5

Possible Duplicate:
Does full-disk encryption on SSD drive reduce its lifetime?

I would like to encrypt an entire USB flash ("thumb") drive (as sdb, not sdb1) with cryptsetup. Will this encryption adversely affect the life of the drive or its reliability by interfering with the wear-leveling?

From a discussion about encryption on solid states drives:

The makers of the open source encryption software True Crypt for instance recommend that "TrueCrypt volumes are not created/stored on devices (or in file systems) that utilize a wear-leveling mechanism (and that TrueCrypt is not used to encrypt any portions of such devices or filesystems)".

My interest is regarding the reliability of the drive over time, rather than potential security leaks which may result from encrypting a USB flash drive.

Links

  1. A similar question on Security.SE includes a link to a discussion on wear-leveling on the TrueCrypt web-site.
  2. Durability and performance testing of TrueCrypt on an SSD. The recommendation is to leave unpartitioned space on the drive for wear-leveling.
  3. Another TrueCrypt/SSD discussion which mentions leaving unpartitioned space. The author reports that encrypting the whole drive is the same as completely filling it with data. That is not my understanding on whole-drive encryption.

Edit

After further thought, the solution may be to create a single encrypted file container on the drive, rather than encrypting the entire drive. If this file did not occupy the entire drive, then (presumably) the drive's wear-leveling process would work as normal.

Community
  • 1
SabreWolfy
  • 594

1 Answers1

2

Your approach of having an encrypted "container file" is ideal. But if you can avoid it, try not to put a lot of small, frequently-modified files within the encrypted container. It's a good compromise to put only sensitive data within an encrypted archive or nested filesystem, and try to ensure that encrypted data is written to a minimum of times. You can of course read it as many times as you want (there's no limit on reads) but encrypted writes will degrade the disk over time in a similar way to an unencrypted write.

Basically the point being, very frequent writes are bad regardless of whether they're encrypted. Infrequent writes are fine regardless of whether they're encrypted. The encryption overhead in terms of storage and write complexity is not significant enough to make that big of a difference. If you're writing frequently enough to kill the drive in a couple years' time, then you're going to kill it in a couple years' time -- regardless of encryption or not.

BTW, wear leveling is often done in the firmware of the drive, so you can't really expect something at a higher layer like an encrypting filesystem to interfere with that.

allquixotic
  • 34,882