[dm-crypt] cryptsetup benchmark with I/O?

Arno Wagner arno at wagner.name
Sat Mar 22 08:40:39 CET 2014


Complex benchmarks are notoriously difficult and misleading.
With the cryptsetup internal benchmarks, you get realistic
encryption speed benchmarks. For a realistic "filesystem 
performance benchmark", there is nothing out there. Filesystems
and raw storage layers are too different and their behaviour is 
too complex that you can compare them meaningfully in a "general 
setting".

Arno


On Sat, Mar 22, 2014 at 06:51:26 CET, Tom Roche wrote:
> 
> summary: Is there an I/O-inclusive cryptsetup benchmark available for users?
> 
> details:
> 
> Thanks to PePa's script, which I have fiddled[1], it is now quite easy/fast to install LMDE[2] with LUKS and LVM2. So easy that I'd like to improve (if not optimize) my cryptsetup, if it's not too difficult/time-consuming. On my target hardware (which is a few years old)
> 
> $ sudo cryptsetup benchmark
> > # Tests are approximate using memory only (no storage IO).
> > PBKDF2-sha1       313569 iterations per second
> > PBKDF2-sha256     190511 iterations per second
> > PBKDF2-sha512     125068 iterations per second
> > PBKDF2-ripemd160  254015 iterations per second
> > PBKDF2-whirlpool  132663 iterations per second
> > #  Algorithm | Key |  Encryption |  Decryption
> >      aes-cbc   128b   142.2 MiB/s   164.7 MiB/s
> >  serpent-cbc   128b    54.5 MiB/s   225.8 MiB/s
> >  twofish-cbc   128b   131.6 MiB/s   180.0 MiB/s
> >      aes-cbc   256b   113.8 MiB/s   125.5 MiB/s
> >  serpent-cbc   256b    55.7 MiB/s   224.2 MiB/s
> >  twofish-cbc   256b   133.2 MiB/s   180.9 MiB/s
> >      aes-xts   256b   168.0 MiB/s   165.0 MiB/s
> >  serpent-xts   256b   197.6 MiB/s   201.5 MiB/s
> >  twofish-xts   256b   168.3 MiB/s   170.0 MiB/s
> >      aes-xts   512b   126.4 MiB/s   126.4 MiB/s
> >  serpent-xts   512b   195.5 MiB/s   197.8 MiB/s
> >  twofish-xts   512b   167.0 MiB/s   167.0 MiB/s
> 
> But, as it says in the first line, `cryptsetup benchmark` tests memory but not I/O. So although my current selection (--cipher=serpent-xts-plain64 , --key-size=256) seems to be working OK, I'd like to know, ...
> 
> Is there a better benchmark? with I/O? Ideally, I'd like an automated test I could let run for not too long (a few hours, tops) to more realistically check my current selection against "the standard" (which, IIUC, is --cipher=aes-xts-plain64 , --key-size=512). I don't have data on the target hardware, and the script makes it easy/quick to blast the old partitions/volumes and twiddle the crypto, so I could do that for an interation or two before I "setup the box for real."
> 
> TIA, Tom Roche <Tom_Roche at pobox.com>
> 
> [1]: https://bitbucket.org/tlroche/install_resizable_encrypted_lmde
> [2]: http://www.linuxmint.com/download_lmde.php
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato


More information about the dm-crypt mailing list