While many SSDs come with hardware-based encryption, which does all the processing directly on the drive, Windows 11 Pro force-enables the software version of BitLocker during installation, without providing a clear way to opt out.
Said by AutoTL;DR
As TWeaK replied to you, 20-40% is too much to say it is viable for daily usage. Most of SSD already has good encryption methods and an easy way to safely wipe data without re-writing each byte. That’s efficiency.
Win 11 comes pre-installed with newer computers, which normally has the latest SED mechanism available. Isn’t it? I don’t see the need to overthink how to encrypt data if there is a method that doesn’t slower your disk usage already.
Btw, hw-based encryption is always a compromise betwen security, speed and cost. And holes in the blackbox firmware can only be fixed with updates, as long as supported and if the vendor is willing to.
True, but you’re limited in many, many ways before the SSD. Downloading the game? Network bottleneck. Playing the game? GPU/CPU bottleneck. (Not to mention, if a game is attempting to access multiple gigs of stored data every second, there’s likely something wrong with that game.)
Installing the game, absolutely. But you only do that once, and I doubt you’re installing a 500GB game daily.
I’m not really sure what some modern games are doing (compression and deltas?), but they can be extremely read/write heavy after the download finishes.
It’s almost like they’re decompressing a 20 GB file, then applying deltas against an 80 GB file by pattern matching or something obscene.
Chrome has it down pretty well, but I feel like the game studios just said “to hell with it, everyone has a high-end rig anyway.”
I work with data wiping, and old drives needed to re-write multiple times (https://en.wikipedia.org/wiki/Data_erasure#Standards). That lowers the hard drive life/health, while SSD just needs to reset the encryption key.
… Then you would disable auto adoption of newly connected drives into bitlocker, would you not?
This is like complaining that the login screen pops up every time for a machine that doesn’t need security. Just change the setting instead of complaining about a niche use case.
The majority of users won’t notice a slowdown of even 50% on an SSD. It won’t effect game performance, your network will bottleneck before your SSD in any internet download, most users don’t interact with extremely large sets of data which is needed asap on the regular.
You’re essentially only going to have a problem, in daily use for the average user, in (un)packing large sets of data, or moving large sets of data between drives. Things most people don’t do regularly.
So a slight alteration to my question, how exactly does this negatively affect most users in daily usage.
SSDs, unless you buy a specifically encryption supported drive, are not encrypted. If it doesn’t indicate SED, SED non-FIPS or a FIPS certification level, the drive doesn’t have an encryption circuit.
They should still be using the CPU’s built-in AES hardware acceleration, yes? It seems they have good reason not to trust the SSD to handle the encryption but that doesn’t mean it has to be entirely implemented in software. CPU-accelerated AES shouldn’t be that much slower.
Doesn’t really seem like news to me, encryption makes communication slower, that’s pretty standard.
Said by AutoTL;DR
As TWeaK replied to you, 20-40% is too much to say it is viable for daily usage. Most of SSD already has good encryption methods and an easy way to safely wipe data without re-writing each byte. That’s efficiency.
Unless you purchase a SED-non FIPS or FIPS SSD, no, they don’t
ATA Secure Erase is a god send for SSD.
Win 11 comes pre-installed with newer computers, which normally has the latest SED mechanism available. Isn’t it? I don’t see the need to overthink how to encrypt data if there is a method that doesn’t slower your disk usage already.
Btw, hw-based encryption is always a compromise betwen security, speed and cost. And holes in the blackbox firmware can only be fixed with updates, as long as supported and if the vendor is willing to.
Yeah, that’s why I just use LUKS which doesn’t slow my HD almost 50%.
You’re routinely reading and writing multi gig files in daily life? O.o Do you work with video editing or something?
I would see myself saying that not long ago, but now a 50GB game is nothing unusual.
True, but you’re limited in many, many ways before the SSD. Downloading the game? Network bottleneck. Playing the game? GPU/CPU bottleneck. (Not to mention, if a game is attempting to access multiple gigs of stored data every second, there’s likely something wrong with that game.)
Installing the game, absolutely. But you only do that once, and I doubt you’re installing a 500GB game daily.
I’m not really sure what some modern games are doing (compression and deltas?), but they can be extremely read/write heavy after the download finishes.
It’s almost like they’re decompressing a 20 GB file, then applying deltas against an 80 GB file by pattern matching or something obscene.
Chrome has it down pretty well, but I feel like the game studios just said “to hell with it, everyone has a high-end rig anyway.”
An 80gb game played in 16gb ram is always going to have work to do.
Yes, the initial install of the game is storage intensive. But again, that happens only once. I doubt you’re doing that very often.
deleted by creator
Actually, that’s fair. I forgot some updates are just terrible.
I work with data wiping, and old drives needed to re-write multiple times (https://en.wikipedia.org/wiki/Data_erasure#Standards). That lowers the hard drive life/health, while SSD just needs to reset the encryption key.
… Then you would disable auto adoption of newly connected drives into bitlocker, would you not?
This is like complaining that the login screen pops up every time for a machine that doesn’t need security. Just change the setting instead of complaining about a niche use case.
The majority of users won’t notice a slowdown of even 50% on an SSD. It won’t effect game performance, your network will bottleneck before your SSD in any internet download, most users don’t interact with extremely large sets of data which is needed asap on the regular.
You’re essentially only going to have a problem, in daily use for the average user, in (un)packing large sets of data, or moving large sets of data between drives. Things most people don’t do regularly.
So a slight alteration to my question, how exactly does this negatively affect most users in daily usage.
Okay xD go ahead… but encrypting the encrypted makes no sense.
SSDs, unless you buy a specifically encryption supported drive, are not encrypted. If it doesn’t indicate SED, SED non-FIPS or a FIPS certification level, the drive doesn’t have an encryption circuit.
So good they can still use a Linux distribution with LUKS.
I don’t think you understood my comment. I said nothing about adding more encryption, in fact I said the opposite.
But is what Microsoft is doing here. Most SSD already has hardware level encryption… is what I said on the first comment…
No, they don’t.
Sure, but 20-40% slower? That points to something being poorly optimised.
Yes, that’s what happens when there’s no hardware acceleration and it fails back to software.
They should still be using the CPU’s built-in AES hardware acceleration, yes? It seems they have good reason not to trust the SSD to handle the encryption but that doesn’t mean it has to be entirely implemented in software. CPU-accelerated AES shouldn’t be that much slower.
This is the same as all other solutions.