Hi everyone,
as my thread from yesterday about shredding SSD’s the right way already was very helpful, another follow-up topic came to my mind, which may also be interesting for me and maybe others too.
Since many PC’s often use SSD’s and less harddrives nowadays it may be interesting to discuss the full-disk encryption of it.
First of all some questions, which came to my mind:
- Does the encryption of a SSD decrease its performance (read/write-speed) significantly?
- How does the encryption affect the wear-leveling of the SSD and what should be considered to ensure a safe encryption?
- Will functionalities like hibernation still work? Are maybe other functionalities affected in a negative way?
I already successfully full-disk encrypted my old laptop (harddrive) with the instructions from StackExchange. My computer has a 1TB SSD + 1TB harddrive and I wish to encrypt completely everything, that’s not technically necessary. I want to use Debian as my distro. Could this instruction work the same way as with harddrives?
I’m interested in your knowledge about this.
~sp3ctre
I read this week that one should use LUKS2 on SSDs. That is block based encryption so some information is leaked, like how much data is on the drive and how much changes. But I guess this makes it easier for the SSD to manage its health.
isn’t all the disk encryption standards supported by cryptsetup are like that? so LUKS1, veracrypt, bitlocker, etc
As far as I understand it with LUKS1 the whole partition is filled with random looking data and when something changes it does so at random points which doesn’t let you see how much data really changed or how much is actually useful data.
But my knowledge is really really spotty, so I might have understood something incorrectly.
hmm I’m not sure, I think that would throw sequential read/write performance out of the window, surely on HDD, maybe even on SSD to an extent. but, such a thing can probably be added with a device mapper device.