this post was submitted on 22 Oct 2023
384 points (95.5% liked)
Technology
59578 readers
2932 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't know the answer to this, but somehow I trust apple more to get this right. They make money primarily on hardware, so they have a vested interest in making sure it works properly.
Edit - lol apparently I am wrong
Except for the fact that I'm right. Apparently I struck some kind of nerve. Apple is good at hardware. I use a pixel and I can admit this. They know what they are doing.
You’re right, but not for the reason you’re citing. Apple has its own T2 Secure Enclave which performs encryption. Microsoft relies on the TPM for hosting the keys, but does not use AFAIK hardware encryption and thus slows down significantly.
This article: https://eclecticlight.co/2023/03/03/whats-the-overhead-of-using-apfs-encryption/ shows that for an external drive the overhead on MacOS for encryption is insignificant (less than 5%) in most cases. That’s significantly better than Microsoft.
Even before Apple added custom chips, just using the intel AES instructions, their encryption performance penalty was like 3% https://archive.techarp.com/showarticle0037.html?artno=877&pgno=1
Microsoft is doing something very wrong to end up with this much overhead
It's understandable that MS use software implementation for their disk encryption by default. Can't trust 3rd party hardware vendors to not messing up the hardware encryption feature.
The T2 chip is only in Intel Macs. ARM Macs have the Secure Enclave too but it’s part of the main SoC, not a dedicated chip.
The issue here is software, not hardware. A Samsung 990 is a Samsung 990.
doing hardware encryption is not doing encryption right. the user is prone to end with encryption that has unpatchable security issues. of course that it is faster, but if I'm doing encryption speed is not a concern. I just wanted to keep it secure. And software encryption let's me choose the software and algorithm to do that. Apple doesn't.
You aren't who they are making computers for. They want fast encryption, not something customizable like Linux.
Apple's philosophy is "it just works." Not "yeah it works eventually after you figure out what kind of encryption you want and compromise speed for the sake of security."
Like I get what you are saying. For a power user, it is not ideal. But for most people, Apple's hardware solution is fantastic.
they're downvoting you because your logic was "apple does hardware so they must know better" and trusting a big corp to do your encryption better is kind of innocent.
anyway, seeing that they do hardware encryption, they are right to downvote you. I'm not with Microsoft either, bitlocker is probably backdoored, but hey, at least you're not trusting your hardware manufacturer to actually maintain an up-to-date secure firmware.