[dba-SQLServer] True Crypt whole disk encryption

jwcolby jwcolby at colbyconsulting.com
Mon Oct 3 05:32:54 CDT 2011


 > I read in the docs that it does not / cannot slow the machine down even by less than 1%.  They 
actually said it as a 0% performance hit.

The truth is that the impact depends directly on the horsepower of the processor.  On a low end 
Celeron it would be largish.  On a single core AMD or Intel it would be barely noticeable and on 
anything more powerful, including multi-cores it is negligible.

 > Do you know how / why that is ?

The impact is "fixed" in that it has to run each sector read through decryption.  The algorithms are 
not particularly compute intensive and in fact there are apparently instructions on newer processors 
dedicated to encryption.

John W. Colby
Colby Consulting

On 10/3/2011 5:37 AM, Mark Breen wrote:
> Hi John,
>
> I used True Crypt last year for an External Disk and it seemed to work well.
>
> I read in the docs that it does not / cannot slow the machine down even by
> less than 1%.  They actually said it as a 0% performance hit.
>
> Do you know how / why that is ?
> thanks
> Mark
>
>
> On 1 October 2011 21:13, jwcolby<jwcolby at colbyconsulting.com>  wrote:
>
>> The last iteration with my laptop I used Windows Bit locker to perform a
>> whole disk encryption. This time I am using Windows 7 Home Premium which
>> does not include Bit locker.  I had just about decided to use True Crypt
>> anyway because with Bil Locker I was unable to mount the old hard disk on
>> another computer to pull the old contents off onto the new disk.
>>
>> So when I installed Windows 7 I broke the disk into three partitions, a 6
>> gig for the swap file, 100 gig for the OS/programs and 400 gig for data.  I
>> then started Truecrypt and told it to go to work encrypting the whole thing
>> and went to bed.  In the morning... the computer had decided to sleep during
>> the night (lazy thing!) and so it was only 25% finished.
>>
>> It took most of the day to finish encrypting the entire disk (all
>> partitions) and so here I am.
>>
>> Having done that I decided to hang the truecrypt encrypted disk on another
>> computer, put the old disk back in and push the disk contents out to the
>> other disk.
>>
>> The other disk would not finish loading Windows with the truecrypt
>> encrypted disk on it!  It would start to load Windows (2008 server) and then
>> apparently it ran into the true crypt disk and couldn't handle it.  It just
>> hung, never finished loading windows.
>>
>> In the end I told the bitlocker software to unencrypt the old disk, then
>> hung that on another machine and put the truecrypt disk back in the laptop,
>> and pulled everything into the new disk. Well not everything but you know
>> what I mean.  At least I can do that with the unencrypted disk drive.
>>
>> Things never work the way I envision them working.
>>
>> Truecrypt is not significantly slowing down the new disk.  I do have to
>> enter the password at the point where the bios tries to load windows, then
>> off it goes.  Not good for auto reboot after software updates...
>>
>> --
>> John W. Colby
>> Colby Consulting
>> ______________________________**_________________
>> dba-SQLServer mailing list
>> dba-SQLServer@**databaseadvisors.com<dba-SQLServer at databaseadvisors.com>
>> http://databaseadvisors.com/**mailman/listinfo/dba-sqlserver<http://databaseadvisors.com/mailman/listinfo/dba-sqlserver>
>> http://www.databaseadvisors.**com<http://www.databaseadvisors.com>
>>
>>
> _______________________________________________
> dba-SQLServer mailing list
> dba-SQLServer at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
> http://www.databaseadvisors.com
>
>



More information about the dba-SQLServer mailing list