[dm-crypt] 1,5 TB partition: use cbc-essiv or xts-plain?

Henrik Theiling theiling at absint.com
Thu Aug 6 16:32:31 CEST 2009


Salatiel Filho writes:
>> serpent-cbc-essiv:sha256
> I really liked this one, using aes-cbs-essiv:sha256 [keysize=256] i
> was able to get only 0.89MB/s reading via NFS from my ARM 266Mhz.
> Using serpent-cbc-essiv:sha256[keysize=256] i can get 2,66MB/s,
> which is really good.

Fascinating.  I thought Serpent was universally the slowest of the
three big algorithms (AES/Rijndael, Twofish, Serpent) that was used if
you wanted highest security margins.  Your speed test results come
quite unexpected for me, especially since AES and Twofish have
assembler modules while Serpent has only a C implementation in the
kernel (as of last time I checked).

For me, speed is quite secondary, because I have a fast machine which
crypts much faster than the USB-2.0 interface can possibly serve the


More information about the dm-crypt mailing list