Announcement

**edwaleni** · 03-25-2020, 02:01 PM

Makes me wonder what else is using some form of crypto offload that inline would replace and raise performance on?

**swagg_boi** · 03-25-2020, 02:43 PM

Maybe this is a silly question... Why disk encryption on a server? I thought this was a protection for "data at rest", e.g. a powered off laptop, unmounted disk, etc

EDIT: Got several good answers to this, thanks

**RahulSundaram** · 03-25-2020, 02:47 PM

Originally posted by swagg_boi View Post

Maybe this is a silly question... Why disk encryption on a server? I thought this was a protection for "data at rest", e.g. a powered off laptop, unmounted disk, etc

There are all sort of risks including protecting data from theft for a server

**willmore** · 03-25-2020, 02:52 PM

Anyone got a way to email the author? I'm curious how their changes effect ARM. I don't believe they have the same FPU context issues for their crypto instructions. Then again the ARM crypto modules may be labled differently.

**anarki2** · 03-25-2020, 03:06 PM

"Doubling The Throughput" sounds fishy to say the least, coz that's only possible if FDE at least halves throughput, which I seriously doubt.

... assuming these patches aren't actually faster than unencrypted drives, of course.

**Veerappan** · 03-25-2020, 03:09 PM

Originally posted by swagg_boi View Post

Maybe this is a silly question... Why disk encryption on a server? I thought this was a protection for "data at rest", e.g. a powered off laptop, unmounted disk, etc

Many regulated industries (I work in clinical research software) basically require all sensitive data to be encrypted at rest, regardless of the type of system it's on. This is especially important if you're renting hosting space from a 3rd party (e.g. Azure, AWS, Rackspace, etc). If the disks are unencrypted there is a possibility, however small, that one of their staff or cleaning crew could pull a drive and run off with the PHI for all of your patients (or bank account/credit card information as another example) .... which would be a really bad day for a lot of people. Same goes for physical desktops, laptops, whatever.

All sensitive data should always be treated as if someone was about to yank the drive and sell it on the black market. If it's always encrypted, the loss of a disk is annoying, but not a company-ending event that also sends some of the management to jail.

**swagg_boi** · 03-25-2020, 03:19 PM

Got it. I guess that would make sense as I imagine Cloudflare probably leases rack space from ISPs and other third parties to have their servers as "close" to the end user as possible. No way for them to be 100% sure who comes in and out of those data centers.

**Pajn** · 03-25-2020, 03:20 PM

Originally posted by anarki2 View Post

"Doubling The Throughput" sounds fishy to say the least, coz that's only possible if FDE at least halves throughput, which I seriously doubt.

... assuming these patches aren't actually faster than unencrypted drives, of course.

Cloudflare does not make that claim, and also check their blog post https://blog.cloudflare.com/speeding...sk-encryption/

**anarki2** · 03-25-2020, 03:26 PM

Originally posted by Pajn View Post

Cloudflare does not make that claim, and also check their blog post https://blog.cloudflare.com/speeding...sk-encryption/

I took a look but it's 20 pages of rambling and text output, so TLDR.

In any case, that's exactly what I implied there - it's most likely Michael's clickbait title which should be addressed.

Announcement

Cloudflare Improving Linux Disk Encryption Performance - Doubling The Throughput

Cloudflare Improving Linux Disk Encryption Performance - Doubling The Throughput

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment