This project has moved. For the latest updates, please go here.

AES+Twofish+Serpent too slow for system drive?

Topics: Users Discussion
Feb 7 at 12:06 PM
Edited Feb 7 at 12:08 PM
Hi.
I would like to encrypt my system drives.
One is a 525GB SSD (Crucial MX300) with Windows 10 Pro and the other one a 250GB SSD (Crucial BX100) also with Windows 10 Pro.

The 525GB is in an old Desktop PC from 2010 (Core i7 860) with 16GB RAM.
The 250GB is used in a Intel NUC6i3SYH also with 16GB RAM.

I am asking myself now what kind of encryption I should choose.
When encrypting my USB HDDs I usually choose AES+Twofish+Serpent with a PIM.
Would such an encryption also work on my system SSDs or would the system be too slowly then?
Or would there be no difference in speed between just AES and AES+Twofish+Serpent?
Maybe only the process after typing in the password would take longer?
Feb 7 at 3:17 PM
VeraCrypt has benchmark tools in the application that you can run to get an estimate of throughput on your system.
Feb 7 at 3:37 PM
Edited Feb 7 at 4:48 PM
I tried the benchmark test on my NUC.
AES: 1.6 GB/s (mean)
AES(Twofish(Serpent)): 127MB/s (mean)

So, AES only is over 12x faster. But does it mean my system would be 12x slower with AES(Twofish(Serpent))? Or is it insignificant for normal use (no gaming etc).
Feb 7 at 8:52 PM
first of all, the speed of AES being so much faster than when mixed with other ciphers is coming most probably from your hardware acceleration. The speed of your whole system doesnt depend on the disk read/write speed only, so it wont be 12x faster.
Feb 8 at 7:47 AM
Edited Feb 8 at 1:41 PM
So, in other words, I can only test it out?
But what if a combination of the three is too slow and I want to try only AES afterwards? Is it possible to change the encryption methods without re-installing the whole system?
Feb 8 at 2:30 PM
Edited Feb 8 at 2:31 PM
To change encryption algorithms, you have to decrypt and then re-encrypt with the different encryption algorithm(s).

Your bootup delay timeframe after you enter your VeraCrypt password will be determined by the hash algorithm which is part of the benchmarks in VeraCrypt and the PIM value.
Feb 8 at 2:49 PM
So just boot up the system, type in my encryption password? Then under windows I start VeraCrypt and repeat the process of encrypting the whole disk?
There will not be a problem, because the system is encrypted already?
Feb 8 at 3:51 PM
Enigma2Illusion wrote:
To change encryption algorithms, you have to decrypt and then re-encrypt with the different encryption algorithm(s).
Feb 8 at 4:27 PM
Well, after I type in the password the system is decrypted already, right? And then I can simply repeat the encryption process?
Or am I wrong here?
Feb 8 at 5:20 PM
I recommend you spend time reading the documentation to get a clearer understanding of how VeraCrypt works. The encrypted volume is always encrypted. You mount the volume to gain access to the encrypted data. The documentation explains this process in more detail.

You can install VeraCrypt and create a small test file container to get a better understanding of how to use the product before attempting to use the more advanced features of system encryption.

Be advised that VeraCrypt has incompatibilities with certain PC manufactures for EFI system encryption. ASUS, Dell and HP are three I have seen threads about. There may be others brands.

https://sourceforge.net/p/veracrypt/discussion/technical/thread/5b859040/

Always make backups of your data to prevent loss of data due to hardware failure, software issues and user error.
Feb 8 at 7:53 PM
So you probably mean, I have to use the Permanently Decrypt option.
I hope it will work. Of course I always have backups of important data. I just don't want to re-install the whole system.
I hope I don't have to do that.
Feb 8 at 8:49 PM
Edited Feb 8 at 8:50 PM
Yes, use the Permanently Decrypt System Partition/Drive option in the VeraCrypt application.

If you plan to use the Rescue Disk from 1.19 version instead of the Permanently Decrypt System Partition/Drive option, upgrade to 1.20 Beta to avoid bug that prevents completely decrypting the system encryption when using the Rescue Disk.

After you upgrade, create new Rescue Disk.

https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/
Feb 8 at 11:49 PM
Thanx for your help!
You brought up another topic (update) where I have a question.
But I should open a new thread for that.
Feb 9 at 1:57 AM
Does this post answer your upgrade questions?

https://veracrypt.codeplex.com/discussions/660949#post1491821
Feb 11 at 4:15 PM
Thanx for the link.
Is updating to 1.20 Beta 2 only necessary when using UEFI?
I use Windows 10, but in Legacy mode. Then there will be no issue with the Rescue Disk, right?
Feb 12 at 2:15 PM
Deckard2019 wrote:
Thanx for the link.
Is updating to 1.20 Beta 2 only necessary when using UEFI?
Yes. Even using Legacy mode, I would recommend 1.20 Beta 2 since the release is stable with no reported issues.

Deckard2019 wrote:
I use Windows 10, but in Legacy mode. Then there will be no issue with the Rescue Disk, right?
No reported problems on the forums.