17

I've been comfortable using TrueCrypt volumes to protect various sets of files on my computers. But I've gathered there can be more convenience and security to be had be encrypting the full hard disk, since everything will be encrypted.

I purchased a netbook recently (an Acer Aspire One), and wonder how much of an impact an always-on encryption process will have. The netbook has a somewhat slow processor, but runs acceptably as it is. Visual Studio is usable, an important criteria.

On any decent machine, with faster, and multiple, processors, this is likely a minor issue. But given the slower processors in netbooks, will full-disk encryption with TrueCrypt have any serious effect?

Grant Palin
  • 1,112

5 Answers5

13

according to http://www.ghacks.net/2009/11/26/bitlocker-versus-true-crypt-performance/ you will experience somewhat between 20% and 30% percent slowdown.

according to http://technet.microsoft.com/de-de/library/ee449438(WS.10).aspx#BKMK_Performance you will experience less than 10% slowdown.

(bitlocker and truecrypt put similar workload to the system)

the truth will be more towards the 20% penalty.

akira
  • 63,447
2

The performance hit is not noticeable. I clocked the compilation of 310,00 lines of C++ from 700 source files which produces over 150 MB of output. I did a clean build 5 times in a row on a non-encrypted drive, encrypted the drive with TrueCrypt, and did again a clean build 5 more times. I was unable to notice any difference on my notebook. My notebook does not have the AES-NI instructions, so if your notebook is recent, the encryption will be about 10 times faster. A friend of mine has a notebook where the processor supports the AES-NI instructions, and get a benchmark of 2.5 GB per second for encryption and decryption speed.

Daniel Morin
  • 21
1

Running Truecrypt on a Netbook will pose a few interesting issues. First, if you are using TrueCrypt to encrypt the entire system drive, then you will likely notice some slowness as other folks have noted. This is especially going to be true if you have an SSD. (It's not that encrypting/decrypting from an SSD is slower than it is from an HD, but just that an SSD is a lot faster than an HD, so the relative slowdown is much greater for an SSD.)

To get an idea of how fast you will be able to read/write an HD encrypted with Truecrypt, you can run a benchmark from within the Truecrypt program. The value you get from this benchmark will tell you the most throughput you can expect when reading your drive. Average throughput will likely be somewhat slower than this, as your CPU will usually be doing more things than just encrypting/decrypting.

There is, however, another thing to consider when running Truecrypt on SSDs. In order to extend their lives, manufacturers use a technology known as wear leveling. https://secure.wikimedia.org/wikipedia/en/wiki/Wear_leveling Since you can only rewrite each memory cell on an SSD drive a certain number of times before it wears out, drive manufacturers spread writes out over the drive. This way, if there is a particular file that you modify frequently, the portion of the drive that holds that file won't wear out, because the drive will move that file to a new location each time it's rewritten.

However, when you tell Truecrypt to encrypt the entire drive, it encrypts the entire drive. This includes all the data on the drive, and all of the empty space. If the drive is an SSD, when you write to the drive, the SSD has no choice but to save files where they were, because as far as it's concerned, the drive is full. So, the wear leveling feature can't work, and you are likely to start to lose portions of your drive much faster than if it wasn't encrypted.

Good luck. figuring out how to use Truecrypt on a Netbook can be a challenge.

sleske
  • 23,525
Aaron
  • 111
0

As seen in this benchmark, and in my own experience installing various computers, it doesn’t affect speed in a perceptible manner.

But it does sensibly affect access time, which you can clearly notice in the form of micro-shutter while gaming or performing background file downloads, compilation or rendering.

Alberto Salvia Novella
  • 360
0

To tell the truth, what impacts your performance with full disk encryption is the amount of RAM you have on your Netbook. You'll feel like using a slower hard disk, just that. It is not bad, I am able to run some games and even MMORPGs on my netbook. But common usage is not heavy I/O operations in such small computers.

BUT, you need a swap file to cope with the small RAM and you'll notice a heavy impact if you need enough memory at the same time, like using a client for your email or using multiple tabs on your webbrowser. Because everytime you computer needs more virtual memory it is going to read/write on your disk. An alternative would be to use a unencrypted partition and place the swap there or use a usb or sd for ReadyBoost technology.

Anyway 2 GB of RAM and full disk encryption works for me. It is slow but pretty usable. I can perform ftp backups, run games, use multiple chat clients, thunderbird and two webbrowsers and a swiss army knife of small tools runnning in the background.

I tested both Windows with Truecrypt and Linux with LUKS, both with graphics acceleration... and to be sincere i see the impact of antivirus heavier than the encryption. Linux was smoother than Windows.

One recommendation for Truecrypt, if you are planning to buy a Netbook and full disk encryption is a need for you try to find one with AES instructions set on the CPU. If not then run a benchmark and use the best algorithm from the list. I see than AES is not the best on Atom CPUs.

One recommendation for LUKS, use multiple encrypted partitions to spawn more than one thread and use one of them for swap. In some old implementations and for previous kernels LUKS is not using multiple cores or threads of your CPU, becoming a bottleneck on your system. (But that affects not only Netbook but all computers)

cablop
  • 178