Announcement

Collapse
No announcement yet.

Linux Full Disk Encryption Performance With AMD Ryzen 5 + SATA 3.0 SSD

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • caligula
    replied
    Originally posted by AndyChow View Post

    Hummm, no. They aren't used simultaneously, they are used sequentially. And it's not bogus, it's just math. If it doesn't cost me actual performance, why shouldn't I?
    What do you mean doesn't cost actual performance? Do you have some sort of quantum computer? If you have a fairly recent 8-core machine, it can do aes/serpert/twofish (512b xts) @ 180 MB/s. That means, you basically spend 50% of the CPU time just encrypting your data. Sure, if it's only a file server, why not.. if not, that CPU time is reduced from other productive work. Please note that this is the latest high end machine. Some 2 GHz dual core is a serious bottleneck when it comes to encryption.
    Last edited by caligula; 08-13-2017, 01:35 PM.

    Leave a comment:


  • AndyChow
    replied
    Originally posted by caligula View Post

    Using multiple encryption techs simultaneously is bogus. Either use AES-256 for perf reasons or Serpent.
    Hummm, no. They aren't used simultaneously, they are used sequentially. And it's not bogus, it's just math. If it doesn't cost me actual performance, why shouldn't I?

    Leave a comment:


  • Tomin
    replied
    SED feature doesn't need OS support to be usable. If your computer's firmware is sensible enough, you can enable it from BIOS setup. On my XPS13 (the infamous 9333 model with coil whine) I enabled the Samsung 840 EVO (yes, also an infamous model...) encryption like that and Linux is not involved at all. The only problem is that BIOS is too stupid and I can only have eight characters long password that doesn't even have upper case letters... awesome, I have AES-256 that is protected by 8 character password that can have only lower case letters, numbers and very few special characters. I think the controller in the drive is designed so that it will encrypt the data anyway, but if you don't set the password the key is not protected (encrypted with the password) and secure erase (also run through BIOS setup) only generates a new key.

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by caligula View Post
    Funny how some guys need three 256-bit ciphers for their private porn collection while others run small businesses with just reliance on AES-128 and a closed source firmware, maybe with some additional limitations related to password length and character set.
    Maybe their private porn collection has sensitive stuff, like say nude Putin images, or japanese weirdo madness tentacle porn raping toddlers.

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by schmidtbag View Post
    I just realized - are there any internal drives with their own built-in encryption processor?
    My crucial MX100 does. http://www.crucial.com/usa/en/storage-ssd-mx100

    Not that I'm using the feature at all.

    Newer Crucial ones have encryption if targeting pro market, the consumer (cheaper) drives don't.

    Leave a comment:


  • caligula
    replied
    Originally posted by trek View Post

    using more than one cipher can protect you when a new attack is discovered about a single cipher (like the DES story)
    DES is a sad story. NSA was interfering with the project and suggested a short key size. DES is also over 40 years old now. AES was published 20 years ago. Today there are hardly any effective ways to break it. AFAIK the AES-NI instructions and such help with the side channel timing attacks. Sure, go ahead and use multiple ciphers if you feel like it. Many commercial NAS boxes only support AES-128. Funny how some guys need three 256-bit ciphers for their private porn collection while others run small businesses with just reliance on AES-128 and a closed source firmware, maybe with some additional limitations related to password length and character set.

    Leave a comment:


  • trek
    replied
    Originally posted by caligula View Post
    Using multiple encryption techs simultaneously is bogus. Either use AES-256 for perf reasons or Serpent.
    using more than one cipher can protect you when a new attack is discovered about a single cipher (like the DES story)

    Leave a comment:


  • caligula
    replied
    Originally posted by debianxfce View Post
    Something is wrong in your computing environment if you need disk encryption and other overkill security features. Possible reasons are high 4G mobile network prices in the developing countries and a high crime rate.
    Apparently debian & xfce users don't get it, some people sell their used hardware or their stuff gets stolen. Encryption is a no-brainer these days. If you can't afford Serpent, use AES-128 or AES XTS 256. Modern systems encrypt 3 GB/s or more. Especially recommended for spinning rust drives aaand even more so for SMR drives which are slow anyways.

    Leave a comment:


  • caligula
    replied
    Originally posted by AndyChow View Post
    And that's with aes-twofish-serpent software encryption, salted. To protect the data of my clients, this is nothing.
    Using multiple encryption techs simultaneously is bogus. Either use AES-256 for perf reasons or Serpent.

    Leave a comment:


  • caligula
    replied
    Originally posted by bosjc View Post
    Samsung PRO SSDs have built in (AES-256-bit I think). Depends on if you trust their hardware or not, though, I suppose. Having had it before, though, I can tell you there is basically no overhead at all.
    The builtin AES generates heat which can make the NVMe drives throttle faster, which leads to lower perf after a short burst. You'd definitely want to use a heat sink.

    Leave a comment:

Working...
X