<< Laser Hair Removal 11, Reed College, Professor Layton, and Outlook Catastrophe | Home | Epinephrine Reversal >>

Performance Impact of Full Disk Encryption

I'm running this laptop at work that has full disk encryption and a real-time virus scanner on it and it feels like it's dog slow all the time. It's not a CPU or memory issue, either - it's that my disk is constantly churning and I'm I/O bound.

I knew that the the encryption had an impact, but I never realized how much until I found these benchmarks. Looks like I'm about doubling the amount of time it takes for disk I/O, not counting the real-time virus scanner overhead.

I'm all about security and all, but man, what I wouldn't give to just have a separate data partition encrypted and leave the system partition unencrypted.

Print | posted @ Tuesday, June 10, 2008 9:44 AM

Comments on this entry:

Gravatar # re: Performance Impact of Full Disk Encryption
by Aaron Jensen at 6/10/2008 10:30 AM
You could get one of these Western Digital VelociRaptor 300GB, 10k RPM, 2.5" drives. Yummy. If I had $300, I would have one yesterday. Not sure if it would help, but it wouldn't hurt.
Gravatar # re: Performance Impact of Full Disk Encryption
by Ross F. at 6/10/2008 10:46 AM
I feel your pain. We're in the same boat where I work. We, as developers, have a problem; encryption and Virus Scans are hindering our ability to work. So, what can we do about it? Would a faster hard drive help? Are there utilites to show the effects of encryption? I've been searching for one myself, but have not had any luck.
Gravatar # re: Performance Impact of Full Disk Encryption
by Travis Illig at 6/10/2008 10:51 AM
Faster drives might help, but if you look at the stats, encryption looks like it about doubles I/O time - going from 7K to 10K RPM drives isn't going to cut I/O time in half to compensate.

My personal feelings are that full drive encryption doesn't really get you anything. Create two partitions - one for data, one for your system and programs - and just encrypt your data partition.

Only problem with that is that users generally don't have the discipline to remember to put data on the correct partition, and some programs don't behave themselves or let you choose where to store data, so you have to do some work to ensure this holds up.
Gravatar # re: Performance Impact of Full Disk Encryption
by Alexander Scoble at 6/13/2008 10:27 AM
Problem is you aren't protecting ANYTHING if you don't protect the OS.

Windows is very easy to crack if you have physical access to the hard drive. And since any manageable encryption scheme will be tied to your domain account, simply unlocking this account will gain access to the encrypted partition.

Also the link that you provided doesn't provide any data for the product we actually use.

Lastly, a 100% reduction in disk IO does not equate to a 100% reduction in system speed.

Full disk encryption is the only way to ensure that data stored on a laptop is reasonably safe if the laptop is stolen.
Gravatar # re: Performance Impact of Full Disk Encryption
by Travis Illig at 6/13/2008 12:01 PM
OK, great, then protect the OS and the data. The slowdown is with the apps anyway. The point is, the system becomes not just bottlenecked by the disk but *crippled* by the lack of speed. A 100% slowdown in disk may not be a full system performance reduction of 100%, but it can pretty easily approach the 50% mark.

It also really depends on the apps you're using. Some apps are more disk intensive than others. I'd wager you're not as hindered by disk-intensive apps as I am.

Your comment:

Title:
Name:
Email:
Website:
 
Italic Underline Blockquote Hyperlink
 
 
Please add 2 and 6 and type the answer here: