Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Sandisk Extreme Pro SSD with Bitlocker encryption performance issue

25 Jan 2015   #1
bohemiansonic89

Windows 7 Ultimate x64
 
 
Sandisk Extreme Pro SSD with Bitlocker encryption performance issue

Hello,

first off, I hope I am posting this in the right sub-section. If not, I apologize (and feel free to move it to the relevant section).

My general query is to do with SSDs and Bitlocker encryption.

Description:
I recently upgraded my primary SSD (with boot and OS partitions) from an entry-level Kingston 120GB SSDNow V300 to a 240GB SanDisk Extreme PRO SSD, hoping that I would notice some improvement, if not in real-life usage then at least in benchmarks, despite my primary goal for this upgrade being the increase in disk space.

Issue:
The problem is that not only did I not see any improvement, but the results were worse than before.
The only difference between the two disks is that
  1. the first had Bitlocker AES-128 with diffuser, and
  2. the second has Bitlocker AES-256 with diffuser. Everything else in the build remains unchanged.

I understand that moving to AES-256 means taking a hit in performance, but I assumed that the better (and newer) SSD would compensate for this.

I read through all the relevant threads on this forum (like this one) as well as through other sites on the net. My understanding is that software encryption and SSDs (especially those with a controller that is designed for compression of data, like the SandForce on my original Kingston V300) do not go hand in hand.
However, my Sandisk SSD has a Marvell controller, which I take it does better with data that cannot be compressed (i.e. encrypted), so that should not be the issue.

Basically, I do not know what I am doing wrong. All I want is my PC to be encrypted while taking full advantage of having my system/boot drive be on an SSD instead of a HDD.
Do I change the encryption to 256 without diffuser, 128 with diffuser (Windows default) or other?



Following are benchmark results for comparison:

1) Kingston SSD with Bitlocker enabled, 128-bit with diffuser

Sandisk Extreme Pro SSD with Bitlocker encryption performance issue-ssd-bench-kingston-sv300s3-02.12.2014-19-56-28.png

2) Sandisk Extreme Pro SSD with Bitlocker DISABLED

Sandisk Extreme Pro SSD with Bitlocker encryption performance issue-ssd-bench-sandisk-sdssdxps-25.01.2015-00-30-21.png

3) Sandisk Extreme Pro SSD with Bitlocker ENABLED, 256-bit with diffuser

Sandisk Extreme Pro SSD with Bitlocker encryption performance issue-ssd-bench-sandisk-sdssdxps-25.01.2015-02-20-19.png

In addition, my motherboard only has SATA II, so that is why the resuls in 2) are lower than one might expect.

Thank you to anyone for pointing out what I am doing wrong or what I should do the fix the problem.




My System SpecsSystem Spec
.
26 Jan 2015   #2
logicearth

Windows 10 Pro (x64)
 
 

It is slower because the 256bit encryption requires more time on the CPU. The drive may perform faster, but the CPU/Motherboard is the same and it is your bottleneck, not the SSD.

To get better performance from bitlocker, you need to have an eDrive capable SSD.
My System SpecsSystem Spec
27 Jan 2015   #3
cluberti

Windows 10 Pro x64
 
 

If your drive is not an eDrive, then you've simply added more work to the CPU. Stick with 128bit + diffuser if you want performance similar to the previous drive - it would take so long to brute-force a 128bit encrypted drive that the additional protections of 256bit versus the performance hit really aren't worth it unless you're handling top secret data.
My System SpecsSystem Spec
.

01 Feb 2015   #4
bohemiansonic89

Windows 7 Ultimate x64
 
 

logicearth and cluberti; thank you both for the replies. I completely overlooked the CPU being the bottleneck.

So if I understand it correctly, my options are to either:
  1. Downgrade the encryption to something that burdens the CPU less than AES-256
    or
  2. Get an eDrive SSD (and everything else needed for hardware-based encryption, like Windows 8)

How about Upgrading the CPU as option 3?
If I want to stick with software-based encryption (for whatever reason), will an upgrade to an AES-NI compliant CPU help out with the issue?

I found a comparison of eDrive vs software encryption and while the software-based encryption takes a bigger performance hit (article mentions -29% for 4k random writes which is what I am experiencing), I still think it is strange to take a 57%/55% performance hit on sequential read/write. [Another performance comparison showing way better results than mine is here]

Also, since the CPU is the bottleneck, is there anything specific about upgrading the motherboard and RAM that one should take into consideration when bitlocker is in play?
My System SpecsSystem Spec
01 Feb 2015   #5
cluberti

Windows 10 Pro x64
 
 

It will help somewhat, but again - I reiterate that the insanely long time it would take someone to crack the 128bit AES encryption really nullifies using 256bit unless loss of data on that machine to someone who physically stole the drive would constitute a real emergency that you'd have a hard time handling. It will cost you some time to de-encrypt and re-encrypt at 128bit, but it is free otherwise. That would still be the recommendation.
My System SpecsSystem Spec
01 Feb 2015   #6
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

You must have special needs to go with encryption. For a desktop that is unusual. Normally one does that with small devices that are being hauled around - and lost at times.

Nevertheless, I would also think that your CPU is the bottleneck. That Phenom CPU is no speedster (PassMark score of 3700) and has pretty poor performance for the amount of electricity it consumes (95W or 125W). Muscular CPUs have a PassMark score around 10.000.

The SSD is OK although the scores are not earthshaking either - but the access time is good and that counts in the random access cases. But 4K writes are really not that much better than your old SSD.

I join the recommendation to go at least with 128 bit if you absolutely have to encrypt. After all this is the OS disk. I can understand if you encrypt a data disk/partition but for an OS disk that has limited value and locks you out also - e.g. you may not be able to recover from an image.

Question - how long does it take you to encrypt/decrypt the SSD.
My System SpecsSystem Spec
01 Feb 2015   #7
bohemiansonic89

Windows 7 Ultimate x64
 
 

I guess going back to AES128 until I upgrade the aging CPU+motherboard combination seems as the best option.

As far as I know, one of the reasons against having the OS drive decrypted is that it stores the encryption keys for all the other drives and I don't want to decrypt my drives manually at each start-up.

Sandisk Extreme Pro SSD with Bitlocker encryption performance issue-bl_notice.png

Quote   Quote: Originally Posted by whs View Post
Question - how long does it take you to encrypt/decrypt the SSD.
The Sandisk took me about a day to encrypt.


Again, thank you all for helping out. When I upgrade, I'll try to post some updated benchmarks for future reference.


My System SpecsSystem Spec
Reply

 Sandisk Extreme Pro SSD with Bitlocker encryption performance issue




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
BitLocker Drive Encryption - BitLocker To Go - Turn On or Off
How to Turn Windows 7 BitLocker To Go On or Off for Removable Drives BitLocker To Go is used to encrypt and password protect any removable external hard drives and USB flash drives. The drives must be formatted using either the exFAT, FAT16, FAT32, or NTFS file system and must be at least...
Tutorials
SanDisk unveils 512GB Extreme Pro card
SanDisk unveils 512GB Extreme Pro card: Digital Photography Review
News
SanDisk Extreme 240GB SSD Low Performance
I have AHCI enabled in BIOS, I installed windows AFTER enabling it I also checked the registry value and its enabled, however I still think its not performing at its best, its connected to a Sata III port so thats not an issue, AHCI is enabled, I don't know what else it could be, its rated at 550...
Hardware & Devices
Bitlocker Drive Encryption using USB
Hi, I have been having some issues when trying to turn Bitlocker on in C: I have followed the instructions as per this forum to enable a Startup key in gpedit.msc as I dont have TPM which worked. After following the instructions, Windows Bitlocker asked me to insert a USB to save the...
System Security
BitLocker Drive Encryption - Change Encryption Method and Cipher Strength
How to Change Windows 7 BitLocker Drive Encryption Method and Cipher Strength This will show you how to change the encryption algorithm and key cipher strength used by BitLocker to encrypt drives in Windows 7.BitLocker Drive Encryption supports 128-bit and 256-bit encryption keys. Longer...
Tutorials
BitLocker Drive Encryption
While using BitLocker Drive Encryption feature, i selected the settings for using the USB to store the security key. But, once I restarted my PC, BitLocker didn't recognized the USB and went into recovery mode. Can anyone suggest as to why the USB key was not taken into consideration?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:04.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App