After slapping an Intel X25-M solid state drive in my MacBook Pro I received a few inquiries from readers asking if it was safe to use PGP Whole Disk Encryption with SSDs being known for having limited lifespans. I reviewed PGP WDE for OS X two months ago and fell in love with it; utter simplicity, trusted security and it doesn’t affect system performance. However, a common misconception is that there is a lot of encryption happening in the background that puts undue stress on the hard drive, and as such, would be risky to employ on a solid state drive.
I contacted PGP about this concern and here’s what Jon Callas (Cofounder, CTO, and CSO of the PGP Corporation) had to say:
The short answer is that it doesn’t have an effect on life. Encrypting the disk is going to do a sweep across the disk reading and writing all the blocks. The disk is rated for many reads and writes. This is just one. After the disk is encrypted, it works just like it did, except that the data is encrypted before it is written. For any block B of data, the write is of E(B). That’s it.
The longer answer is that while the short answer is true, there are some more issues that no one can give you a definitive answer on, because there is none.
All flash systems have wear leveling in them. Wear leveling operates below the main drive and makes sure that repeated writes to a “physical” block are actually spread out across the flash.
Wear leveling systems are not only proprietary, but constantly changing. The same core flash system from different providers will have different wear leveling systems, and a single manufacturer is constantly updating their own wear-leveling systems. (A similar thing goes on in rotating media, where different revisions of firmware on a spindle might have a completely different encoding system.)
We could also debate about whether or not the wear leveling would leave plaintext in some nook or cranny. My answer is probably not — since the WDE process is doing a sweep across the drive, it has to hit every sector. But of course, there are extra sectors for bad block replacement as well. We quickly get into the area where there’s no possible definitive statement.
However, if one is really paranoid, it should be obvious that it is better to encrypt the disk *before* you put sensitive data on it, because that will always be protected. So, for example, if you got a brand new MacBook Air, encrypt the thing before you migrate.
I attended a talk this year on flash systems, and learned a lot about the internals of flash disks, but that was months ago. The bottom line is that because the encrypt is one sweep across the disk, it’s minimal in effect.
Let me add one more thing that you likely didn’t know: once you start running WDE, you will actually *improve* the life of your SSD boot drive. The reason for this is “safesleep.” Safesleep is what the modern Macs use for sleeping.
There are really two types of sleeping, “suspending” and “hibernating.” In suspend, the machine is running and powered, but in a low-activity state. In hibernate, the contents of memory is written out to disk and then the running system is restored from there.
Safesleep does both. It both writes all of memory out to disk (in /var/vm/sleepimage), and then suspends the system. If you pop the battery (for example), it will restart from the sleepimage.
When you set up WDE, we disable the hibernation. There are a number of reasons for that. One is that actually, based on the way we do the EFI Boot, Apple disables the hibernation, not us. But if they didn’t, we would. Hibernate images are dangerous things because they contain all of memory, including crypto keys. (I find it amusing to worry about coldboot attacks, myself. Hibernation is much more dangerous. I leave the effect of sleepimage on the FileVault as an exercise for you to think about.) We do not yet have a good way to safely do hibernation. What I mean by safe includes both making sure the system boots correctly and without errors, and making sure that the sleepimage is properly encrypted. We hope to have a solution soon, we just don’t have one now.
Nonetheless, if you’re using an SSD, it’s writing all of memory out every time you close the lid on your laptop. With WDE, you are not. Therefore there’s less wear on your disk. (By the way, there are other ways to disable hibernation — I once saw a control panel to do it. I don’t meant to imply that this is the only way, just that if you install WDE and do nothing else, you will lower the wear on your SSD.)
Jon touched on how OS X systems with PGP WDE do not use hibernation anymore, something I wrote about last December as a way of quickly sleeping your MacBook. If you’re not in using that already, I highly suggest it:
I just installed PGP Whole Disk Encryption on my X25-M and imported my previously created encryption keyring files. The encryption process took a bit longer than an hour, compared to the 2-3 hours it took on my MacBook Air.
Thanks for the reply Jon!
Have you begun encrypting personal files since my WDE review?
Tweet This
Stumble This
{ 12 comments… read them below or add one }
Remember to remove the hibernation file, though, like here: http://www.tomschlenkhoff.com/2008/06/macbook-pro-crashing-fix-sleep-issues-and-get-2gb-for-free/
More from author
i’ve strongly considered encrypting my personal documents since your WDE review but given my situation, the only use it would serve was if my macbook was stolen. I don’t store much personal information on my hard drive, in the form of text documents, but of course, there is the information stored in keychain and cookies.
Hi Paul
I installed WDE yesterday after reading your review, and must say, that I am most pleased. The software and pre boot works perfectly. I have purchased the entire suite, and really likes the way PGP implements e-mail encryption with automatic public key look up on the addresses I address e-mail to. A sweet piece of software, that comes with a price tag, but worth every dollar in my opinion. Thanks you for a great review of PGP WDE and a great blog.
I am seriously considering it but will be at work soon and not willing to pay to have it on their machine and my machines will always be at home.
I am also waiting to see you review PGP email :P
Oh and I may wait for snow leopard before I move onto PGP
More from author
i’ll try that too…
More from author
In case you’re on ZFS, a status update for ZFS Crypto: http://blogs.sun.com/darren/entry/zfs_crypto_update
This comment was originally posted on Hacker News
More from author
The wear leveling could cause more writes if you are encrypting the SSD and you are using different size blocks for encryption and for wear leveling. For example, if the encryption blocks are 4MB and the wear leveling is 2MB, you would always be writing to two blocks, where you would only write to one block otherwise in some cases. Like Jon said though, the wear leveling schemes are mostly proprietary, so there is sometimes no way to know what size blocks the internals of the drive are using.
Saying there is no detrimental effect would be wrong in my opinion. At best there is no detrimental effect, but no gain. At worst, you could be decreasing the life of your drive by at least half.
I think you should ask the manufacturers the same question and see what they say. They would know better since they know what algorithms they are using for their wear leveling.
-woz
The original article said that it doesn’t affect performance?
On my Intel X-25M running Quick Bench before and after encryption I see the following numbers that do suggest there’s a big overhead introduced when the drive is run thru WDE
Random reads which were previously 233 MB / sec are now 28 MB / sec.
QuickBench(TM) 4.0 Test Results
©2000-2007 Intech Software Corp.
Test file created on Wednesday, December 24, 2008 at 10:04:15 AM
Test Volume Name: Macintosh SSD
Test Volume Type: MacOS Extended
Test Volume Size: 74.210 Gigabytes
Test Volume Free Space: 24.735 Gigabytes
Allow Disk Cache Effects: Disabled
All reads and writes performed sychronously
Standard Test Results
(Cycles: 1)
Seq. Read Seq. Write Ran. Read Ran. Write
4 KB 31.585 20.208 9.353 27.323
8 KB 58.744 45.162 20.763 27.078
16 KB 92.027 60.741 36.307 54.145
32 KB 112.122 29.952 63.771 19.485
64 KB 136.029 61.689 101.707 51.064
128 KB 169.068 67.01 140.681 44.506
256 KB 208.844 26.506 186.3 33.99
512 KB 229.571 57.076 214.202 49.319
1024 KB 243.366 51.743 233.922 42.058
Standard Ave 142.373 46.676 111.89 38.774
Standard Test Results
(Cycles: 1)
Seq. Read Seq. Write Ran. Read Ran. Write
4 KB 18.242 11.874 11.602 11.584
8 KB 23.325 20.067 14.99 8.954
16 KB 25.948 24.82 21.583 19.924
32 KB 28.316 26.754 24.557 15.061
64 KB 28.626 25.994 26.767 22.005
128 KB 29.789 21.122 28.318 12.667
256 KB 28.556 23.153 28.637 18.969
512 KB 30.612 23.109 28.664 18.175
1024 KB 30.517 23.287 28.507 18.57
Standard Ave 27.103 22.242 23.736 16.212
I actually updated that article last month. From the post:
More from author
Yes that’s what I’ve observed but the folks are PGP are, in my case, saying that the benchmarks aren’t accurately reporting the true numbers.
Hi,
I’ve been using PGP WDE on a regular HD for a few weeks now, and I’ve been pleasantly surprised by the performance—compared to FileVault, that is.
I’ve been wondering, though, how the performance hit on SSDs is compared to a regular disk with PGP WDE. In other words, is it worth it buying an SSD if one intends to use it with PGP WDE?
And if so, does that only apply to the X25 (being the cream of the crop) or to slower SSDs as well?
More from author
I remember the WDE overhead on the X-25M being significant in the past but it was all relative the speed of the drive. I expect the overhead to be even worse after the recent X-25M firmware update.