Windows 11 Pro's encryption can slow down SSDs by nearly 50%

Shawn Knight

Shawn Knight

Posts: 15,296   +192
Staff member
In brief: Windows 11 Pro ships with a security feature that could severely hamper your solid-state drive's performance. Fortunately, it is easy enough to turn off but some might not even know it is enabled by default.

BitLocker encryption in Windows 11 Pro is designed to safeguard data and ensure it is only accessible by authorized individuals, but it comes with a steep performance penalty. To find out how much of an impact it could have, Tom's Hardware recently conducted tests under three scenarios: unencrypted (no BitLocker), software-enabled BitLocker (the Windows 11 Pro default), and hardware-based BitLocker.

The crew used a 4 TB Samsung 990 Pro SSD running Windows 11 Pro (22H2, with all patches installed) paired with an Intel Core i9-12900K and 32 GB of DDR4 RAM for testing.

In PCMark 10's storage benchmark, the software-enabled BitLocker configuration resulted in a 20 percent slowdown over the hardware variant and no encryption. A similar slowdown was observed in Crystal Disk Mark's random read test, and in the random write test, Tom's saw a massive 45 percent performance hit. In DiskBench's 50 GB copy transfer test, the software-enabled BitLocker setup was 11 percent slower.

The good news is that the hardware-based setup performed in line with not having any encryption running at all. If you insist on having encryption, that would certainly be the way to go.

The full slate of test results can be found over on Tom's Hardware for those that want to learn more. They also outline how to tell if you have encryption running and how to disable it if you do. In short, if you are running Windows 10 Pro, it probably isn't enabled; if you are on Windows 11 Home, it won't be enabled; if you have Windows 11 Pro, check because it probably is enabled.

It's also worth noting that your mileage will vary depending on what drive and CPU you are running. A chip that's significantly less powerful than the Intel Core i9-12900K Tom's Hardware used could perform even worse.

Permalink to story.

https://www.techspot.com/news/100569-windows-11-pro-encryption-can-slow-down-ssds.html

 
A bit off the topic . Just want to share something - Tiny 11 on unsupported devices not always works , despite using the workaround - setup /product server . The old laptop hung and the troubleshooting took me a whole day .
 
On my home computer, I don't care about encryption. On my work computer, BitLocker is not setup. Probably our IT department would not allow it except in special cases.
 
Alfonso Maruccia said:
I thought Windows 10 was c***, but in the end I managed to tame it. But Windows 11, man, it scares the hell out of me...
Click to expand...
Never a better time to make the jump man. Linxu is waiting for you. Windows 11 at this point is a barely contained mess of spaghetti code and half baked attempts.
wiyosaya said:
On my home computer, I don't care about encryption. On my work computer, BitLocker is not setup. Probably our IT department would not allow it except in special cases.
Click to expand...
Bitlocker can cause huge headaches for support. Especially if you have staff that cant figure out how to back up things.
polord said:
Gladly I use win 11 home…
Click to expand...
I like foxes said:
I m using Windows Home so I m immunized
Click to expand...
That doesnt matter, if the number of "home" machines that have enabled bitlocker randomly is any indication. 11 home is known to randomly enable bitlocker with no password.
 
  • Like
Reactions: PanGrns
Alfonso Maruccia said:
I thought Windows 10 was c***, but in the end I managed to tame it. But Windows 11, man, it scares the hell out of me...
Click to expand...
If I understood the article on Tom's Hardware correctly, Windows 10 Bitlocker would have the same problem (that is, if it is setup to use software encryption instead of hardware encryption). In order for hardware encryption to be turned on, the SSD must support it, and there also has to be a TPM. So a lot of Windows 10 devices would use software based encryption.

Still, it is strange that Windows 11 would not make it easy to switch from software to hardware based decryption. Worse case one would think you would decrypt/re-encrypt the drive, but the Tom's Hardware article suggests a full re-install of Windows is required.
 
Theinsanegamer said:
Never a better time to make the jump man. Linxu is waiting for you. Windows 11 at this point is a barely contained mess of spaghetti code and half baked attempts.
Bitlocker can cause huge headaches for support. Especially if you have staff that cant figure out how to back up things.

That doesnt matter, if the number of "home" machines that have enabled bitlocker randomly is any indication. 11 home is known to randomly enable bitlocker with no password.
Click to expand...
Home versions don't support Bitlocker.
 
  • Like
Reactions: Greggs
human7 said:
If I understood the article on Tom's Hardware correctly, Windows 10 Bitlocker would have the same problem (that is, if it is setup to use software encryption instead of hardware encryption). In order for hardware encryption to be turned on, the SSD must support it, and there also has to be a TPM. So a lot of Windows 10 devices would use software based encryption.

Still, it is strange that Windows 11 would not make it easy to switch from software to hardware based decryption. Worse case one would think you would decrypt/re-encrypt the drive, but the Tom's Hardware article suggests a full re-install of Windows is required.
Click to expand...
Microsoft, however, states that there is more pre-startup system integrity verification with hardware encryption. Hence a full reinstall.
 
  • Like
Reactions: human7
It's not enabled by default sadly. More than the average user is not going to notice the impact on performance and also w11 is memory hungry for this reason (main one). Two years ago I pushed a GPO for encrypting every employee computer and there was cero complain about it, although we all run system with nvme
 
I turned on BitLocker last year and noticed no difference in daily use or gaming. I'm not shocked someone found a way to manufacture a big difference via a synthetic test, but I think Tom's is doing their readers a big disservice if they're letting them conclude their daily use will be slowed down by 50%, which is BS. (Just like I'd say to any reviewer who uses synthetics to let readers think a new SSD model is going to make a huge positive difference to their daily use, which is also BS.)

Meanwhile, if your laptop is ever lost or stolen, you may breathe a lot easier knowing that whoever took it didn't also get access to all your accounts, documents, keys, etc. etc.
 
Do not confuse synthetic benchmarks with real world tests. Maybe a game that is CPU heavy like MS flight simulator? was TPM enabled on the CPU? But saying "Nearly 50%" is a much better clickbait title than "Drive encryption causes a performance hit. but with 19k IOPS left would you even notice?"
 
  • Like
Reactions: brucek
So they discovered that software encryption is slow, what unexpected news... /s

What's next? Software raid arrays are slow too? /S
 
  • Like
Reactions: Greggs
Theinsanegamer said:
My own repair business.

Oh and these:

https://answers.microsoft.com/en-us...s-update/8b6d3e71-1a48-4d25-83d5-0cb2db7cc649

https://learn.microsoft.com/en-us/a...cker-bug-from-win10-home-feature-update-locke

https://www.dell.com/community/en/c...-my-fixed-data-drive/647fa199f4ccf8a8de6e1584

https://www.elevenforum.com/t/windows-11-encrypted-my-drive-automatically.1244/

Enjoy the reads! MS sucks, and Home can enable bitlocker on its own!
Click to expand...
I was hoping to discover a reason for how it gets on a Windows Home machine MS says it doesn't support. Forum posts aren't the greatest. Not enough technical details in what I've seen anyway.

The forum posts weren't completely useless:

Automatic Windows Device Encryption or BitLocker on Dell Computers

Dell computers are not encrypted at the factory but follow the recommendation from Microsoft to support automatic device encryption.
----
I looked at your links and others and still can't find a definitive answer to how Bitlocker made its way onto a Windows Home machine. I might try again later.
 
It appears for that Windows 11 Home, Microsoft makes a new and confusing distinction between "device encryption" and "BitLocker". I think the actual core function of encrypting the data written onto the drive is the same for both names. The difference is that the "BitLocker feature", available only on Pro, contains more (or all?) management and setup options. Device Encryption is apparently automatically enabled on Home editions if all the conditions are met, although I don't know what all those conditions are or when they are checked.

I realize this is hardly any less confusing than the information presented so far but I couldn't find a good official explanation either. I think maybe Microsoft intentionally wants to perpetuate the illusion that BitLocker is a pro exclusive to sell more pro licenses, while actually enabling the core protection for more home users too at least on pre-made devices.
 
You must log in or register to reply here.

Similar threads

TS Dealmaster
  • Locked
This deal gets you Windows 11 Pro for $29
Replies
0
Views
696
TS Dealmaster
TS Dealmaster
TS Dealmaster
  • Locked
Get a Microsoft Office lifetime license for $29, no subscription required
Replies
0
Views
904
TS Dealmaster
TS Dealmaster
midian182
Windows 10 sees resurgence in Steam survey, English is no longer the top language
Replies
8
Views
354
ZedRM
ZedRM

Latest posts

Back