I consider to buy an ssd for my laptop (something like Samsung 830 or 840) to make the system more responsive. I want my system (at least my home partition) to be encrypted. However I know about rumors that there may be problems with encryption on ssd's and although that statements about this change very fast with time. Especially I don't want to have a big performance drop (as said above, I want the ssd to make the system significantly more responsive) and I don't want to shorten the lifetime of my ssd.
Having this in mind, what is the best way to encrypt the system on an ssd?
You can assume that the ssd will be a samsung 830, 840 or 840 pro if this matters.
Edit
My CPU is a pretty old Core2 Duo P8700 with 2,53 GHz without AES-NI and I have only SATA II. So I want to add the question: Does it make sense at all to upgrade say to a Samsung 830 and use dm-crypt/luks or ecryptfs? Or does the CPU and SATA port slow down the SSD too much? I don't want to win any benchmark contest, just want to have an clear improvement in my system responsiveness.
I am not sure if the following is a good indicator about how fast the system will be, so it would be great if someone could comment it:
Currently I am using ecryptfs to encrypt my home partition.
An
LC_ALL=C dd if=/dev/zero of=tempfile bs=1M count=1024 conv=fdatasync,notrunc on my encrypted home partition gives:
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 56.4674 s, 19.0 MB/s
and the CPU is working between 40 and 60%.
The same on an unencrypted partition gives
LC_ALL=C dd if=/dev/zero of=tempfile bs=1M count=1024 conv=fdatasync,notrunc
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 29.6554 s, 36.2 MB/s
and the CPU is working between 0 and 20%.
My /tmp folder is mounted via tempfs i.e. it lies in RAM. Doing the same in /tmp gives:
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 0.941708 s, 1.1 GB/s
Then I created a new ecryptfs directory below /tmp and did it there again.
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 10.1884 s, 105 MB/s
and one core working at 100% the other at 20%.
The creation of the ecryptfs dir was as follows:
sudo mount -t ecryptfs /tmp/encrypted/ /tmp/decrypted
As options I choosed the default ones (ubuntu-system): AES, 16 bit, no plaintext passthrough, no filename encryption.
Considering this result I would expect that the writing rate will increase from 19.0 MB/s to 105 MB/s when replacing my old WD-scorpion black 7200 with a Samsung 830 SSD and using ecryptfs. Which seems to be a clear performance improvement. I guess that dm-crypt will even be a bit faster.
Any suggestions to make more reliable tests which will predict if the SSD will bring a clear performance boost.
Edit 2
Here is a similar test in a German debian wiki using dm-crypt:
http://wiki.debianforum.de/Benchmark_f%C3%BCr_Festplattenverschl%C3%BCsselung
I did that and got ~95 MB/s.
Best Answer
The SSDs you mention, Samsung 830, 840 or 840 Pro, have encryption hardware. I believe that you should use it for best performance. Be aware that there are many articles criticising early versions of most consumer-based encrypting drives firmware. Security Boulevard has another article titled: "SSD Encryption from Crucial and Samsung is not secure Exposes Data". There are ways to avoid some of those problems, see my other answer on Crypto.SE.
The hardware is something you're paid for, since enabling encryption invites no penalty compared to software encryption it makes to use it or buy a lower priced SSD.
You can enable encryption and set new passwords using a bootable USB drive with the necessary software on it. An example is offered on Puget Systems webpage: "Introduction to Self-Encrypting Drives (SED)" which offers a bootable DVD image including hdparm, another program that you can use is sedutil which is available for Linux and Windows. See also VxLabs article: "Use the hardware-based full disk encryption of your TCG Opal SSD with msed and the update linked at the bottom of the article. This article specifically mentions the Samsung 840 Pro and hdparm.
You can improve your security by using software encryption in addition to the hardware encryption on your drives, this is useful because hardware encrypted drives are only secure when powered off. An unlocked hardware encrypted drive in a powered system (such as a laptop in sleep mode) isn't secured.
Since you are using "a pretty old Core2 Duo P8700 at 2.53 GHz, without AES-NI" you should consider software other than AES 256.
Google's latest algorithm is Adiantum is being added to the Linux kernel v5.0 and Android common kernels v4.9 and up. Where hardware support for AES exists, AES is faster than Adiantum. For low end processors Adiantum (fast hash (NH + Poly1305) and a fast stream cipher (XChaCha12)) on an ARM Cortex-A7 processor is over five times faster than AES-256-XTS. There is a reference implementation on GitHub and paper titled: "Adiantum: length-preserving encryption for entry-level processors". Note: Adiantum is not as secure as AES, but AES is quite slow on low end processors; unusably so.
Check out the various webpages about the Caesar (Competition for Authenticated Encryption: Security, Applicability, and Robustness) entries, some are faster than AES and purported to offer security improvements over AES:
Mr. Julius Caesar: Round 3
Cryptographic competitions: Caesar and Submissions (hint: COLM won for robustness, Morus for speed).
Benchmarking Caesar entrants on FPGAs
You might be interested in the GitHub webpage: "MORUS-1280-256 Authenticated Cipher".