[dm-crypt] Basics

Mistave mistave at countermail.com
Fri Sep 25 19:55:15 CEST 2015


Generally I use the following line:

# cryptsetup -c aes-xts-plain64:sha512 -h sha512 -y -s 512 -i 5000
--use-random luksFormat /dev/sdX


But AES should be faster, if your CPU supports AES-IN instruction (most
modern CPU's should). Though you are free to choose whatever cipher you
prefer (aes, twofish, serpent). On my PC AES (software) is a bit faster
than serpent and a bit slower than twofish. AES (hardware is fastest).


On 25. 09. 2015 19:33, Mike Nagie wrote:
> Hi all,
> 
> I'm going to reinstall my ArchLinux and I thought I would try encrypting 
> my home folder with dm-crypt.
> I read this and ArchWiki several times, but I'm still so confused.
> I'd like to keep my system as fast as just possible, sooo here is my 
> benchmark results:
> 
> PBKDF2-sha1       644088 iterations per second
> PBKDF2-sha256     391259 iterations per second
> PBKDF2-sha512     321254 iterations per second
> PBKDF2-ripemd160  410241 iterations per second
> PBKDF2-whirlpool  151703 iterations per second
> #  Algorithm | Key |  Encryption |  Decryption
>      aes-cbc   128b   124.2 MiB/s   143.3 MiB/s
>  serpent-cbc   128b    49.9 MiB/s   194.5 MiB/s
>  twofish-cbc   128b   112.4 MiB/s   211.2 MiB/s
>      aes-cbc   256b    96.4 MiB/s   107.1 MiB/s
>  serpent-cbc   256b    49.9 MiB/s   194.2 MiB/s
>  twofish-cbc   256b   112.4 MiB/s   210.9 MiB/s
>      aes-xts   256b   141.5 MiB/s   143.3 MiB/s
>  serpent-xts   256b   201.1 MiB/s   191.4 MiB/s
>  twofish-xts   256b   207.9 MiB/s   209.1 MiB/s
>      aes-xts   512b   108.5 MiB/s   106.2 MiB/s
>  serpent-xts   512b   200.1 MiB/s   191.5 MiB/s
>  twofish-xts   512b   207.8 MiB/s   209.3 MiB/s
> 
> So first thing; this is a 1TiB HDD. Do I need plain64? Or is there any 
> drawbacks?
> 
> Second: Everybody talks about the aes. It seems the twofish is faster 
> here. Does this really matters? I mean this is a HDD, I guess it never 
> does anything at that pace. (207MiB/s)
> 
> Third: Since xts is supposed to be safer I think it's justified.
> 
> Fourth: Key size I'm totally lost. Why 512b (even though it's splitted 
> to 256) faster than the others? I'm sure something is not right with my theory 
> else who would use 256b?! Do encrypted files bigger with 512b or 
> what is the point here?
> 
> Fifth: Hash: I'm thinking about sha256.
> 
> Sixth: iteration time. I misunderstood the benchmark. I thought 
> sha256     391259 iterations per second
> means 391259 iterations per second. However I set the iteration time to 
> 391259 and well... it needless to say, it didn't open the encrypted 
> partition in a second, more like in 10 minutes. So I have no idea how 
> should I interpret this one.
> 
> And lastly: --use-random or --use-urandom. I didn't get this one at all.
> 
> Thank you for your answer in advance
> 
> Mike
> 


More information about the dm-crypt mailing list