Dec 15, 2015 at 1:25 PM
Edited Dec 15, 2015 at 1:28 PM
As it is presented by Symantec PGP in this thread
My propostion is to add additional option (like --fast Symantec PGP) in VeraCrypt that will allow user to choose not to encrypt blank sectors on the SSD drive. I know it will sacricife safety but better this than no encryption at all since the efficiency and
lifespan of an SSD with full encryption is falling drastically.
from Symantec forum:
"By default FDE encrypts an entire disk, even unused sectors. This improves security, since an attacker can't tell an empty drive from a full drive. However, this writes to every sector of an SSD and makes every future write a re-write - which are significantly
slower on SSDs.
To combat this, we introduced a command line option: --fast. If you encrypt using this option, it doesn't encrypt blank sectors. Due to security considerations, this is an advanced option only available on the command line.
If two drives are encrypted with --fast, it's easy to tell which has more data (and therefore which to attack). A fundamental premise of encryption is to obscure the value of the content, so a blank document and a document full of text should be indistinguishable
(see Wikipedia's entry on block cipher modes of operation for an interesting example of what happens when this goes awry). ."