Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Encrypted volume read/write too fast...
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
creaker
l33t
l33t


Joined: 14 Jul 2012
Posts: 651

PostPosted: Tue Sep 09, 2014 6:41 pm    Post subject: Encrypted volume read/write too fast... Reply with quote

Hi!
I encrypted one of the partitions following this wiki page: http://wiki.gentoo.org/wiki/Dm-crypt
Once got device mounted, I decided to test read/write performance. I copied a 4Gb file and paste it into container. Unexpectedly file was copied too fast: operation took 45 secs. It's a 91Mb/sec. Afaik, it shouldn't be so fast. The read/write speed for encrypted partition should be 20-70 Mb/sec according to this benchmark: http://blog.wpkg.org/2009/04/23/cipher-benchmark-for-dm-crypt-luks/
Encrypted partition status:
Code:
localhost ~ # cryptsetup status cv
/dev/mapper/cv is active and is in use.
  type:    LUKS1
  cipher:  aes-xts-plain64
  keysize: 256 bits
  device:  /dev/sdb2
  offset:  4096 sectors
  size:    447426560 sectors
  mode:    read/write


It even faster than copy to plain (non-encrypted) partition.

Assuming something wrong with my setup. Either data encryption compromised or not encrypted at all.

Any thoughts?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14169

PostPosted: Wed Sep 10, 2014 1:02 am    Post subject: Reply with quote

I think you are using a 5+ year old benchmark to analyze the performance of hardware you did not describe. If you have a much faster system, good hardware offload, or used more caching than was used in the benchmark, then comparing your results to theirs is meaningless. I see that the blog post was edited a year after its posting to note that DM-Crypt became SMP aware, which could affect performance.
Back to top
View user's profile Send private message
HeissFuss
Guru
Guru


Joined: 11 Jan 2005
Posts: 414

PostPosted: Wed Sep 10, 2014 2:35 am    Post subject: Reply with quote

Are you measuring the time it takes to copy and sync to disk, or just copy? When the copy completes, that just means it's in RAM disk buffer, prior to encryption/disk write.

Also, AES with any modern Intel processes does AES-NI CPU offload of AES, which is very fast. You can benchmark the actual CPU throughput (minus disk) with 'cryptsetup benchmark'
Back to top
View user's profile Send private message
creaker
l33t
l33t


Joined: 14 Jul 2012
Posts: 651

PostPosted: Wed Sep 10, 2014 2:57 am    Post subject: Reply with quote

@ Hu
I saw that the date is 2009. The HDD used for linked above benchmark even faster than mine: 105Mb/s vs 100Mb/s.
Though, you are right, multithreading might be enabled by default since 2009. I wasn't aware of it.
Back to top
View user's profile Send private message
creaker
l33t
l33t


Joined: 14 Jul 2012
Posts: 651

PostPosted: Wed Sep 10, 2014 3:04 am    Post subject: Reply with quote

HeissFuss wrote:

Also, AES with any modern Intel processes does AES-NI CPU offload of AES, which is very fast. You can benchmark the actual CPU throughput (minus disk) with 'cryptsetup benchmark'


Code:
localhost ~ # cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1       485451 iterations per second
PBKDF2-sha256     249660 iterations per second
PBKDF2-sha512     163227 iterations per second
PBKDF2-ripemd160  376643 iterations per second
PBKDF2-whirlpool  204161 iterations per second
#  Algorithm | Key |  Encryption |  Decryption
     aes-cbc   128b   151,2 MiB/s   208,3 MiB/s
 serpent-cbc   128b           N/A           N/A
 twofish-cbc   128b           N/A           N/A
     aes-cbc   256b   122,0 MiB/s   155,9 MiB/s
 serpent-cbc   256b           N/A           N/A
 twofish-cbc   256b           N/A           N/A
     aes-xts   256b   209,7 MiB/s   210,4 MiB/s
 serpent-xts   256b           N/A           N/A
 twofish-xts   256b           N/A           N/A
     aes-xts   512b   156,1 MiB/s   157,5 MiB/s
 serpent-xts   512b           N/A           N/A
 twofish-xts   512b           N/A           N/A


Yes, seems this benchmark proves that 91Mb/s is real transfer speed.
Thanks.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum