How much will full-disk encryption slow down a netbook?
2014-02
Grant Palin
I've been comfortable using TrueCrypt volumes to protect various sets of files on my computers. But I've gathered there can be more convenience and security to be had be encrypting the full hard disk, since everything will be encrypted.
I purchased a netbook recently (an Acer Aspire One), and wonder how much of an impact an always-on encryption process will have. The netbook has a somewhat slow processor, but runs acceptably as it is. Visual Studio is usable, an important criteria.
On any decent machine, with faster, and multiple, processors, this is likely a minor issue. But given the slower processors in netbooks, will full-disk encryption with TrueCrypt have any serious effect?
akira
according to http://www.ghacks.net/2009/11/26/bitlocker-versus-true-crypt-performance/ you will experience somewhat between 20% and 30% percent slowdown.
according to http://technet.microsoft.com/de-de/library/ee449438(WS.10).aspx#BKMK_Performance you will experience less than 10% slowdown.
(bitlocker and truecrypt put similar workload to the system)
the truth will be more towards the 20% penalty.
Daniel Morin
The performance hit is not noticeable. I clocked the compilation of 310,00 lines of C++ from 700 source files which produces over 150 MB of output. I did a clean build 5 times in a row on a non-encrypted drive, encrypted the drive with TrueCrypt, and did again a clean build 5 more times. I was unable to notice any difference on my notebook. My notebook does not have the AES-NI instructions, so if your notebook is recent, the encryption will be about 10 times faster. A friend of mine has a notebook where the processor supports the AES-NI instructions, and get a benchmark of 2.5 GB per second for encryption and decryption speed.
sleske
Running Truecrypt on a Netbook will pose a few interesting issues. First, if you are using TrueCrypt to encrypt the entire system drive, then you will likely notice some slowness as other folks have noted. This is especially going to be true if you have an SSD. (It's not that encrypting/decrypting from an SSD is slower than it is from an HD, but just that an SSD is a lot faster than an HD, so the relative slowdown is much greater for an SSD.)
To get an idea of how fast you will be able to read/write an HD encrypted with Truecrypt, you can run a benchmark from within the Truecrypt program. The value you get from this benchmark will tell you the most throughput you can expect when reading your drive. Average throughput will likely be somewhat slower than this, as your CPU will usually be doing more things than just encrypting/decrypting.
There is, however, another thing to consider when running Truecrypt on SSDs. In order to extend their lives, manufacturers use a technology known as wear leveling. https://secure.wikimedia.org/wikipedia/en/wiki/Wear_leveling Since you can only rewrite each memory cell on an SSD drive a certain number of times before it wears out, drive manufacturers spread writes out over the drive. This way, if there is a particular file that you modify frequently, the portion of the drive that holds that file won't wear out, because the drive will move that file to a new location each time it's rewritten.
However, when you tell Truecrypt to encrypt the entire drive, it encrypts the entire drive. This includes all the data on the drive, and all of the empty space. If the drive is an SSD, when you write to the drive, the SSD has no choice but to save files where they were, because as far as it's concerned, the drive is full. So, the wear leveling feature can't work, and you are likely to start to lose portions of your drive much faster than if it wasn't encrypted.
Good luck. figuring out how to use Truecrypt on a Netbook can be a challenge.
cablop
To tell the truth, what impacts your performance with full disk encryption is the amount of RAM you have on your Netbook. You'll feel like using a slower hard disk, just that. It is not bad, I am able to run some games and even MMORPGs on my netbook. But common usage is not heavy I/O operations in such small computers.
BUT, you need a swap file to cope with the small RAM and you'll notice a heavy impact if you need enough memory at the same time, like using a client for your email or using multiple tabs on your webbrowser. Because everytime you computer needs more virtual memory it is going to read/write on your disk. An alternative would be to use a unencrypted partition and place the swap there or use a usb or sd for ReadyBoost technology.
Anyway 2 GB of RAM and full disk encryption works for me. It is slow but pretty usable. I can perform ftp backups, run games, use multiple chat clients, thunderbird and two webbrowsers and a swiss army knife of small tools runnning in the background.
I tested both Windows with Truecrypt and Linux with LUKS, both with graphics acceleration... and to be sincere i see the impact of antivirus heavier than the encryption. Linux was smoother than Windows.
One recommendation for Truecrypt, if you are planning to buy a Netbook and full disk encryption is a need for you try to find one with AES instructions set on the CPU. If not then run a benchmark and use the best algorithm from the list. I see than AES is not the best on Atom CPUs.
One recommendation for LUKS, use multiple encrypted partitions to spawn more than one thread and use one of them for swap. In some old implementations and for previous kernels LUKS is not using multiple cores or threads of your CPU, becoming a bottleneck on your system. (But that affects not only Netbook but all computers)
Gareth
I'm getting a new development laptop soon, and I'm thinking of using TrueCrypt to encrypt the whole disk.
What kind of performance drop can I expect? 10%? 30%? More? Also, assuming the workload has an effect, would compiling/using Visual Studio be affected much? I cannot seem to find anything like this on the web.
slhck
I don't have specific numbers, but there will be some drop in performance, albeit a slight one.
There was a blog post that described the general performance of complete disk encryption on a system partition and how that can affect the users perceived performance. It seems to indicate that CPU takes a bigger performance hit than the hard disk:
For me the critical question was what kind of overhead does encrypting your hard drive have on the performance of the system as a whole. To try and measure this I used HDTune to measure drive performance before and after encryption with TrueCrypt. Before encryption I saw an average transfer rate of about 47MB/s with my laptop's SATA drive in AHCI mode. Max was about 59.9MB/s and a burst rate of 85.8MB/s with an average CPU usage of 4.1% throughout the test.HD Performance before Truecrypt
After encryption I saw an average transfer rate of 46.9MB/s, peak of 59.7 MB/s, burst of 62.9MB/s and an average CPU usage of 26.7%. I didn't expect it, but that's where I saw my hit. It makes sense when you think about it - the encryption/decryption of the data generally doesn't result in reading/writing significantly more data (encryption and decryption is done at the block or sector level not at the entire file level) so you don't see substantially reduced disk performance.
Tom's Hardware also has a good article, "Protect Your Data With Encryption", that details the performance implications of using TrueCrypt on a complete volume.
Also, see Scott Gu's blog post regarding the speed of the physical hard disk (i.e. the RPM) (Tip/Trick: Hard Drive Speed and Visual Studio Performance) which can make a big difference to Visual Studio's performance whether encryption is employed or not.
There's another post here: What is the Performance Impact of System Encryption With TrueCrypt
Jason Brown
I've TrueCrypted my netbook HD (a Samsung NC10). There's no noticeable difference in day-to-day usage (but I don't do anything heavy like compile or use PhotoShop), apart from hibernating and restoring from hibernate, which is dramatically slower.
If you do Tools | Benchmark from within TrueCrypt, you can see the encryption rates for the different ciphers. Use the number of MB/s to determine how long it will take to dump the entire memory to disk. My NC10 take roughly 90 seconds to hibernate (with TrueCrypt), which is inconvenient, but not as inconvenient as it would be if I lost the netbook and had to deal with someone having access to all of my data.
mhenry1384
I did a number of tests compiling a large project (takes about 10 minutes to compile) on a Windows 7 desktop. There was absolutely no difference in my build times before and after TrueCrypt-ing the hard drive (using AES).
galaktor
I already did this. Performance did not drop that much. De-/Encryption is performend in memory. And the newer versions mobilize multiple cores if available. You should settle with the fastest encryption method for more speed. You can benchmark the algorithms in TrueCrypt. AES is the fastest one, using combined encryption will slow down more.
I did not notice any performance backdrop at all, even though there must have been some. Check wikipedia for remarks on performance.
Jonas Pegerfalk
If you plan to encrypt the whole disk the performance drop should actually not be that bad. Unfortunately, I don't have any numbers but the system seems to have about the same performance as before encrypting the disk, when running a standard development environment such as Visual Studio, SVN etcetera.
A file based volume however is much slower and many tasks can take twice the time (again, I don't have any numbers but it is significantly slower).
At the end of the day, all other programs that you install on your computer will probably have much more impact on the general performance than encrypting the system disk.
angrywill
for what its worth, I have a 4 core (8 threads) machine and use a 1TB partitioned disk, 500GB encrypted and 500 GB non encrypted. Compiling a project on the encrypted partition takes 40 minutes or so and the CPU is idle for most that. Compiling on the non encrypted disk takes around 6 minutes. That's with multiprocessing compiling enabled in VS2010. I think the encryption becomes a severe bottle neck when you have many cores.
Thomas.S
My employer install PGP whole disk encryption on my Lenovo W500 and the subjective perfomance hit is a 30% to 50%. Everything is much, much slower. Most importantly start up and all program starts are delayed remarkably. Next issue: is disk defragmentation still working - cannot find any information and the performance hit may indicate there is some kind of issue. Recommend what I do at home: Encrypt data only, don't use hybernation, and ask yourself how important are your data that someone makes the effort to analyze your pagefile.
slipbull
I'd expect performance to drop heavily when writing but not as seriously when reading. You could monitor your Visual Studio disk and memory usage, compare it with what you can find in the web, and use delayed disk writes whenever possible.
tombull89
I was TrueCrypt on a 500GB HDD and I am not seeing any performence issues.
But I have partition it so only my OS and Files are using TrueCrypt. The Program Files are in a Different Drive.
BDM
I´ve my entyre laptop encrypted since october 2012, i do complile, play, play movies, and no problems, it is slower but imperceptible. I only had some issue tryng to compile a DVD using MS DVD Maker, it takes more than 2 hours, but really i dont know if is because of i use TC, nevertheless i do need use TC because of safe and ri$k$ with my info, the if you don´t need to protect sensitive info is better not to encript.
Good Look.
Intel Core I7 1,6 - 2,8 MHz x 8 T. 8GB RAM 1 G DDR3 ATI RADEON.