Introduction

Beginner's Tutorial

System Encryption

 Supported Systems

 Hidden Operating System

 Rescue Disk

Plausible Deniability

 Hidden Volume

  Protection of Hidden Vol.

  Security Requirements

 Hidden Operating System

Parallelization

Pipelining

Hardware Acceleration

Encryption Algorithms

 AES

 Serpent

 Twofish

 Cascades

Hash Algorithms

 RIPEMD-160

 SHA-512

 Whirlpool

Technical Details

 Notation

 Encryption Scheme

 Modes of Operation

 Header Key Derivation

 Random Number Gen.

 Keyfiles

 Volume Format Spec.

 Standards Compliance

 Source Code

TrueCrypt Volume

 Creating New Volumes

 Favorite Volumes

 System Favorite Volumes

Main Program Window

 Program Menu

 Mounting Volumes

Supported Systems

Portable Mode

Keyfiles

Tokens & Smart Cards

Language Packs

Hot Keys

Security Model

Security Requirements

 Data Leaks

  Paging File

  Hibernation File

  Memory Dump Files

 Unencrypted Data in RAM

 Physical Security

 Malware

 Multi-User Environment

 Authenticity and Integrity

 New Passwords & Keyfiles

 Password/Keyfile Change

 Trim Operation

 Wear-Leveling

 Reallocated Sectors

 Defragmenting

 Journaling File Systems

 Volume Clones

 Additional Requirements

Command Line Usage

Backing Up Securely

Miscellaneous

 Use Without Admin Rights

 Sharing over Network

 Background Task

 Removable Medium Vol.

 TrueCrypt System Files

 Removing Encryption

 Uninstalling TrueCrypt

 Digital Signatures

Troubleshooting

Incompatibilities

Issues and Limitations

License

Future Development

Acknowledgements

Version History

References

   

Hardware Acceleration Search

Disclaimers





Please consider making a donation.

   Donate Now >> Donate   


Hardware Acceleration

Some processors (CPUs) support hardware-accelerated AES encryption,* which is typically 4-8 times faster than encryption performed by the purely software implementation on the same processors.

By default, TrueCrypt uses hardware-accelerated AES on computers that have a processor where the Intel AES-NI instructions are available. Specifically, TrueCrypt uses the AES-NI instructions that perform so-called AES rounds (i.e. the main portions of the AES algorithm).** TrueCrypt does not use any of the AES-NI instructions that perform key generation.

Note: By default, TrueCrypt uses hardware-accelerated AES also when an encrypted Windows system is booting or resuming from hibernation (provided that the processor supports the Intel AES-NI instructions).

To find out whether TrueCrypt can use hardware-accelerated AES on your computer, select Settings > Performance and check the field labeled 'Processor (CPU) in this computer supports hardware acceleration for AES'.

To find out whether a processor you want to purchase supports the Intel AES-NI instructions (also called "AES New Instructions"), which TrueCrypt uses for hardware-accelerated AES, please check the documentation for the processor or contact the vendor/manufacturer. Alternatively, peruse this official list of Intel processors that support the AES-NI instructions or use the official AMD website to find such AMD processors. However, note that some Intel processors, which the Intel website lists as AES-NI-supporting, actually support the AES-NI instructions only with a Processor Configuration update (for example, i7-2630/2635QM, i7-2670/2675QM, i5-2430/2435M, i5-2410/2415M). In such cases, you should contact the manufacturer of the motherboard/computer for a BIOS update that includes the latest Processor Configuration update for the processor.

If you want to disable hardware acceleration of AES (e.g. because you want TrueCrypt to use only a fully open-source implementation of AES), you can do so by selecting Settings > Performance and disabling the option 'Accelerate AES encryption/decryption by using the AES instructions of the processor'. Note that when this setting is changed, the operating system needs to be restarted to ensure that all TrueCrypt components internally perform the requested change of mode. Also note that when you create a TrueCrypt Rescue Disk, the state of this option is written to the Rescue Disk and used whenever you boot from it (affecting the pre-boot and initial boot phase). To create a new TrueCrypt Rescue Disk, select System > Create Rescue Disk.


Note: Support for hardware acceleration was introduced in TrueCrypt 7.0.



* In this chapter, the word 'encryption' also refers to decryption.
** Those instructions are AESENC, AESENCLAST, AESDEC, and AESDECLAST and they perform the following AES transformations: ShiftRows, SubBytes, MixColumns, InvShiftRows, InvSubBytes, InvMixColumns, and AddRoundKey (for more details about these transformations, see [3]).





 Ads by Google 




  See also: ParallelizationPipelining


Legal Notices www.truecrypt.org

 Ads by Google