I posted this on the LinusTechTips forum with no response, so I'm wondering if anyone over here can help me out, since I know Logan & Wendell are pretty big on security, I figure you guys are too. Also, 4chan was a gongshow. But alas:
For a while now I've been meaning to encrypt my laptop in case it gets lost, I don't want my files to be potentially vulnerable. I've been weary though because I've heard that
TrueCrypt does not recommend using their software on SSD's that have wear-leveling (most of them nowadays)
Somewhat noticeable performance decreases
Added read/write cycle to SSD that could reduce lifetime
The SSD I have in my system is a Samsung 840 (non-pro), and I can't find any information if it accepts hardware real-time AES encryption that some drives/controllers do. If it does then that means I don't have to use any software and there won't be any speed reductions, correct? If it doesn't, would it be worth it to buy a drive I know has it, like the 840 EVO?
Could Bitlocker be a viable solution here? I don't have TPM module but I can enable Bitlocker without it. Or can I use TrueCrypt even though they don't recommend it? And are there any encryption methods that allow for OTP (One Time Passwords) so I can use my Yubikey with them instead of using a static password? That would also be idel
And what if my system has two disks and I want to encrypt both? One is the SSD I mentioned before and the other is a normal HDD. In this case would I use hardware encryption on the SSD and a solution like TrueCrypt on the HDD?
I know I have a lot of questions here, but this stuffs a bit confusing; if anyone has any input (like if the 840 allows hardware encryption), it would be greatly appreciated, thanks!
Because BitLocker does not really change the usage characteristics of the drive other than changing the data itself (e.g. it does not cause the OS to write randomly instead of linearly), it should have the same impact on an SSD that it would have on platters. That is, I would still expect the 20%-10% decrease in performance that MaximumPC found, as mentioned in the thread you link to. Note that the speed of BitLocker may be bottlenecked by either the processor or the drive. That is, if the processor can encrypt/decrypt faster than the drive can read/write data, then file I/O will occur at near the speed of the drive. If your processor is overtaxed, the processor may limit file I/O speed (although I believe hardware-accelerated cryptography should minimize the likelyhood of this happening).
I've seen that before, but it doesn't really answer some of my questions. Does this introduce more wear and tear on the SSD? Does TrueCrypts statement about not being able to overwrite the volume header when I change the key due to wear leveling still apply, enabling security risks?
Also, if I enabled BitLocker on my boot drive, it will ask me for a password at startup, correct? Can I make that password decrypt both the boot SSD and secondadry HDD at the same time?
I don't think my SSD supports it (happy to be proven wrong here), it's the Samsung 840 (non-pro). Even if it did, apparently in order to enable the hardware based FDE my laptop requires a TPM module, which it does not have
I've also read that the hardware encryption on SSD's isn't really ready yet, and that they aren't OPAL compliant. I guess some is better than none, but I'm mainly wondering if it's safe to use software encryption on SSD's. If not, then I guess I'm out of luck