07-24-2015 08:36 AM
I know much has been said on encryption on SSDs, but I'm having a difficult time coming to an informed decision about encryption options for my Crucial MX100(256GB).
My plan is to partition my MX100, and then encrypt only the second partition, as follows:
- C:/ 140GB (system files)
- D:/ 100GB (personal data) encrypted. My plan was to use Truecrypt, which I have used a lot with my older hard drives.
I was wondering if anyone here is familiar with pros and cons to this. My understanding is there are concerns that TRIM is not handled properly with encryption software like Truecrypt, and this among other things (complex SSD tech-talk that I couldn't understand) could cause excess wear or harm to the SSD.
Any recommendations or tips would be greatly appreciated. Thanks!
07-25-2015 12:03 AM
07-25-2015 12:12 AM
07-25-2015 08:43 AM - edited 07-25-2015 10:48 AM
Unfortunately, I don't have UEFI. I'm on Windows 7 but will be jumping to Windows 10 this week.
I appreciate the tips. Yeah you're right, it looks like bitlocker would be ideal, but I think that option nis unavailable without UEFI. [Edit: I will look more into bitlocker, as I've just read it doesn't require UEFI.]
Although Truecrypt is technically unsupported now, I still think it is a frontrunner for encryption. I know there are a few other options, like Veracrypt, etc. So I could look into other similar options. I'm just wondering if there are other ways. If i encrypted the ENTIRE drive with truecrypt or other, would that also still put wear onto the SSD?
I don't have nuclear codes or something EXTREMELY high risk on my computer, but I do feel strongly about protecting personal data, like banking, taxes, etc. I'd like to encrypt 80-100GB of data on the drive. I'm not opposed to encrypting the whole thing though. I'm just trying to gauge how significantly it would affect my SSD in speed and wear. I haven't been able to find a clear solution online. Too bad the UEFI option isn't available to me at this time.
07-25-2015 10:58 AM
07-25-2015 11:06 AM
07-27-2015 01:26 AM
As far as I know Bitlocker is available in Pro version of Windows and if your are going to free upgrade from Windows 7 Home it will not upgrade to Windows 10 Pro.
The data on your SSD are being stored encrypted all the time. Using AndyCalling's terminology you can choose one of the 'gate keepers' to that hardware encryption, eDrive Bitlocker or ATA password. Personally I use ATA password protection, easier to enable/disable, no interference from OS and it's bugs.
However I believe that if you are used to using truecrypt you could try to use it exactly the way you have planned to, that is to encrypt only 100GB data partition.
Let's say I have a 256GB SSD with OS, some apps and 100GB of personal data (pictures, documents, taxes declaration, few movies). My personal data is almost completely static, I do not move it, no erasures and barely no changes to the files (most of them are photos and movies). If I would encrypt my personal data only I would have another set of 100GB static data and I believe the SSD's controller would treat it similar way. Since still there would be a part of OS partition with empty space and TRIM would work on that partition with no problem I think that is a scenario that could work well.
I am not sure about that but if I would be about to use truecrypt I would try to use it that way
07-27-2015 10:08 AM - edited 07-27-2015 06:40 PM
Thanks guys, you guys have clarified things far better than hours of research that I'd attempted.
I'll just summarize what you guys said and what my options are for SDD encryption, to see if I'm understanding things.
1. eDrive Bitlocker (requires Windows Pro/Enterprise. Not available on Home editions)
2. TCG Opal (requires UEFI compatibility in BIOS)
3. ATA password (older BIOSes usually have this)
4. Software (Truecrypt, veracrypt, many others).
Since 1. I'm on Windows Home, and 2. my BIOS doesn't support UEFI, I'm limited to option 3 and 4.
Option 3: I'll post a screenshot. I'm assuming my ATA Password option would be "HDD/SDD Password Select" from the picture below. Does this mean BIOS would modify the actual SSD to require a password? If I removed the SSD and used it as an external drive on another computer, for instance, how would it request for my password? I can't find much information online (every search result shows people freaking out about how to crack their forgotten password. The good news is it sounds like it's very effective!).
Option 4: Software (eg Truecrypt). A disadvantage is that the software option may or may not have TRIM support for the encrypted portion of the drive (Truecrypt claims to, but using Truecrypt is debatable (due to the circumstance of the project being abandoned)). In addition, the entire encrypted partition would be seen as "used" by the SSD. For instance, if I were to partition my SSD into eg 140GB C:/ and 100GB D:/ and i encrypted only the D:/, then the SSD would see all 100GB as "used". Therefore, to keep the SSD running well, I would want to keep quite a bit of space open on my C:/.
Hope I"m understanding it all correctly. Thanks again for the great info!
07-30-2015 10:08 AM
That bios screenshot shows just the right setting, the 'HDD/SDD Password' options are the ATA password options we are referring to (firmware tends to name things differently sometimes). That is your best bet considering your hw/sw limitations. That will give you full hardware encryption on your SSD which will have zero impact on speed and longevity. So long as you have a decent complex password (try http://www.passwordcard.org/en if you haven't before) that is going to be the best and the fastest encryption option you could choose.
Go for it!