you recommend to do?
I just bite the bullet and go with LUKS. Xts is pretty quick.
Maybe in a few decades we'll have fully homomorphic encryption built into operating systems. The demand is already there with cloud systems.
Only makes sense when the computing provider isn't trustworthy (aka cloud computing). I really hope homomorphic encryption becomes popular and cheap but it's useless for computing on trusted hardware.
You have to be autistic to notice a performance loss with AES
>600 MB/s instead of 700 MB/s
>how will I cope
MB/s
If that's your actual AES throughput you have a shitty CPU.
With the hardware AES stuff you are in the GB/s.
No user those numbers are for SSD read speeds before and after.
Yes? And I was telling the idiot that there won't be a CPU bottleneck unless they are using a piece of hardware without hardware AES units.
Might be a bit different for random IO though, since I think it needs to set up the AES engine more often then, and that could indeed be a limiting factor.
Theft, nigga
>15% reduction in throughput
>You have to be autistic
Doesn't hardware encryption have backdoors in it?
Yes you lose performance if you use software encryption.
use ssd hardware encryption
Yeah I'll notice when I'm trying to access terabytes of trap porn as fast as possible.
>Theft, nigga
Are you actually this dense?
Unless you want to protect against coldboot like attacks, this is just inane.
And if your target is actual coldboot like attacks, you can't do anything with the data you are doing your homomorphic encryption on.
And let's not start talkinga bout the CPU and memory overhead of any currently possible implementation.
>backdoored shit
i'd rather have no encryption
This is a problem I actually have
>i'd rather have no encryption
that's not very logical.
It's hard to say if it's backdoored, probably not. They are selling this to corporations and a backdoor would be a big shitshow.
Unless you're a terrorist it's not going to matter because nobody is going to use a secret backdoor to catch you.
Tldr: don't listen to the nocrypt niggers in this thread
SSDs are very hard to wipe properly so often the ONLY solution is to write encrypted data and nothing else. You'll never notice the difference in performance with AES stop being retarded.
The super common samsung ssds are advertised as hw encrypting but there is seemingly no way to actually change the keys with most consumer soft/hardware afaik. Does anyone actually know how to use that crap?
it wouldnt be, it would be just a "hack" or security hole which would be patched quick after its public release, the makers of hdd/ssd woud just say that they were hacked (probably by russians or something) and shit happens
Don't use hw encryption on drives. IIRC the keys are saved at the factory in case law enforcement want them. Not being able to modify how it works is intentional.
um you are encouraged to change the key, that's how ssd secure erase works in fact
(((secure)))
you cannot access the mechanism responsible for generating and storing of master keys. I do not exactly knw how hardware encryption works on popular drives but who is to say that the copy of generated key is not stored somewhere on a drm chip or that the actual keys are secure and unbreakable? are master keys even generated at all? it could be the case that secure erase basically just deleting internal file table/block structure, or just making a new table elsewhere on ssd, so while dumping whole ssd on your win laptop will only give you old encrypted raw data, with specialist hardware it may be possible to recover all sectors including old table of internal structure, in anyway there tons of possibilities how hardware encryption and "secure erase" could be compromised by drive manufacturers
hardware reverse engineering is not outside the realm of corporations. I think it would have leaked by now.
Anyway worrying about ssd encryption is pretty pointless when you have a blackbox ME running on your cpu (or amd's equivalent)...
>using any non-thermite method for secure erase
>taking a hardware manufacturer's word on anything
The real problem is trim. If you want to hide empty space, you have to fill it with random data. But if you do that, you can't trim it or mark the blocks as unused. This is a negative for wear leveling and life span of the drive.
Also this. SSDs tend to have hidden blocks which are used to replace any bad blocks and are used in wear leveling. These blocks are not normally accessible by anything the device is attached to, as they are only used internally. These blocks could hold important information which could be telling.
why would they do that? they are 'assured' by drive manufacturers that their encryption is good, if it gets hacked big time they will sue or claim insurance, if they deal with western governments (and most do) then that would be like shooting your corporation in the foot, guberment is good and is protecting corporations using various methods (installing goverment backdoor to 'protect' citizens is one of them)