[dm-crypt] 1,5 TB partition: use cbc-essiv or xts-plain?

Salatiel Filho salatiel.filho at gmail.com
Fri Aug 7 14:16:58 CEST 2009


On Thu, Aug 6, 2009 at 13:02, Salatiel Filho<salatiel.filho at gmail.com> wrote:
> On Thu, Aug 6, 2009 at 13:00, Salatiel Filho<salatiel.filho at gmail.com> wrote:
>> On Thu, Aug 6, 2009 at 12:24, Heinz Diehl<htd at fancy-poultry.org> wrote:
>>> On 06.08.2009, Henrik Theiling wrote:
>>>
>>>> Fascinating.  I thought Serpent was universally the slowest of the
>>>> three big algorithms (AES/Rijndael, Twofish, Serpent) that was used if
>>>> you wanted highest security margins.  Your speed test results come
>>>> quite unexpected for me...
>>>
>>> The question is: how has this been measured, and is it faster on both read
>>> and write operations? E.g. a simple "hdparm -tT /dev/xxx" is not sufficient.
>>>
>> I just encrypted the partition , put some random data there [i do not
>> care about write speed in this particular storage, it is just a NAS
>> (ARM 266 + 128RAM running debian lenny)], then drop_caches , export
>> the data using nfs, mount from another machine and copy that file.
>> Repeated the proccess using aes and using serpent. Serpent is much faster ...
>> I really don't know which cipher is/shouldbe faster, but serpent gives
>> me a great speed ...
>>
>>> How about a bonnie++ run, e.g. something like
>>> "bonnie++ -u htd:users -d /mnt/test -s 16016m -m liesel -n 16:100000:16:6"
> i will try to do this tonight.
>


I changed the bonnie parameters cause this machine is really slow and
it has only 128Mb RAM. Here are the results, which i'd be glad if
someone could explain then to me :)

# bonnie++ -d /mnt -f -n0 -m serpent -s 250
[ext4,cipher=serpent-cbc-essiv:sha256,size=256]
Using uid:1000, gid:1000.
Writing intelligently...done
Rewriting...done
Reading intelligently...done
start 'em...done...done...done...
Version 1.03d       ------Sequential Output------ --Sequential Input-
--Random-
                    -Per Chr- --Block-- -Rewrite- -Per Chr- --Block--
--Seeks--
Machine        Size K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP
/sec %CP
serpent        250M            1607   5   910   3            2403   3
126.8   3
serpent,250M,,,1607,5,910,3,,,2403,3,126.8,3,,,,,,,,,,,,,



# bonnie++ -d /mnt -f -n0 -m aes -s 250
[ext4,cipher=aes-cbc-essiv:sha256,size=256]

Using uid:1000, gid:1000.
Writing intelligently...done
Rewriting...done
Reading intelligently...done
start 'em...done...done...done...
Version 1.03d       ------Sequential Output------ --Sequential Input-
--Random-
                    -Per Chr- --Block-- -Rewrite- -Per Chr- --Block--
--Seeks--
Machine        Size K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP
/sec %CP
aes            256M             623   2   400   1            1319   1
116.2   3
aes,256M,,,623,2,400,1,,,1319,1,116.2,3,,,,,,,,,,,,,















>>>
>>>
>>>
>>> _______________________________________________
>>> dm-crypt mailing list
>>> dm-crypt at saout.de
>>> http://www.saout.de/mailman/listinfo/dm-crypt
>>>
>>
>>
>>
>> --
>> []'s
>> Salatiel
>>
>> "O maior prazer do inteligente é bancar o  idiota
>>   diante de um  idiota que banca o inteligente".
>>
>
>
>
> --
> []'s
> Salatiel
>
> "O maior prazer do inteligente é bancar o  idiota
>   diante de um  idiota que banca o inteligente".
>



-- 
[]'s
Salatiel

"O maior prazer do inteligente é bancar o  idiota
   diante de um  idiota que banca o inteligente".


More information about the dm-crypt mailing list