Announcement

Collapse
No announcement yet.

Ubuntu 19.10 Laptop Disk Encryption Benchmarks

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ubuntu 19.10 Laptop Disk Encryption Benchmarks

    Phoronix: Ubuntu 19.10 Laptop Disk Encryption Benchmarks

    A Phoronix Premium reader recently inquired about the performance impact of LUKS LVM-based disk encryption that continues to be offered by Ubuntu's Ubiquity installer on new installations and if it's worthwhile. As I've said for many years, it's certainly recommended for production systems -- particularly laptops where there are greater chances of theft -- and the performance impact isn't generally all that bad with modern CPUs and the likes of AES-NI...

    http://www.phoronix.com/scan.php?pag...k-Encrypt-Test

  • #2
    LUKS has 0 things to do with LVM... maybe should have compared LUKS/LVM/EXT4 to LVM/EXT4. But yes do use encryption.

    Comment


    • #3
      Does LUKS work well with BTRFS or is there another recommended solution for that?

      Comment


      • #4
        FWIW, and I haven't found the article that compared encrypted v. clear on various types of storage (I remember reading one of NVME PCIe v. SATA SSD v. SATA HDD, but generally speaking the faster the drive the more of a difference between the two is going hit performance.

        NVME storage will be hit harder than SATA SSD and both will be hit harder than standard SATA spinning rust - depending on how heavy the IO is. If the IO bus speed is slower than what the CPU can decode an encrypted stream, your performance impact will be lower than if the CPU and IO is closer in terms of performance - again, depending on load type like the SQLite benchmark showed.

        That said, if it's a laptop you're consistently mobile with, then it's almost always worth the performance impact in case of loss or theft. With an impossible to guess passphrase then your information is going to be safe from prying eyes, and the likelihood of the thief just wiping the drive and reselling it goes up dramatically.

        Also let me point out that there's a special problem with solid state drives, TRIM, and encryption. If you're concerned about highly resourceful and knowledgeable adversaries, most SSD drives will give out hints to file sizes if TRIM is turned on. Basically it'll look like this on a cell map of the drive: ......OOOOO.....OO....OOOOO..... where "." is empty and "O" has useful data. An adversary that knows what they're looking for could theoretically use those hints to decrypt parts of or all of the drive.

        Also be aware that not all drives will wipe freed data right away when a TRIM command is issued. The data can also stay resident on the drive until the drive decides to do something with it.

        This is VeraCrypt's documentation, but the security issues for SSD and encryption concepts are the same whether you use Linux's built in drive encryption stuff, or VeraCrypt:

        https://www.veracrypt.fr/en/Security...ecautions.html

        Comment


        • #5
          Good test, I'd also be interested in ZFS Native encryption benchmarks.

          Comment


          • #6
            Originally posted by Veto View Post
            Does LUKS work well with BTRFS or is there another recommended solution for that?
            Works well enough in my experience.

            Comment


            • #7
              Originally posted by LinAGKar View Post
              Works well enough in my experience.
              Thanks.
              Nice with a heads up that it just works. Guess I will go LUKS when installing Ubuntu 20.04. I really like the ability of BTRFS to make snapshots and to have a flexible "partitioning" between / and /home/. It really makes updating the OS a breeze. Finally the checksum capability gives some peace of mind wrt. silent corruption of data, which is not uncommon with EXT (especially in the old EXT2 days).

              Comment

              Working...
              X