BitLocker on new SSD drive?

win10freak · 25 Oct 2018

I just got myself a new SSD internal drive I have NOT added any data yet to the SSD, and it is already FULLY encrypted with BitLocker using the Software-based encryption mode. I heard that when using SSDs, data should be added AFTER when the encryption completes because SSDs are more prone to leak data?

By the way, yes, I am aware that SSDs are capable of being encrypted in Hardware-based mode, but using it as Software-based encrypted mode there is no performance impact on my laptop. Runs just fine.

Caledon Ken · 27 Oct 2018

Not sure I would call it a leak, more the way it was designed.

With usage leveling of cells, data written to cell and then marked deleted might not actually be used again for sometime. This would leave that data un-encrypted with the potential for recovery.

Same problem when you decide to format an SSD. There is no guarantee because of load leveling that every cell will be actioned. Lots of vendors recommend a secure erase and some write ups say if that is not implemented well cells still escape erasure.

So by enabling encryption before usage ALL cells are encrypted.

bro67 · 27 Oct 2018

SSD's do not leak data. Just remember that if you have to reinstall Windows, you are locked out of the encrypted drive, if you forget the key or decrypt the drive first.

lx07 · 27 Oct 2018

bro67 said:

Just remember that if you have to reinstall Windows, you are locked out of the encrypted drive.

Why are you repeatedly posting these incorrect statements? I find it slightly bizarre.

You can of course reinstall Windows and open an encryped drive if you have the key saved or written down.

win10freak · 28 Oct 2018

By reinstalling Windows, ALL drives and partitions are WIPED including the encryption keys to unlock the OS drive. So it will not matter whether you have the recovery keys or not. You can always generate new keys after installing the OS and enabling encryption again.

So, back to the topic here, once my SSD is encrypted with BitLocker using Software-based encryption as usual, is it fine to add my data now onto my system?

Also, the reasons why I am sticking to using Software-based BitLocker encryption, is the factors below:

1. Some SSD drives are not FIPS compliant.
2. Does not use the XTS AES algorithm
3. Requires a HDD or Hard disk password on boot up which would make it inconvenient.
4. Cost. If one gets a new system, they may need to buy another SSD drive that would require the above compliances to be met...In other words, a new system may not have its current SSD drive not capable of even doing encryption in the first place, or may have weaker encryption standards

As far as performance using BitLocker as Software-based, I don't see any performance hits at all. Of course, it also depends are powerful the system is as well.