Announcement

Collapse
No announcement yet.

Linux Full Disk Encryption Performance With AMD Ryzen 5 + SATA 3.0 SSD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by trek View Post

    using more than one cipher can protect you when a new attack is discovered about a single cipher (like the DES story)
    DES is a sad story. NSA was interfering with the project and suggested a short key size. DES is also over 40 years old now. AES was published 20 years ago. Today there are hardly any effective ways to break it. AFAIK the AES-NI instructions and such help with the side channel timing attacks. Sure, go ahead and use multiple ciphers if you feel like it. Many commercial NAS boxes only support AES-128. Funny how some guys need three 256-bit ciphers for their private porn collection while others run small businesses with just reliance on AES-128 and a closed source firmware, maybe with some additional limitations related to password length and character set.

    Comment


    • #22
      Originally posted by schmidtbag View Post
      I just realized - are there any internal drives with their own built-in encryption processor?
      My crucial MX100 does. http://www.crucial.com/usa/en/storage-ssd-mx100

      Not that I'm using the feature at all.

      Newer Crucial ones have encryption if targeting pro market, the consumer (cheaper) drives don't.

      Comment


      • #23
        Originally posted by caligula View Post
        Funny how some guys need three 256-bit ciphers for their private porn collection while others run small businesses with just reliance on AES-128 and a closed source firmware, maybe with some additional limitations related to password length and character set.
        Maybe their private porn collection has sensitive stuff, like say nude Putin images, or japanese weirdo madness tentacle porn raping toddlers.

        Comment


        • #24
          SED feature doesn't need OS support to be usable. If your computer's firmware is sensible enough, you can enable it from BIOS setup. On my XPS13 (the infamous 9333 model with coil whine) I enabled the Samsung 840 EVO (yes, also an infamous model...) encryption like that and Linux is not involved at all. The only problem is that BIOS is too stupid and I can only have eight characters long password that doesn't even have upper case letters... awesome, I have AES-256 that is protected by 8 character password that can have only lower case letters, numbers and very few special characters. I think the controller in the drive is designed so that it will encrypt the data anyway, but if you don't set the password the key is not protected (encrypted with the password) and secure erase (also run through BIOS setup) only generates a new key.

          Comment


          • #25
            Originally posted by caligula View Post

            Using multiple encryption techs simultaneously is bogus. Either use AES-256 for perf reasons or Serpent.
            Hummm, no. They aren't used simultaneously, they are used sequentially. And it's not bogus, it's just math. If it doesn't cost me actual performance, why shouldn't I?

            Comment


            • #26
              Originally posted by AndyChow View Post

              Hummm, no. They aren't used simultaneously, they are used sequentially. And it's not bogus, it's just math. If it doesn't cost me actual performance, why shouldn't I?
              What do you mean doesn't cost actual performance? Do you have some sort of quantum computer? If you have a fairly recent 8-core machine, it can do aes/serpert/twofish (512b xts) @ 180 MB/s. That means, you basically spend 50% of the CPU time just encrypting your data. Sure, if it's only a file server, why not.. if not, that CPU time is reduced from other productive work. Please note that this is the latest high end machine. Some 2 GHz dual core is a serious bottleneck when it comes to encryption.
              Last edited by caligula; 08-13-2017, 01:35 PM.

              Comment

              Working...
              X