[dm-crypt] [PATCH] Speed up keyfile reading
rz at linux-m68k.org
Sun Aug 13 17:33:59 CEST 2017
On Sun, Aug 13, 2017 at 01:16:13PM +0000, Michael Kjörling wrote:
> On 13 Aug 2017 08:34 -0400, from angelomariafederichini191269 at protonmail.com (angelomariafederichini191269):
> >> How big is that keyfile? (And what is underlying storage?)
> >> Just wonder why it is so slow...
> > The keyfile size is the maximum allowed by cryptsetup so its 8MB.
> > The storage is sometimes a tmpfs, i.e., RAM, and sometimes a SSD.
> It _does_ indeed appear to take excessively long when using a huge key
> $ dd if=/dev/urandom bs=1 count=6000000 | base64 --wrap=0 > keyfile
> 6000000+0 records in
> 6000000+0 records out
> 6000000 bytes (6,0 MB) copied, 14,9171 s, 402 kB/s
> $ stat --printf='%s\n' keyfile
> $ truncate -s 100M backing
> $ sudo -i
> # losetup -f --show backing
> # time cryptsetup luksFormat -c aes-xts-plain64 --key-size 512 --key-file keyfile --iter-time 1 --batch-mode /dev/loop0
> real 0m32.832s
> user 0m1.756s
> sys 0m30.666s
> # time cryptsetup luksFormat -c aes-xts-plain64 --key-size 512 --key-file keyfile --iter-time 30000 --batch-mode /dev/loop0
> real 1m40.155s
> user 1m8.384s
> sys 0m30.258s
> Curiously, I see no significant difference when doing this with
> backing storage being rotational HDDs in RAID6 (RAIDZ2, to be precise)
> or with SSDs in RAID1 (actually a ZFS two-way mirror). If anything, it
> seems to be a tiny bit _faster_ when reading the key file off of
> spinning rust. I didn't try off a tmpfs or ramfs.
no huge surprise, you are measuring the library, syscall and VFS overhead.
Name and OpenPGP keys available from pgp key servers
More information about the dm-crypt