Announcement

Collapse
No announcement yet.

The Performance Impact Of Linux Disk Encryption On Ubuntu 14.04 LTS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Performance Impact Of Linux Disk Encryption On Ubuntu 14.04 LTS

    Phoronix: The Performace Impact Of Linux Disk Encryption On Ubuntu 14.04 LTS

    For any Linux laptop users or those concerned about their data's safety on production systems, I highly recommend utilizing disk encryption for safeguarding the data. However, what's the performance impact like these days? In this article with the current development snapshot of Ubuntu 14.04 LTS on a modern Intel ultrabook we're looking at the impact (including CPU utilization) of using an eCryptfs-based home directory encryption and LUKS-based full-disk encryption on Ubuntu Linux.

    http://www.phoronix.com/vr.php?view=19979

  • #2
    I don't use Ubuntu & friends, but I would assume that the comment regarding to /tmp is moot; /tmp is ordinarily a tmpfs these days.

    Comment


    • #3
      Originally posted by phoronix View Post
      Phoronix: The Performace Impact Of Linux Disk Encryption On Ubuntu 14.04 LTS

      For any Linux laptop users or those concerned about their data's safety on production systems, I highly recommend utilizing disk encryption for safeguarding the data. However, what's the performance impact like these days? In this article with the current development snapshot of Ubuntu 14.04 LTS on a modern Intel ultrabook we're looking at the impact (including CPU utilization) of using an eCryptfs-based home directory encryption and LUKS-based full-disk encryption on Ubuntu Linux.

      http://www.phoronix.com/vr.php?view=19979
      WTH? I don't see how an encrypted home dir would affect the benchmarks unless you're running the benchmarks inside the encrypted home dir. If that is the case, these numbers perhaps represent only a wildly non-typical "corner-case" performance-wise.

      All of the performance critical system services I've ever seen have typically been run from /opt or /usr - never from a user's home dir.

      Comment


      • #4
        Originally posted by david_lynch View Post
        WTH? I don't see how an encrypted home dir would affect the benchmarks unless you're running the benchmarks inside the encrypted home dir. If that is the case, these numbers perhaps represent only a wildly non-typical "corner-case" performance-wise.

        All of the performance critical system services I've ever seen have typically been run from /opt or /usr - never from a user's home dir.
        I wondered about this too.

        Comment


        • #5
          Interesting. I'm using full disk encryption on my server/htpc and have never noticed any
          performance degree even though it isn't the most powerful creature (Zbox ID18). Now I
          can also confirm that by numbers.

          Originally posted by david_lynch View Post
          WTH? I don't see how an encrypted home dir would affect the benchmarks unless you're running the benchmarks inside the encrypted home dir. If that is the case, these numbers perhaps represent only a wildly non-typical "corner-case" performance-wise.

          All of the performance critical system services I've ever seen have typically been run from /opt or /usr - never from a user's home dir.
          Benchmarking /opt or /usr if it's the home dir that's encrypted would be pretty meningless...

          Comment


          • #6
            Originally posted by Pajn View Post
            Benchmarking /opt or /usr if it's the home dir that's encrypted would be pretty meningless...
            You are right, but then benchmarking from an encrypted /home setup is a 'wildly non-typical "corner-case"' anyway...

            The point here is: If the use case for an encrypted /home setup is different from the full-disk setup, then comparing these setups may not have a realistic meaning...

            Based on these tests results it seems clear that "encrypting the whole disk is much better". However, if the test was a "regular usage"* (browse web, check mail, edit documents, play music, whatever...) which would be the actual performance impact?

            * I understand that "Regular usage" is a concept either difficult or impossible to define and your regular usage may be different from mine.

            Comment


            • #7
              Originally posted by david_lynch View Post
              WTH? I don't see how an encrypted home dir would affect the benchmarks unless you're running the benchmarks inside the encrypted home dir. If that is the case, these numbers perhaps represent only a wildly non-typical "corner-case" performance-wise.

              All of the performance critical system services I've ever seen have typically been run from /opt or /usr - never from a user's home dir.
              You're missing the point, eCryptfs isn't only for the home directory. It's commonly used for home dir encryption, where it shouldn't be much of a performance concern anyway, but it can be used on any directory and I (for example) also use it to encrypt project files on an external hard drive and on my laptop's data SSD. I use eCryptfs rather than full-disk for the flexibility it provides, but after seeing these benchmarks I will definitely reconsider some of my choices, or at least do my own tests to see how much is this affecting me in practice. Thanks Michael!

              Comment


              • #8
                so can it be worked around by creating a home partition? And does Full disk mean full disc or does it mean full partition?

                Comment


                • #9
                  Crypto algorithm

                  An interesting point would be the impact of the specific cryptographic algorithms on the performance. AFAIK Rijndael was chosen as AES because of its low performance requirements. But how does it differ from the other cryptographic algrithms in the kernel?

                  Comment


                  • #10
                    Originally posted by jpuhr View Post
                    An interesting point would be the impact of the specific cryptographic algorithms on the performance. AFAIK Rijndael was chosen as AES because of its low performance requirements. But how does it differ from the other cryptographic algrithms in the kernel?
                    will performance and special cornercases of fs be of importance aswell?

                    Comment

                    Working...
                    X