Filevault 2 Benchmarks

Security is almost always a tradeoff with convenience. Filevault 2 is a dramatic improvement in security over the original Filevault, but amazingly is more convenient.

I did some low-accuracy tests to see if there were major differences in speed between my old unencrypted drive and the fully encrypted Filevault 2 drive. (Caveats: I did this with a manual stopwatch, did not do repeated trials, and did not test it on identical hard disks: the encrypted drive is a 320GB Hitachi and the unencrypted drive is a 500GB Toshiba)

Short answer: in regular use, there are no noticeable differences in speed between a fully encrypted disk and an unencrypted disk.

John Siracusa explains the improvements in speed:

All forms of whole disk encryption benefit from the current imbalance between CPU power and disk speed. In almost all circumstances, the CPU in your Mac spends most of its time twiddling its thumbs with nothing to do. This is especially true for operations that involve a lot of disk access.

Whole disk encryption takes advantage of this nearly omnipresent CPU cycle glut to sneak in the tiny chunks of work it requires to encrypt and decrypt data from the disk. Apple also leverages the special-purpose AES instructions and hardware on Intel’s newest CPUs, further reducing the CPU overhead. The end result is that regular users will be hard-pressed to notice any reduction in performance with encryption enabled.

The one test in which the encrypted drive substantially underperformed was boot time including time to load all my login items. My login items are gfxCardStatus, Shovebox, USB Overdrive, Caffeine, RescueTime, Cloud, Clyppan, Alfred, FastScripts, BetterTouchTool, Speech Synthesis Server, TotalFinder, and Dropbox. I don’t know enough about Filevault to say why the encrypted drive took substantially longer to load all of those, but if you’re a heavy startup item user that reboots frequently, weigh the time savings against the security benefit.

If you are a SSD user, the loss in performance will probably be much more noticeable in day-to-day usage. This is because SSDs outperform spinning disks by tens of times in random read tasks, which in turn places a heavier burden on your CPU to decrypt greater rates of data.

Additionally, laptop users might see worse battery life on an encrypted disk, simply because the CPU does have to exert a little bit more energy to decrypt.

There are many other important changes to Filevault which Siracusa covers meticulously, and if you’re considering full disk encryption, I recommend giving it a read.

All tests performed on a 2011 15″ Macbook Pro 2 Ghz Quad Core i7