• blkpws@lemmy.ml
      link
      fedilink
      arrow-up
      54
      arrow-down
      2
      ·
      edit-2
      1 year ago

      While many SSDs come with hardware-based encryption, which does all the processing directly on the drive, Windows 11 Pro force-enables the software version of BitLocker during installation, without providing a clear way to opt out.

      Said by AutoTL;DR

      As TWeaK replied to you, 20-40% is too much to say it is viable for daily usage. Most of SSD already has good encryption methods and an easy way to safely wipe data without re-writing each byte. That’s efficiency.

      • flying_monkies@kbin.social
        link
        fedilink
        arrow-up
        13
        arrow-down
        4
        ·
        1 year ago

        Most of SSD already has good encryption methods

        Unless you purchase a SED-non FIPS or FIPS SSD, no, they don’t

        and an easy way to safely wipe data without re-writing each byte.

        ATA Secure Erase is a god send for SSD.

        • blkpws@lemmy.ml
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          Win 11 comes pre-installed with newer computers, which normally has the latest SED mechanism available. Isn’t it? I don’t see the need to overthink how to encrypt data if there is a method that doesn’t slower your disk usage already.

      • MonkderZweite@feddit.ch
        link
        fedilink
        arrow-up
        6
        ·
        edit-2
        1 year ago

        Btw, hw-based encryption is always a compromise betwen security, speed and cost. And holes in the blackbox firmware can only be fixed with updates, as long as supported and if the vendor is willing to.

      • KairuByte@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        6
        arrow-down
        32
        ·
        1 year ago

        You’re routinely reading and writing multi gig files in daily life? O.o Do you work with video editing or something?

        • takeda@lemmy.world
          link
          fedilink
          arrow-up
          25
          arrow-down
          1
          ·
          1 year ago

          I would see myself saying that not long ago, but now a 50GB game is nothing unusual.

          • KairuByte@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            6
            arrow-down
            11
            ·
            1 year ago

            True, but you’re limited in many, many ways before the SSD. Downloading the game? Network bottleneck. Playing the game? GPU/CPU bottleneck. (Not to mention, if a game is attempting to access multiple gigs of stored data every second, there’s likely something wrong with that game.)

            Installing the game, absolutely. But you only do that once, and I doubt you’re installing a 500GB game daily.

          • KairuByte@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            1
            arrow-down
            8
            ·
            edit-2
            1 year ago

            … Then you would disable auto adoption of newly connected drives into bitlocker, would you not?

            This is like complaining that the login screen pops up every time for a machine that doesn’t need security. Just change the setting instead of complaining about a niche use case.

            The majority of users won’t notice a slowdown of even 50% on an SSD. It won’t effect game performance, your network will bottleneck before your SSD in any internet download, most users don’t interact with extremely large sets of data which is needed asap on the regular.

            You’re essentially only going to have a problem, in daily use for the average user, in (un)packing large sets of data, or moving large sets of data between drives. Things most people don’t do regularly.

            So a slight alteration to my question, how exactly does this negatively affect most users in daily usage.

            • blkpws@lemmy.ml
              link
              fedilink
              arrow-up
              6
              arrow-down
              1
              ·
              1 year ago

              Okay xD go ahead… but encrypting the encrypted makes no sense.

              • flying_monkies@kbin.social
                link
                fedilink
                arrow-up
                3
                ·
                1 year ago

                SSDs, unless you buy a specifically encryption supported drive, are not encrypted. If it doesn’t indicate SED, SED non-FIPS or a FIPS certification level, the drive doesn’t have an encryption circuit.

                • blkpws@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  3
                  arrow-down
                  2
                  ·
                  1 year ago

                  I said nothing about adding more encryption, in fact I said the opposite.

                  But is what Microsoft is doing here. Most SSD already has hardware level encryption… is what I said on the first comment…

    • TWeaK@lemm.ee
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      3
      ·
      1 year ago

      Sure, but 20-40% slower? That points to something being poorly optimised.

      • SheeEttin@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        3
        ·
        1 year ago

        Yes, that’s what happens when there’s no hardware acceleration and it fails back to software.

        • nybble41@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          They should still be using the CPU’s built-in AES hardware acceleration, yes? It seems they have good reason not to trust the SSD to handle the encryption but that doesn’t mean it has to be entirely implemented in software. CPU-accelerated AES shouldn’t be that much slower.