Announcement

Collapse
No announcement yet.

Ubuntu 9.04 Home Encryption Performance

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by december View Post
    This really should be off-loaded to hardware. Didn't VIA have some crypto built-in on some of their EPIA boards? It can't be that expensive to put a basic AES cypher chip somewhere in a motherboard's SATA controller section. All that is needed, is for some of the major motherboard manufacturers and chipset makers to sit together and come up with something resembling a unified interface.
    They have. See second post here

    Comment


    • #12
      VIA's processors, starting with a certain C3 stepping, support AES in hardware. It is very fast, but somewhat limited. E.g. no fast XTS acceleration.
      Last edited by greg; 12-07-2008, 07:47 PM.

      Comment


      • #13
        I wonder if a GPU could be used for AES?

        Comment


        • #14
          Re: eCryptfs vs LUKS

          LUKS is block device encryption (e.g. /dev/sda1)
          ecryptfs is file level encryption (e.g. /home/user/Private/). You mount a folder, and every file created in that folder will be encrypted individually. If you umount the ecryptfs folder, you will still see the files, but the contents will be garbled.

          There are several advantages to this approach, but the main one is that the home directory for each user can be encrypted with a different key.
          With LUKS, it is only possible to encrypt the home partition, or with more work, create an encrypted partition for each user (with fixed size, less flexibility).

          AFAIK, ecryptfs is available on Fedora as well.

          Comment


          • #15
            It really didn't mention game performance but of course that will be largely unaffected, especially if your games are installed to /opt or other places outside your home dir. Wine games might suffer some though depending on how I/O intensive they are.

            Comment


            • #16
              Originally posted by Louise View Post
              I wonder if a GPU could be used for AES?
              Yes it is possible.

              http://www.manavski.com/downloads/PID505889.pdf

              There also have been talk of nvidia opening access up the AES engine found on the GF 8 + to the Cuda toolkit.

              Aso if you own the book GPU Gems 3 there is a dedicated chapter to this subject.
              Last edited by deanjo; 12-08-2008, 01:12 AM.

              Comment


              • #17
                I'd like to see how encryption runs on SCSI. I'm tired of the inconsistent performance with desktop controllers.

                Encryption would be really cool, but getting locked out of your data is unacceptable.

                Comment


                • #18
                  Originally posted by WSmart View Post
                  I'd like to see how encryption runs on SCSI. I'm tired of the inconsistent performance with desktop controllers.

                  Encryption would be really cool, but getting locked out of your data is unacceptable.
                  That would apply to a very small amount of the community. If your running scsi's chances are your running servers in a corporate environment and you should have alot more security measures in place then just encrypting the drive.

                  Comment


                  • #19
                    Originally posted by deanjo View Post
                    Yes it is possible.

                    http://www.manavski.com/downloads/PID505889.pdf

                    There also have been talk of nvidia opening access up the AES engine found on the GF 8 + to the Cuda toolkit.

                    Aso if you own the book GPU Gems 3 there is a dedicated chapter to this subject.
                    Cool! Is it a nVidia feature only, or could the same be done for ATi?

                    Comment


                    • #20
                      Originally posted by jamei View Post
                      Re: eCryptfs vs LUKS

                      LUKS is block device encryption (e.g. /dev/sda1)
                      ecryptfs is file level encryption (e.g. /home/user/Private/). You mount a folder, and every file created in that folder will be encrypted individually. If you umount the ecryptfs folder, you will still see the files, but the contents will be garbled.

                      There are several advantages to this approach, but the main one is that the home directory for each user can be encrypted with a different key.
                      With LUKS, it is only possible to encrypt the home partition, or with more work, create an encrypted partition for each user (with fixed size, less flexibility).

                      AFAIK, ecryptfs is available on Fedora as well.
                      Thanks for clearing that out

                      I like no one can see what files I have, so I say with LUKS

                      Comment

                      Working...
                      X