I’ve been messing with and testing the Guardian Edge full hard disk encryption solution for the past few months. Basically, you install the encryption client and it encrypts your entire hard drive by reading the data and applying an encryption algorithm. Furthermore, after you have finished the initial encryption of your drive, the encryption program will continue to run in the background and continue to encrypt any new data be written to your drive. Applying the encryption algorithm, whether you are encrypting or decrypting, requires CPU power. Once the CPU is done processing, the data can then be read or written to the drive.
As you can see, we’re relying heavily on the CPU to complete its operations before the data can be read or written to the disk. Everything you open or launch must be unencrypted on the fly, even the master boot record! But exactly what kind of a performance impact should you expect from this? Here are two sets of benchmarks taken using two different machines, before and after encryption.
Dell Inspiron 13
Core 2 Duo T5750 @ 2GHz
250GB 5400RPM hard drive
Windows XP SP3
Dell Optiplex 745
E6400 @ 2.13GHz
80GB 7200RPM hard drive
Windows XP SP3
You can clearly see the performance difference in encrypted vs unencrypted drives. Encryption uses lots of CPU power, which is clearly evident in the before and after read tests. For the laptop, there was a 35% performance decrease going from an unencrypted to an encrypted drive. For the desktop, the performance drop was an even more staggering 45% drop in an unencrypted vs encrypted drive.
Keep in mind that these benchmarks do not reflect real world usage. From what I have experienced, most normal users won’t notice the performance decrease. They’re just flipping through web pages, opening documents, etc. However, power users and enthusiasts will probably notice the degradation when performing hard drive intensive operations, multitasking, or gaming.
So, is there a way to encrypt your files without the performance impact? Yes! I recommend that you give TrueCrypt a shot. While TrueCrypt has the ability to encrypt your entire hard drive, you can also choose to encrypt only what you want instead. The only downside is that you must know what you want to encrypt, and you must do it manually whereas a full hard disk encryption solution will encrypt every file on your system in real-time, but with the performance impact as seen in the benchmarks.