Encryption and SSDs

[caLLous]

I just ordered my first every SSD, the 256gb OCZ Octane, and I want it to be my boot drive. I have read lots about using tools like Truecrypt with SSDs and that you really can't do full disk encryption because it will appear that the disk is 100% full and it will mess up wear levelling or something (tbh there are lots of terms to do with SSDs that I don't know anything about). So everybody says don't encrypt the whole disk with TC.

What about partitioning, say, 40GB for a Windows install and encrypting that and leaving the rest as another, unencrypted partition for Program Files? Would 40GB be enough or too much? Assuming that Program Files and Documents would be elsewhere. Anyone done this on an SSD?

Thanks.

 

[Bahumat]

Why encrypt? Are you working for mi6?

 

[caLLous]

Shhhh!

And it just gives me a warm fuzzy feeling. Some of the newer OCZ drives (the Octane and Vertex 3 afaik) are supposed to use AES encryption but it seems entirely pointless, as there's no password or key to unlock so as long as the controller isn't physically separated from the NAND chips, the data may as well not be encrypted as it can be accessed by just plugging the drive into a computer. :\

 

[Kryten]

I think you need to read a bit more into that, I'm fairly sure it's not the case.

However don't partition off any less than 60gb for OS - even then you'll struggle to keep your OS under that even with profiles page files etc by the time you've installed the first 5 useful programs that all refuse to install anywhere but C: / install gubbins where the fuck they like anyway.

 

[caLLous]

Yeah I thought 40gb might be a bit optimistic.

I was basing my otf AES comments on this thread on the OCZ forums.

Yes, the data is encrypted when it is written to the Nand. If the controller or the Nand were to be removed, you couldn't read the data.

Yes, if you keep the drive whole then you can read it on other computers, because that controller knows the key. I do not recommend putting a password on your drive at this time.

Tbh it didn't sound like they had their most knowledgeable employee on the case but I don't know how else to interpret his responses (especially that one ^). Sounds like it's still a very early implementation but still, what's the point if your data isn't actually protected by the encryption? :s

 

[Kryten]

Indeed. Only other suggestion I have is using the SSD for speedy things and keeping the data you want kept safe on an encrypted HDD.

 

[Killswitch]

Indeed. Only other suggestion I have is using the SSD for speedy things and keeping the data you want kept safe on an encrypted HDD.

I was thinking that. I can't think of many situations where I'm accessing my plans of 10 Downing Street, my bomb-making guides or my records of payments for assassinations and I've thought to myself "boy, I wish this PDF would open quicker!". It seems more sensible to put your important, encrypted stuff on a dedicated HDD and just build some slack into your Jihad timeline to account for the increased rotational latency and access time...

(please note that I am NOT a terrorist and my encrypted drives contain nothing except my collection of writings on the life of Jesus Christ and my reviews of UFC events)