Windows Thread, Encryption and device speed in Technical; Following on from this topic, does anyone find once the device has had encryption software on it is alot slower ...
14th November 2011, 06:35 PM #1
Encryption and device speed
Following on from this topic, does anyone find once the device has had encryption software on it is alot slower and has a huge performance hit on it?
I have used McAfee Safeboot and Checkpoint on devices and found both to kill the device if I am honest with you.
Anyone else experiencing problems or is it just me and my setup?
14th November 2011, 07:04 PM #2
Any encryption software for laptops or USB sticks will always slow things down.
This is why a VPN connection is a lot better. The connection is encrypted, but with any decent broadband connection you don't notice any difference. All data is kept secure at your school or business, as it doesn't actually leave the site.
14th November 2011, 07:09 PM #3
The way we work we all have laptops so have to be encrypted because we work all over and do not have fixed desks its all they offer us.
Would love to use a 2 factor authentication and some sort of secure gateway from my home PC.
14th November 2011, 07:31 PM #4
If you have an Intel or AMD processor which supports AES-NI the performance hit is much less (approx. 17.5% slower with BitLocker enabled). Using SSDs instead of HDDs would be another way to make the encryption barely noticeable.
SandForce introduced full disk encryption starting in 2010 with its SF-1200/SF-1500 controllers. On SandForce drives all data written to NAND is stored in an encrypted form. This encryption only protects you if someone manages to desolder the NAND from your SSD and probes it directly. If you want your drive to remain for your eyes only you'll need to set an ATA password, which on PCs is forced by setting a BIOS password. Do this on a SandForce drive and try to move it to another machine and you'll be faced with an unreadable drive. Your data is already encrypted at line speed and it's only accessible via the ATA password you set.
Intel's SSD 320 enables a similar encryption engine. By default all writes the controller commits to NAND are encrypted using AES-128. The encryption process happens in realtime and doesn't pose a bottleneck to the SSD's performance.
The 320 ships with a 128-bit AES key from the factory, however a new key is randomly generated every time you secure erase the drive. To further secure the drive the BIOS/ATA password method I described above works as well.
A side effect of having all data encrypted on the NAND is that secure erases happen much quicker. You can secure erase a SF drive in under 3 seconds as the controller just throws away the encryption key and generates a new one. Intel's SSD 320 takes a bit longer but it's still very quick at roughly 30 seconds to complete a secure erase on a 300GB drive. Intel is likely also just deleting the encryption key and generating a new one. Without the encryption key, the data stored in the NAND array is meaningless. (Source
By mrbios in forum Windows 7
Last Post: 2nd September 2010, 06:15 PM
By teckedd in forum Windows 7
Last Post: 8th December 2009, 12:07 PM
By TechSupp in forum O/S Deployment
Last Post: 29th June 2009, 02:15 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)