BitLocker on new SSD drive?


  1. Posts : 742
    Win10
       #1

    BitLocker on new SSD drive?


    I just got myself a new SSD internal drive I have NOT added any data yet to the SSD, and it is already FULLY encrypted with BitLocker using the Software-based encryption mode. I heard that when using SSDs, data should be added AFTER when the encryption completes because SSDs are more prone to leak data?

    By the way, yes, I am aware that SSDs are capable of being encrypted in Hardware-based mode, but using it as Software-based encrypted mode there is no performance impact on my laptop. Runs just fine.
      My Computer


  2. Posts : 27,484
    Windows 10 Pro x64 Version 21H1
       #2

    Not sure I would call it a leak, more the way it was designed.

    With usage leveling of cells, data written to cell and then marked deleted might not actually be used again for sometime. This would leave that data un-encrypted with the potential for recovery.

    Same problem when you decide to format an SSD. There is no guarantee because of load leveling that every cell will be actioned. Lots of vendors recommend a secure erase and some write ups say if that is not implemented well cells still escape erasure.

    So by enabling encryption before usage ALL cells are encrypted.
      My Computer


  3. Posts : 8,633
    Mac OS Catalina
       #3

    SSD's do not leak data. Just remember that if you have to reinstall Windows, you are locked out of the encrypted drive, if you forget the key or decrypt the drive first.
    Last edited by bro67; 27 Oct 2018 at 15:20.
      My Computer


  4. Posts : 5,478
    2004
       #4

    bro67 said:
    Just remember that if you have to reinstall Windows, you are locked out of the encrypted drive.
    Why are you repeatedly posting these incorrect statements? I find it slightly bizarre.

    You can of course reinstall Windows and open an encryped drive if you have the key saved or written down.
      My Computer


  5. Posts : 742
    Win10
    Thread Starter
       #5

    By reinstalling Windows, ALL drives and partitions are WIPED including the encryption keys to unlock the OS drive. So it will not matter whether you have the recovery keys or not. You can always generate new keys after installing the OS and enabling encryption again.

    So, back to the topic here, once my SSD is encrypted with BitLocker using Software-based encryption as usual, is it fine to add my data now onto my system?

    Also, the reasons why I am sticking to using Software-based BitLocker encryption, is the factors below:

    1. Some SSD drives are not FIPS compliant.
    2. Does not use the XTS AES algorithm
    3. Requires a HDD or Hard disk password on boot up which would make it inconvenient.
    4. Cost. If one gets a new system, they may need to buy another SSD drive that would require the above compliances to be met...In other words, a new system may not have its current SSD drive not capable of even doing encryption in the first place, or may have weaker encryption standards

    As far as performance using BitLocker as Software-based, I don't see any performance hits at all. Of course, it also depends are powerful the system is as well.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 00:09.
Find Us




Windows 10 Forums