Announcement

Collapse
No announcement yet.

A Look At The Big Impact To AES-XTS Encryption Performance From Spectre Retpolines

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    A Look At The Big Impact To AES-XTS Encryption Performance From Spectre Retpolines

    Phoronix: A Look At The Big Impact To AES-XTS Encryption Performance From Spectre Retpolines

    With it recently being noticed that the Linux AES-NI XTS performance regressed big time from the return trampolines "Retpolines" enacted nearly three years ago as a defense against Spectre, here are some benchmarks looking at the performance cost involved to this day using Retpolines and the impact on the XTS encryption/decryption performance measured by cryptsetup that is used for setting up encrypted disks under Linux...

    A Look At The Big Impact To AES-XTS Encryption Performance From Spectre Retpolines - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=Retpolines-Cryptsetup-Perf
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
    • Likes 1
  • #2
    Mainly relevant for people who use an NVME SSD with partitions encrypted using AES. Definitely a big performance hit.
    • Likes 2

    Comment

    • #3
      Isn't that the default for Ubuntu disk encryption? Sounds like that would affect a lot of buisnesses.
      • Likes 2

      Comment

      • #4
        Yikes!!! That's truly amazing. And my goodness Michael is correct, how on Earth could this have gone unnoticed for so long?
        • Likes 1

        Comment

        • #5
          I wonder if this affects the *BSDs performance on encrypted drives as well? My workstation running FreeBSD with encrypted Geli drive with ZFS on a NVMe SSD has always felt slower than it should I thought. Wonder if mitigations in FreeBSD affected AES encryption too?

          Comment

          • #6
            Once you factor in the clocking impacts of AES-NI, it seems you can be better off with full software ChaCha20 in these cases, and you get the added benefit that there are zero realistic timing attacks against ChaCha20, almost no matter how you implement it; and then if you compare it to ChaCha12 or ChaCha8 (which is at least as secure as AES, ChaCha20 is overkill) it starts looking real funny.
            Last edited by microcode; 01 January 2021, 07:10 PM.
            • Likes 1

            Comment

            Previous template Next
            Working...
            X