Hacker News new | past | comments | ask | show | jobs | submit login
Windows 11 Pro's On-by-Default Encryption Slows SSDs Up to 45% (tomshardware.com)
87 points by belter on Oct 20, 2023 | hide | past | favorite | 119 comments



>While many SSDs come with hardware-based encryption, which does all the processing directly on the drive, Windows 11 Pro force-enables the software version of BitLocker during installation

IIRC thought the whole reason for this was because the Hardware-based encryption turned out to be so terrible on just about every drive that Microsoft just decided to not even bother using it.


> IIRC thought the whole reason for this was because the Hardware-based encryption turned out to be so terrible on just about every drive that Microsoft just decided to not even bother using it.

From 2018:

> The two [researchers] say that the SEDs they've analyzed, allowed users to set a password that decrypted their data, but also came with support for a so-called "master password" that was set by the SED vendor.

> Any attacker who read an SED's manual can use this master password to gain access to the user's encrypted password, effectively bypassing the user's custom password.

> The only way users would be safe was if they either changed the master password or if they 'd configure the SED's Master Password Capability setting to "Maximum," which effectively disables it.

* https://www.zdnet.com/article/flaws-in-self-encrypting-ssds-...


I looked into it after buying an expensive SSD that supported the Opal encryption standard.

Apparently several vendors were using fixed encryption keys and at least one vendor was using all zeros as the AES key!


I wouldn't use them. Is there any chance at all that those don't have an NSA backdoor? I think most hardware encryption just XOR's on the phrase "We're the government. It's for your own good."


The same chance as Windows encryption having a backdoor of course.


> The same chance as Windows encryption having a backdoor of course.

The NSA has loaded their firmware after the fact without the drives' OEMs cooperation:

* https://www.cbc.ca/news/science/nsa-hid-spying-software-in-h...


Windows encryption could at least theoretically be audited via decompilation, whatever firmware happens to be installed on your random hard drive? Not a chance.


> whatever firmware happens to be installed on your random hard drive? Not a chance.

Well, there's certainly a chance. Firmware is reverse-engineered all the time.


I think if a state entity is dead set on acquiring your data, they will do that once they have access to the chips.

This notion that your encryption- any encryption- is going to stop a state-funded actor from getting past to your data is just as ridiculous IMO as the people who stockpile AR-15's and cosplay soldiers on the weekends think they're a realistic threat to the same military that has predator drones.

If the government wants your data, they probably already have it, just like if they wanted you dead, you'd already be in the ground. Assuming there's enough left of you to bury anyway.


"State actor defeatist"-style arguments against taking any technical precautions often conflate two things that the government does: 1. Large scale mostly passive dragnet surveillance, 2. Individually targeted surveillance.

Reasonable people can admit that they can't do much about case 2, while still believing that applying countermeasures against 1 can be effective. Also note there is more than one government in the world that may intend to exploit your lack of privacy...

Just because you're given up on privacy and sovereignty doesn't mean you should go around infecting others with the same contagion.


True, but worrying that your hard disk encryption is vulnerable to the NSA is something that only makes sense if you're dealing with case 2, not case 1.


And yet, Afghanistan sent the US military packing.


If I’m encrypting my disk, the NSA is far at the bottom of people I want to be safe from. At least the NSA might make a reasonably well implemented backdoor.


My sympathies to you if you feel the NSA is the biggest threat you're facing. I just don't want somone who steals my laptop to be able to empty my bank account. That's why I always turn whole disk encryption on.


Well if I were trying to defend myself against the NSA I would be doing different things entirely… alas there is no threat model I’m concerned with that includes the NSA. For starters hard drive encryption would be the least of my worries.


Exactly this. If your threat profile includes the possibility of special governmental attention, then you're playing a much more serious game and need to be off the grid entirely.


The only way to keep your data safe if the NSA decides they want to have a look, is to not use modern technology.

Even if you have the type of resources that a big tech corporation like Google has, sooner or later the NSA will get a copy of your data.


The primary value of bitlocker is to defend against theft, not the NSA.


And if you use Windows the way Microsoft wants you to, all your data is already on OneDrive, Teams, SharePoint (which actually is the backend for the former too). Which the NSA can simply demand access to.


Is there any chance that Microsoft's disk encryption doesn't have an NSA backdoor?


Chances are that Microsoft disk encryption implementation is so bad, that an explicit NSA backdoor is not necessary.


If it does, there's zero chance that Microsoft know about it. When your company is worth $2,427,000,000,000 , you'd have to be insane to risk it all like that.


Trillion dollar US corporations are still under US law, which does include security requests and gag orders from secret services.


so you're saying there's a chance?


On-drive encryption serves to allow for secure erase which would otherwise require an entire write cycle and cannot be done at an OS level anyway due to wear leveling and reserved space.

It is not intended for providing privacy or security.


Secure erase works on assumption that encrypted data is indistinguishable from random noise AND that attacker cannot recover the encryption key. Insecure implementations of encryption will leave some way to recover/reverse engineer the key, which means they are useless for secure erase as well.


Is secure erase reliable? If so, how can you say the intent of the encryption isn't security?


It depends on your threat model. Just enabling BitLocker will defeat someone from plugging in a Linux live USB and resetting your Windows password. For corporate security ATA Secure Erase done by a vendor who accepts liability and gives them a "certificate of data destruction" may be enough to meet HIPAA, FERPA, SOX compliance requirements. Or they consider drives cheap enough that physically shredding them to ensure no mistakes is the better choice. At the national security level you pulverize the drives after zeroing them, likely in a windowless room inside a facility with armed guards.


As one who's actually had the pleasure of getting to use one of the classified drive destroyers, there aren't armed guards. Not sure if there's a requirement that it be done in a room with no windows, though.

My point was that Kenny's claim is that on-drive encryption allows for easier "erasure", presumably by deleting the keys needed to decrypt the data and leaving the drive in the same state.

If that process is good enough to ensure proper "erasure" of the data (effectively complete prevention of data access), then how is it not equally secure as an encryption schema?


Secure erase via sledgehammer is pretty reliable.


Combine this with the performance hit from continuous Windows Defender scanning and whatever spyware (e.g. Carbon Black) that IT installed, and you quickly get to an actively productivity-antagonistic performance situation on Windows.


I have a Surface Laptop 4. Watching YouTube full screen with almost nothing else running has the fan at high speed all throughout, and battery dead after 3h. I’m not even mad. It’s just sad.


Youtube defaults to VP8/VP9 encoded video that you most likely decode in software. Install h264ify chrome/firefox addon and it's likely going to get better.


All Intel CPUs since like 2016 have VP9 decode support; that's unlikely to be the culprit.


Do all these browsers use that though?


My employer switched to MsSense.exe (Windows Defender Advanced Threat Protection I think) which is even worse than CarbonBlack. Especially in terms of performance.


Defender eats server resources. Microsoft won't fix the bugs. Why would they, they can just sell you more CPU cores on your Azure VM's


A modern PC/laptop - one with Zen 4 or Intel 12-14 gen CPU with 8+ cores - has so much spare performance, that it works perfectly well with software encryption , defender scanning, memory isolation, security bugs mitigations, etc.

Don't know about enterprise IT software - haven't worked in/with big companies lately.


1. A good percentage of corp people do not have these specs.

2. The whole point of the comment was enterprise IT software, and I can confirm it severely impacts the performance of high-spec computers with stuff like 32GB mem and NVMe SSDs.


My work laptop is the lowest performance pc I've ever used, largely due to Windows defender and whatever interactions it has with other software.

Sure it streams videos and so on (so cpu performance is OK), but basic stuff like "opening a word doc" or "launching Explorer" takes 10s of seconds.

I'm back to waking up my pc and going to get a coffee for 15 minutes so it might be ready to use when I return.


Oh, god. Yeah. With government contracting, it gets just plain surreal, like everything else about working in Defense.

Not disk encryption, but my personal nightmare happened a decade ago, when MIS found out I had a data background, and they needed someone to resolve network latency issues, they told me 37k on what was supposedly gigabit ethernet. They pointed me at their security doohickey, the DMS, and a giant pile of pcap files. I had zero idea what I was doing, but I came back with 80% +++ infosec garbage, like, everywhere, even the packets on the factory floor and other dumb metal. I must have checked and rechecked a bazillion times - as mentioned, I really didn't know what any of this stuff was, and relied on text mining and Wikidata. After ganking the entire DMS into my magic widgets, found that there were seventeen network packet analyzer / security products all spooging into the network, all - if I can trust my gensim skills - reporting on each other, because ALL of them were implemented completely separately. Each one was some idiot program manager parroting instructions - forcing network changes - from the customer based on who knows how many deadend procurement officers. And judging from the contract documents, the sniffers were the tip of the iceberg: it was across the board for AV, encryption, email settings, you name it - you probably need to review all of that.

It was a mess, but the guy who brought me in - damn, he was a really nice guy, realized that I was a pay grade above janitor at the time, tried to make my life decent - that guy . . he looked actually sick, like, "I-need-a-toilet-right-now" sick. Above him, no one wanted to tell the level above, so we kept getting kicked upstairs until we ended up at E-level and they're calling the Overlords in the corporate office. In the end, nobody wanted to rock the boat, for fear of running afoul of some random procurement officer or other (who could of course become VPs any second, or any quarter they needed a quick sale). And so it remained. As far as I know, their security setup remains unchanged to this day.

Ah, that wasn't even the worst of that kind of thing to happen, but that's another story, in an area where I was actually semi-qualified . .


I regularly see systems with 3 different pieces of AV/EDR software running on corporate systems, all at the same time.

I may see multiple AV/EDR systems more than I see a system with just one, running.


Yeah, back in 2020-2021 I got a 16" i9 Macbook, objectively better than my own but the amount of software they loaded -we are still talking about MacOS- slowed things down too much. Corporate mandated stuff, compliance software, IT provisioning yadayada, mandatory update reminder app, something that fired an email warning whenever I connected a USB gadget, etc.


Also most of the macOS corporate software is really really poor quality. A lot of this are really poor Windows ports that don't use the Apple native installer, reinvent their own windows registry equivalent instead of just using defaults/ plists, often have UIs straight out of Windows. Terrible crap.

I managed macs for years and it was not fun. And I had no choice because all this software was mandated by the security team.


I even saw some stuff that was Wine emulated, go figure.


This take ignores that software evolves to be ever more bloated as well. With ever more hardware to throw at issues, software didn’t have enough evolutionary pressure to remain or become efficient. I argue that’s beginning to show.

Look at what our software actually does and the actual resources used in doing so. Compare that to the theoretical minimum required. That ratio has been growing steadily. In the 80s, when your systems were simple and things were Assembly or C, not much efficiency was lost. Nowadays, enormous efficiency is wasted on telemetry, security measures (AV, Spectre etc. mitigations), programming in the name of being cross platform (Electron, …), indirection (APIs calling APIS ad infinitum), …


I think about this every time I use a computer. I think it's genuinely shameful how we waste most of the amazing computing power even the least expensive of modern machines have.


There is undoubtedly a lot of power in recent machines, but I think a lot of these processes are single core and serial: e.g. performance penalty from CPU security mitigations -> performance penalty to decrypt files off disk -> performance penalty to virus scan every file as it is read


Sure, if you don't care about battery life at all.


Or bandwidth.


This is not really a CPU issue, it's a disk issue. For a lot of workflows, windows already has inferior I/O performance compared to Linux even with AV disabled, so more on by default security features is not exactly helpful for developers.


We're talking about latency, mostly. This is about single-thread performance in many cases.


I guess mileage varies but I'm using Windows 11 Pro and running `manage-bde -status` tells me none of my drives are encrypted. And I don't remember being offered to when installing it.


"Is your Windows 11 PC encrypted? The answer is surprisingly complex" - https://www.pcworld.com/article/624593/is-your-windows-11-pc...


It's absurd that this web site is advocating for people to disable bitlocker.

Also there is no source for the 45% figure.


The sources are their own tests described further down in the article. It mostly describes slowdowns of between 0–20%, but does say:

> But the critical aspect is that software BitLocker dropped random write performance by 45% compared to hardware BitLocker.

I don't think consumers are engaging in a lot of sustained random writes. On the other hand, it might be a reason to avoid software encryption on a database server with a lot of writes.


> I don't think consumers are engaging in a lot of sustained random writes.

Let me introduce you to Windows update. It is both random and sustained permanently.


Windows Update must be such an energy hog, if you consider it across all users globally. I wonder how many MWh it consumes per year?


Ha, good point. Definitely wasn't thinking of OS updates.

Though if those are (hopefully) applied overnight, speed doesn't really matter.



Yikes, so sorry. I'm on a Mac, and while they certainly have their own share of problems, at least it's not that specific one.


TIL that second tuesday every month is random.


They show graphs of their tests with PCMark 10 Storage and Crystal Disk Mark. Using Crystal Disk Mark to test random 4k writes and they are massively slower when using software bitlocker.


I'll do what I like on my own computer, thank you very much.


No one said you can't. And no one said people can't debate the issue.


FDE is overrated, most leaks are not "someone stole my laptop" but "user clicked malicious links" ad other stupid stuff like that.

And it is also entirely useless for good amount of data volume-wise on machine.

I never need video game files to be encrypted for example. It's entirely waste of power and CPU time to do it.


If someone breaks into my car and steals my laptop I can sleep better with bitlocker on. Has nothing to do with the clicking links or not.


Better maybe, but you'll never sleep well if you leave your laptop in your car. In fact, none of us can park in peace because people leave laptops in vehicles.


Correction: none of us can park in peace because the state does not punish those who break into cars to steal laptops severely enough.

It’s a political problem not a technical one.


Only if you shutdown. Otherwise tpm is still in memory and everything is unlocked. Going off how many people compliance have to chase to restart for updates, a lot of people think sleep is fine


Your average thief has no idea how to get into a system which asleep but screen-locked. FDE means your machine gets wiped and resold, or sold for parts...but your data on the system remains private.


Why is your laptop in your car without you?


FDE is not overrated and should have a 0% impact on performance if your CPU has AES instructions.

Modern CPUs can do AES faster than your SSD, sometimes faster than an NVME can read/write


AES-NI is not 100% offloading. It only offloads the heaviest parts.

The penalty is not huge especially compared to fully software implementations but it's not zero. And it takes memory bandwidth too.

I don't use FDE on my gaming system for this reason. It's a big heavy PC that never leaves my house with not really any personal data anyway.


That's not how you asses performance at all. Maybe you can saturate the NVMe link with AES in idea circumstances, but you may be killing memory mapping and churning I$.

To say anything interesting about performance on these modern machines, you would have to benchmark some real workload.


5 year old CPUs (Intel i7-6700, for example) do 2.6GB/s.

https://calomel.org/aesni_ssl_performance.html

First gen Ryzen (similar age) does 8.2GB/s, which is faster than PCIe 4 NVMe drives.

https://www.vortez.net/articles_pages/amd_ryzen_7_1800x_revi...

Somewhat recent intel i7-12700H does 14.8GB/s, which is about the limit of PCIe 5 NVMe drives.

https://www.notebookcheck.net/Intel-Core-i7-12700H-Processor...

Edit: here's a list of AES speeds via truecrypt. top of the charts is the Ryzen 9 7950X at 32GB/s.

https://www.notebookcheck.net/Benchmarks-and-Test-Results.14...


Speaking of which, software that doesn’t use the AES-NI instructions is becoming glaringly obvious because the performance difference is so huge.

In the era of mechanical drives and 2 Mbps “broadband” nobody would notice. Now with SSDs and gigabit home internet, people do notice but vendors are still pretending they can just ignore the need to offload encryption.

VPN products and IPsec especially is almost always a disaster in my experience.

When evaluating any kind of network security product like a virtual WAN appliance, tunnel, or whatever, check the throughput. If it can get tens of gigabits for a single stream then it is using some sort of offload. If it seems to hit the wall at around 1.5 Gbps per core, do not buy.


How much does this affect other processes happening at the same time? If I'm playing an open world game that streams the environment off the ssd, how much is this going to contend with my cpu issuing draw calls, doing physics calculations, etc.


Thank you for looking up the most recent performance numbers. People have no idea how incredible they are and how "free" FDE has become.


AES instructions still fill CPU's time regardless of how fast they run

Doing 2.6GB/s in single thread means you have one core less to use...


I run FDE on all my machines, encryption and sector sizes are aligned, I can still do a 3000MB/s IO no problem. Doesn't affect anything I'm running, even databases like Postgres.


If an unencrypted laptop is lost or stolen you have to assume all the data on it is compromised, send breach notifications to affected customers, etc.


But this is just Windows 11 Pro, though, not Enterprise. I guarantee you gamers (who are probably a big contingent of people who buy Pro but not Enterprise) are going to be turning this off so fast.


I’m a gamer and have it on.


FDE's purpose isn't just to prevent you from pulling a disk out and imaging it to get all the data. It also makes it far quicker to do disk wipes. If someone yanks your laptop you can have the IT guy wipe it in a minute or two. Without FDE, whatever bossware is enforcing the device management would have to actually overwrite every sector of the disk, which can take hours and would be extremely noticeable to anyone extracting data off the machine.


Moreover, SSDs cannot be 100% erased, as not all capacity is user-addressable at any point in time.


Why would it need to wipe every sector of the disk? As ilyt stated, there's no need to encrypt game files. There's also no need to wipe them. Just the directories where important data resides.


FDE means you don't leak data to unencrypted parts of the file system. Temporary files and browser cache are areas sensitive information can be inadvertently left behind. With FDE you can check off the box "encrypted at rest" without having to qualify it with asking if the data is in the right folder or vault, if temp files are overwritten, etc.


Right. But technically "every sector of the disk" isn't necessarily what bossware needs to wipe if an unencrypted laptop is taken. Only eelements which allow access to crown jevels, relevant credentials, etc.

I'm an advocate for FDE across the board (literally all of my devices are on Windows 11 Pro, primarily so I at least have access to Bitlocker across the board), but it's disingenuous to claim that the only alternative to FDE when a device is taken would be to initiate a sector-by-sector wipe. He was responding to ilyt's comment about how only certain data is worth encrypting on pretty much every personal device (and we are talking about Win 11 Pro, not Enterprise).


It is simpler to encrypt all than to pick and choose which partition to store your files.


We're not talking about what's simpler. The conversation was clearly focused on efficiency.


Everything is unnecessary until you need it.

Why pay cops if I’m not being murdered or robbed?

Why keep nukes behind launch codes, nobody’s trying to launch them?

Why eat every day, I don’t start to die until like 3 days in…


You've got closer to a month or more with no food. Starving takes a long time, halfway starving even longer. Water is what takes three days.


Ah shit you’re right. I didn’t study biology because I didn’t need to operate on myself, so it was unnecessary.


> Why pay cops if I’m not being murdered or robbed?

Why pay cops, they're already being bribed by criminals (batman, punisher, etc cops anyway :D )

> Why keep nukes behind launch codes, nobody’s trying to launch them?

Because if you get rid of launch codes you'll decimate the Hollywood Political Thriller movie industry

> Why eat every day, I don’t start to die until like 3 days in…

Why do you hate farmers?

:D


It's not if you do any meaningful work on it.


LUKS doesn’t have this problem.

I’ve said it before and I’ll say it again, it’s a matter of time before Windows runs on the Linux kernel. It’ll just be this big monoculture like Chromium with browsers. There really isn’t any reason to duplicate all this effort in maintaining an OS. Might as well have the whole world pitch in on one strong project.


> If you are working with a desktop PC in your home and you feel really confident that nobody's going to have unauthorized physical access to the computer, you might want to do without encryption.

Do you also feel confident nobody will pick your drive up at the landfill where it's going to end up?


Agreed, that feels like horrible advice. Even encryption with a password of “hunter2” is worthwhile in that it would stop untargeted access.

Crackhead burgling my home is significantly higher risk than the NSA trying to grab my data. If the NSA wants it, my cute 32 character random password is probably insufficient to stop them.


Yea, I'm not sure about the US, but a few friends have had their stolen phones immediately used to contact everyone on whatsapp asking for money, sim swapped and tried access for all possible 2FAs on socials, banking, whatever they can get a hold of within the same day. For something so easy to set up as FDE on a computer, or a SIM pin in addition to the phone's passcode (to prevent them from accessing the mobile network, which I forever dismissed but after seeing how they operate I started adding the pin as well), it's a no brainer really.


This is the first I have ever heard of a SIM pin. Which seems like a no brainier to configure, so definitely going to do that this weekend.


Yeah, back then I thought in the lines of "well whatever if they call people with it, what are they gonna get? Minutes off my plan?" But that was at a time when we didn't have so much tied to a phone number, or I could still opt out of it, which I did for years.


Doesnt it come by default on everywhere? Often with a weak 1234 code but nevertheless.


Working with a Desktop PC in your home isn't the same thing as throwing your obsolete drive in the trash.

There are precautions available to any user before they throw a drive away.


> Do you also feel confident nobody will pick your drive up at the landfill where it's going to end up?

I do, because it's not going to end up there. I still have possession of literally every hard drive I've ever owned.


I have never thrown away a drive.


Was it always like this with Windows and SW Bitlocker then? On the Mac, for more than 10 years Filevault FDE has been unnoticeable in terms of a performance hit. I remember that back then, before Macs had SSDs they also offered FV that only encrypted the user folder.


A coworker claims that his personal MacBook Air m1 without encryption is much faster to update MacOs than his work MacBook Pro m2 with encryption.


Your coworker is "full of it" for the following reasons:

- Storage is always encrypted on Apple Silicon Macs.[1]

- You can enable FileVault, but all FileVault does on Apple Silicon is add the user's password as an additional key[2]. There is not an additional performance hit with FileVault.

1. https://support.apple.com/guide/security/data-protection-ove...

2. https://support.apple.com/guide/security/volume-encryption-w...


Wow! So this explains why setting it up later down the road is almost instant on Macs with T2 or M1/M2? Because IIRC with <2016 macs there was a long wait if you already have been using that disk for a while.


Thanks, that's good to know.


I’d want to see real benchmarks to make sure that’s not due to a confound (e.g. updates used to be slowed by things like Homebrew having huge numbers of files in the /usr/local directory which were inefficiently moved & restored by the installer). Every time I’ve tested it the difference has been negligible.


You really should have whole-disk encryption on any laptop. You're crazy not to, unless you never do any banking, etc, on it.


Is this a new thing? I installed windows 11 fresh about a year ago and it did not force me (or to my memory, even offer) to use bitlocker during setup.


I spent a lot of time on my last install to get Hardware Encryption to work. While it has been disabled by Microsoft by Default I prefer to have it enabled as it covers my thread model.

The only thing that is hard to find these days is SSDs with 4K AND OPAL. The WD 850X has 4K clusters, but not OPAL.

The Samsung 980 Pro has 515B clusters, and OPAL. Not sure about the Samsung 990 Pro.


Wow ok this sounds significant, of course up to can mean a lot but even if it is 10/20% it's a lot.


I don't know what Windows 11 Pro version has bitlocker on by default, but none of the systems I have at home enabled it as a default setting. Whether upgrading from 10 or complete nuke the drive and install fresh, I haven't seen it be a default setting.


Must be using a strong algo if it's that slow


Should have just used zfs....




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: