click to visit home page
leading the way to the new storage frontier .....
storage security articles and news
SSD security ..
click here to see our notebook SSDs page
notebook SSDs ..
Fast Purge flash SSDs directory & articles
Fast Purge SSDs ..
Disk Sanitizers
disk sanitizers ..
click here to see our directory of data recovery articles and companies
data recovery ..
image shows Megabyte reading a scroll - the top 50 SSD articles and recommended SSD blogs
SSD articles & blogs ..

notebook SSD encryption

by Zsolt Kerekes, editor

a reader asked me some good questions - re notebook SSD encryption
In June 2010 - a reader asked some good questions about notebook SSD encryption. Did it impact performance and endurance? Had I already written about this in an article he had missed?

Editor:- On the contrary. My comments about encryption are scattered to the winds. So I'm going to use the opportunity of your question to fix that.

The performance hit of SSD encryption depends how and where it's done.

Ideally if encryption is done by the SSD controller there can be zero performance impact on writes.

Examples include selected models from:- Samsung, SandForce and WD Solid State Storage.

That's because there's already a lot of stuff going on with data integrity management, dynamic wear leveling and garbage collection. Encryption can be regarded as just one more algorithm which is relatively simple compared to the other internal housekeeping activities. Until the erase write takes place - there's a lot of address look ups and logical to physical translations. That's why encryption can be a minimal performance or endurance overhead in a well designed SSD. But - as we know - most SSD designers today are new to this market and still learning their trade.

The only downside of internally encrypted SSDs (apart from cost) is that if the mapping tables get trashed (due to a physical fault) it is virtually impossible to do a data recovery. But then again - the type of people who use encrypted notebook drives - probably do adequate backups too.

On the other hand - if encryption is done by the OS - the performance result will vary according to the internal design. It will range from minimal to severe - depending on how well the internal controller manages write attenuation (and recognizes consecutive writes to small address spaces). Another performance factor will come from the size of the RAM cache. (Depends too on the vintage of the controller.) Despite that - some skinny SSDs (zero RAM cache) have good write attenuation - so don't need RAM to deal with small consecutive writes to the same space. As a rule of thumb - the lower the write IOPS of the SSD - the more likely it is that OS driven encryption will negatively impact performance.

It's essential in my view to have encryption in a notebook because they are easy to lose.

Differences between internally encrypted flash SSDs and internally encrypted flash storage sticks

My general comments above relate to SSDs.

USB flash sticks with internal encryption, on the other hand, can have appalling write performance. They're different to SSDs insofar as a true SSD needs to have a good controller (fast embedded microprocessor and ASIC) whereas in a "flash storage" device there is zero wear leveling and so nearly all the cost of the encryption processor simply goes into making the device more expensive.

Designers of USB flash sticks work in a very price competitive market. That means the encryption processor will be as cheap and slow as possible - because it's not part of the spec that users look at closely. Also encrypted USB flash sticks are primarily used as backups. The user isn't expected to sit and wait for the operation to complete - which means product marketers can argue a case for saying performance doesn't matter so much.
Related articles or directories here on

Fast Purge flash SSDs - relying on encryption alone isn't good enough for many military SSD applications

Overviewing the Notebook SSD Market - This is a troubled and complex segment of the SSD market - which has earned a deservedly bad reputation.

What's the best / cheapest PC SSD? - a simple question. Not so simple answers.

storage search banner

"It's data recovery you have to worry about - in encrypted notebook SSDs - rather than performance."
Data Recovery for flash SSDs?
SSD ad - click for more info
In April 2009 - Samsung misleadingly claimed that it was the the 1st company to offer SSDs with hardware-based encryption.
At the time I reminded readers that this was far from being a new idea.

BiTMICRO started offering real-time full-speed encryption as an option in its 2.5" flashSSDs in 2002. That was 7 years earlier! And there were plenty of precedents in the consumer market too.

See also:- SSD history
how does SSD encryption impact SSD data recovery?
Editor:- October 7, 2010 - SandForce today announced availability of its next generation SF-2000 family SSD processors - for oems designing SAS 3 class (6Gbps) enterprise acceleration SSDs.

The SF-2000 supports 500MB/s sequential R/W, 60,000 sustained random IOPS, wire speed encryption, end to end data integrity checks and industrial temperature operation in a skinny flash SSD architecture.

Also new in this controller generation is support for sector sizes additional to 512-bytes e.g., 520, 524, 528, 4K, etc., with Data Integrity Field (DIF) for true enterprise-class SAS drive behavior and performance.

Editor's comments:- one simple way of looking at the SF-2000 would be as an incremental x2 version of what SandForce has done before - which also demonstrates that the glass ceiling for their architecture is much higher than some people might have thought.

In a briefing yesterday I asked about the data recoverability of the SSDs based on the new controllers - while acknowledging that the market it was aimed at - the datacenter- does adequate backups so DR shouldn't be necessary.

Kent Smith, Director of Product Marketing, SandForce told me that in this family of SSD controllers - the company would be moving even closer towards what already exists in military SSDs - and offering the option of having on board data sanitization.

The data in SF-2000 driven SSDs is double encrypted (encrypted on the way in from the SATA controller and then encrypted again as it is written to the flash array. The company's view is that it would be impossible for a DR company to reconstruct data from the flash chips in the SSD without having access to the SSD oem's unique key generation technology. (The oem has the ability to do this as a one time programmable function.) Without that data - even SandForce would be unable to read the contents of the SSD.
click here to see our directory of data recovery articles and companies These technologies are designed to make customer data secure. It would be possible for SSD oems to select DR partners to whom they entrusted their own keys - but that's a business decision for the SSD maker. Proliferation of such data is likely to be restricted - because otherwise it defeats the security of the product.
1.0" SSDs 1.8" SSDs 2.5" SSDs 3.5" SSDs rackmount SSDs PCIe SSDs SATA SSDs
SSDs all flash SSDs hybrid drives flash memory RAM SSDs SAS SSDs Fibre-Channel SSDs is published by ACSL