[dm-crypt] cryptsetup benchmark with I/O?
arno at wagner.name
Sat Mar 22 08:40:39 CET 2014
Complex benchmarks are notoriously difficult and misleading.
With the cryptsetup internal benchmarks, you get realistic
encryption speed benchmarks. For a realistic "filesystem
performance benchmark", there is nothing out there. Filesystems
and raw storage layers are too different and their behaviour is
too complex that you can compare them meaningfully in a "general
On Sat, Mar 22, 2014 at 06:51:26 CET, Tom Roche wrote:
> summary: Is there an I/O-inclusive cryptsetup benchmark available for users?
> Thanks to PePa's script, which I have fiddled, it is now quite easy/fast to install LMDE with LUKS and LVM2. So easy that I'd like to improve (if not optimize) my cryptsetup, if it's not too difficult/time-consuming. On my target hardware (which is a few years old)
> $ sudo cryptsetup benchmark
> > # Tests are approximate using memory only (no storage IO).
> > PBKDF2-sha1 313569 iterations per second
> > PBKDF2-sha256 190511 iterations per second
> > PBKDF2-sha512 125068 iterations per second
> > PBKDF2-ripemd160 254015 iterations per second
> > PBKDF2-whirlpool 132663 iterations per second
> > # Algorithm | Key | Encryption | Decryption
> > aes-cbc 128b 142.2 MiB/s 164.7 MiB/s
> > serpent-cbc 128b 54.5 MiB/s 225.8 MiB/s
> > twofish-cbc 128b 131.6 MiB/s 180.0 MiB/s
> > aes-cbc 256b 113.8 MiB/s 125.5 MiB/s
> > serpent-cbc 256b 55.7 MiB/s 224.2 MiB/s
> > twofish-cbc 256b 133.2 MiB/s 180.9 MiB/s
> > aes-xts 256b 168.0 MiB/s 165.0 MiB/s
> > serpent-xts 256b 197.6 MiB/s 201.5 MiB/s
> > twofish-xts 256b 168.3 MiB/s 170.0 MiB/s
> > aes-xts 512b 126.4 MiB/s 126.4 MiB/s
> > serpent-xts 512b 195.5 MiB/s 197.8 MiB/s
> > twofish-xts 512b 167.0 MiB/s 167.0 MiB/s
> But, as it says in the first line, `cryptsetup benchmark` tests memory but not I/O. So although my current selection (--cipher=serpent-xts-plain64 , --key-size=256) seems to be working OK, I'd like to know, ...
> Is there a better benchmark? with I/O? Ideally, I'd like an automated test I could let run for not too long (a few hours, tops) to more realistically check my current selection against "the standard" (which, IIUC, is --cipher=aes-xts-plain64 , --key-size=512). I don't have data on the target hardware, and the script makes it easy/quick to blast the old partitions/volumes and twiddle the crypto, so I could do that for an interation or two before I "setup the box for real."
> TIA, Tom Roche <Tom_Roche at pobox.com>
> : https://bitbucket.org/tlroche/install_resizable_encrypted_lmde
> : http://www.linuxmint.com/download_lmde.php
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. - Plato
More information about the dm-crypt