[dm-crypt] cryptsetup benchmark with I/O?

Tom Roche Tom_Roche at pobox.com
Sat Mar 22 06:51:26 CET 2014

summary: Is there an I/O-inclusive cryptsetup benchmark available for users?


Thanks to PePa's script, which I have fiddled[1], it is now quite easy/fast to install LMDE[2] with LUKS and LVM2. So easy that I'd like to improve (if not optimize) my cryptsetup, if it's not too difficult/time-consuming. On my target hardware (which is a few years old)

$ sudo cryptsetup benchmark
> # Tests are approximate using memory only (no storage IO).
> PBKDF2-sha1       313569 iterations per second
> PBKDF2-sha256     190511 iterations per second
> PBKDF2-sha512     125068 iterations per second
> PBKDF2-ripemd160  254015 iterations per second
> PBKDF2-whirlpool  132663 iterations per second
> #  Algorithm | Key |  Encryption |  Decryption
>      aes-cbc   128b   142.2 MiB/s   164.7 MiB/s
>  serpent-cbc   128b    54.5 MiB/s   225.8 MiB/s
>  twofish-cbc   128b   131.6 MiB/s   180.0 MiB/s
>      aes-cbc   256b   113.8 MiB/s   125.5 MiB/s
>  serpent-cbc   256b    55.7 MiB/s   224.2 MiB/s
>  twofish-cbc   256b   133.2 MiB/s   180.9 MiB/s
>      aes-xts   256b   168.0 MiB/s   165.0 MiB/s
>  serpent-xts   256b   197.6 MiB/s   201.5 MiB/s
>  twofish-xts   256b   168.3 MiB/s   170.0 MiB/s
>      aes-xts   512b   126.4 MiB/s   126.4 MiB/s
>  serpent-xts   512b   195.5 MiB/s   197.8 MiB/s
>  twofish-xts   512b   167.0 MiB/s   167.0 MiB/s

But, as it says in the first line, `cryptsetup benchmark` tests memory but not I/O. So although my current selection (--cipher=serpent-xts-plain64 , --key-size=256) seems to be working OK, I'd like to know, ...

Is there a better benchmark? with I/O? Ideally, I'd like an automated test I could let run for not too long (a few hours, tops) to more realistically check my current selection against "the standard" (which, IIUC, is --cipher=aes-xts-plain64 , --key-size=512). I don't have data on the target hardware, and the script makes it easy/quick to blast the old partitions/volumes and twiddle the crypto, so I could do that for an interation or two before I "setup the box for real."

TIA, Tom Roche <Tom_Roche at pobox.com>

[1]: https://bitbucket.org/tlroche/install_resizable_encrypted_lmde
[2]: http://www.linuxmint.com/download_lmde.php

More information about the dm-crypt mailing list