Announcement

Collapse
No announcement yet.

The Cost Of Ubuntu Disk Encryption

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Cost Of Ubuntu Disk Encryption

    Phoronix: The Cost Of Ubuntu Disk Encryption

    It's been a while since last running any Ubuntu Linux disk encryption benchmarks, but thanks to recent encryption improvements within the upstream Linux ecosystem, it's time to deliver some new Linux disk encryption benchmarks. In this article are results comparing Ubuntu 13.04 without any form of disk encryption to using the home directory encryption feature (eCryptfs-based) and full-disk encryption (using LUKS with an encrypted LVM).

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    I wonder where the performance penalty comes from. Especially with full disk encryption. A modern processor with AES-NI can encrypt/decrypt several gigabytes per second! Way more than the 100-200MB/s seen in the tests. But even without AES-NI it should handle such throughput without a hitch. Can anyone enlighten us?

    Comment


    • #3
      @Michael

      You could also perform start-up measuers. Encryption should add some lag.

      Comment


      • #4
        and when using a solid-state drive, the cost of disk encryption for production systems (particularly mobile devices) tend to be worth the cost and overhead for the added security and peace of mind.
        What does this have to do with SSDs?
        The relative overhead added by encryption is a lot higher for SSDs compared to HDDs (as HDDs tend to be so slow that a few additional CPU cycles do not count anyway).

        Comment


        • #5
          The benchmarks in this article were done from an AMD FX-8350 "Vishera" (Bulldozer 2) CPU that does support AES-NI and the disk drive used was a 60GB OCZ Vertex 2 solid-state drive.
          Regardless of the performance impact, I continue to recommend (and personally use) full-disk encryption for all production mobile systems to mitigate security risk.
          I wouldn't say FX-8350 is exactly mobile, considering it is a power hungry beast with a TDP of 125W

          Comment


          • #6
            Originally posted by kobblestown View Post
            I wonder where the performance penalty comes from. Especially with full disk encryption. A modern processor with AES-NI can encrypt/decrypt several gigabytes per second! Way more than the 100-200MB/s seen in the tests. But even without AES-NI it should handle such throughput without a hitch. Can anyone enlighten us?
            OCZ Vertex 2 is a SandForce SSD, SandForce Chips are slower when data can't be compressed.

            So part of the performance hit is the SSD Controller, not the CPU
            Last edited by ObiWan; 20 May 2013, 06:33 AM.

            Comment


            • #7
              is the support for AES-NI hardware acceleration compiled into the kernel ?

              Comment


              • #8
                encrypting in the OS onto an SSD is bad practise. if you need disk encryption determine how to use the embedded crypto in an SSD - most have them, it's actually a useful feature so as to achieve the randomisation of data to avoid writing long contiguous 1's or 0's to flash.

                if your SSD doesn't allow you to easily control encryption, you bought the wrong one!

                Comment


                • #9
                  @speculatrix

                  Sure, this would kill the SSD faster, but at least you can trust it. How can you trust the chip inside does the right thing?

                  Comment


                  • #10
                    Originally posted by curaga View Post
                    @speculatrix

                    Sure, this would kill the SSD faster, but at least you can trust it. How can you trust the chip inside does the right thing?
                    Who cares?

                    Comment

                    Working...
                    X