Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Does Whole-disk Encryption Impact Computer Performance?

//
Does whole-disk encryption only affect performance while the computer is starting or does it have constant effect on the computer’s overall performance?

Neither and both, actually.

Encryption in general, and whole-disk encryption specifically, has come a long way since it was first introduced many years ago. One of the most striking changes is its impact on performance.

I’ll put it this way: I wouldn’t let performance concerns hold you back from using whole-disk encryption.

Become a Patron of Ask Leo! and go ad-free!

“Whole disk” is all about the disk

Whole-disk encryption kicks in when things are written to or read from the disk. That means the apparent performance of your disk when encryption is at play is gauged by two things: the speed of the disk itself and the speed of your CPU.

Both have been getting significantly faster over time.

Whole Disk EncryptionWhile not directly impacting encryption, the speed of hard disks — both SSD and HDD — is impressive. In general, speed is the first thing we think of when it comes to read/write performance, whether your data is encrypted or not. You’re more likely to notice the impact of a slower drive than you are to notice whether the data is being encrypted.

CPU speeds, as well as the number of CPUs available on a PC, directly impacts the performance impact of encryption. Encryption can be a (very) complex mathematical calculation. As complex as it may be, though, today’s CPUs are more than capable of handling the work without breaking a digital sweat.

In comparison to the amount of time required to get the data on and off the disk — which is the same whether it’s encrypted or not — the additional time it takes to encrypt or decrypt that data is amazingly small.

Encryption is all about disk activity

There’s no specific time when whole-disk encryption has more or less impact. It’s simply something that happens as your computer reads and writes data to and from the encrypted disk.

Startup tends to be particularly disk intensive, as the operating system and all your startup applications and data are read from (or written to) the disk. But this is the same with or without encryption.

I also can’t say that it has “constant” effect on your performance, because it’s only about disk operations, nothing else. If your computer is idling, there can be no impact, as there’s no disk activity and no encryption being performed.

Whole-disk encryption: more important than speed

Performance is not a reason to avoid modern whole-disk encryption offered by Windows’ own BitLocker or tools like VeraCrypt.  Performance impact is minimal if it’s even noticeable at all.

More important is your ability to access the data when something goes wrong. That means:

  • Back up the key. Make absolutely certain your encryption key is backed up. Microsoft makes this easy if you’re using BitLocker, a Microsoft account, and OneDrive — it offers to back up the information for you. Regardless, take the extra time to export the key1 and save it in a safe place. If for any reason you lose the ability to log in to your machine, your encrypted data is lost forever without the ability to recover that key2.
  • Remember the password. If you use a password- or passphrase-based encryption tool like VeraCrypt, don’t lose the password. There’s no back door. Without the password, your data is inaccessible. Keep it in a safe place, such as your encrypted password vault (even if only to be able to remind yourself, or copy/paste when needed) or some other secure location.
  • Keep backups safe. I strongly recommend backing up your encrypted drive in unencrypted form. Most backup programs do this automatically, as the encryption is just as transparent to them as it is to any other software running on your machine. That means you need to make sure that the backups themselves are stored securely since they’re unencrypted.

If your data is sensitive, or your computer is easily lost or stolen, the benefits of whole-disk encryption are worth considering for the privacy and security of your data.

Podcast audio

Play

Video Narration

Footnotes

1: Article forthcoming; but to start, right-click on the drive in Windows File Explorer and then click on Manage BitLocker.

2: Kinda the point of the encryption in the first place: someone unable to log in to your machine, and not in possession of the recovery key, shouldn’t be able to view your data.

9 comments on “Does Whole-disk Encryption Impact Computer Performance?”

  1. “1: Article forthcoming; but to start, right-click on the drive in Windows File Explorer and then click on Manage BitLocker”
    bit locker is also in the control panel. is there a reason you chose this method to access it?

    • Either way will work. Right-clicking in File Explorer might be a bot faster way of accessing it, but otherwise, both methods ring you to the same place.

  2. I once used encryption on some sensitive files (taxes, wills, etc) on a portable drive as well as the main computer. Then I got a new computer, cloned everything on to it and much to my dismay I found out the hard way that I could no longer access those files, even with the proper keys. Because the hardware changed the files were locked on both the computer and portable drives. I got lucky and found an old drive that still had the files on them. Never again!

  3. I travel a bit. If my encrypted computer is lost or stolen, could a clever hacker access the hard drive by removing it from my computer and installing it in another, or would the bios or other hardware issues still prevent access?

    • If the drive is encrypted, a hacker wouldn’t be able to access anything on it. All they would be able to do is reformat and install a fresh version of Windows as long as you are using strong encryption.

  4. There have been very precise reports of big performance drops on SSDs, when using Vera Crypt whole disk encryption. This seems to be contingent on the model used. Individual users have reported it, and Vera Crypt has recognized the issue. Any take on that ?

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.