Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: The Cost Of Ubuntu Disk Encryption

  1. #1
    Join Date
    Jan 2007
    Posts
    14,788

    Default The Cost Of Ubuntu Disk Encryption

    Phoronix: The Cost Of Ubuntu Disk Encryption

    It's been a while since last running any Ubuntu Linux disk encryption benchmarks, but thanks to recent encryption improvements within the upstream Linux ecosystem, it's time to deliver some new Linux disk encryption benchmarks. In this article are results comparing Ubuntu 13.04 without any form of disk encryption to using the home directory encryption feature (eCryptfs-based) and full-disk encryption (using LUKS with an encrypted LVM).

    http://www.phoronix.com/vr.php?view=18731

  2. #2
    Join Date
    Apr 2011
    Location
    Sofia, Bulgaria
    Posts
    75

    Default

    I wonder where the performance penalty comes from. Especially with full disk encryption. A modern processor with AES-NI can encrypt/decrypt several gigabytes per second! Way more than the 100-200MB/s seen in the tests. But even without AES-NI it should handle such throughput without a hitch. Can anyone enlighten us?

  3. #3
    Join Date
    Sep 2010
    Posts
    683

    Default

    @Michael

    You could also perform start-up measuers. Encryption should add some lag.

  4. #4
    Join Date
    Jan 2008
    Posts
    206

    Default

    and when using a solid-state drive, the cost of disk encryption for production systems (particularly mobile devices) tend to be worth the cost and overhead for the added security and peace of mind.
    What does this have to do with SSDs?
    The relative overhead added by encryption is a lot higher for SSDs compared to HDDs (as HDDs tend to be so slow that a few additional CPU cycles do not count anyway).

  5. #5
    Join Date
    Sep 2012
    Posts
    289

    Default

    The benchmarks in this article were done from an AMD FX-8350 "Vishera" (Bulldozer 2) CPU that does support AES-NI and the disk drive used was a 60GB OCZ Vertex 2 solid-state drive.
    Regardless of the performance impact, I continue to recommend (and personally use) full-disk encryption for all production mobile systems to mitigate security risk.
    I wouldn't say FX-8350 is exactly mobile, considering it is a power hungry beast with a TDP of 125W

  6. #6
    Join Date
    Jul 2009
    Posts
    91

    Default

    Quote Originally Posted by kobblestown View Post
    I wonder where the performance penalty comes from. Especially with full disk encryption. A modern processor with AES-NI can encrypt/decrypt several gigabytes per second! Way more than the 100-200MB/s seen in the tests. But even without AES-NI it should handle such throughput without a hitch. Can anyone enlighten us?
    OCZ Vertex 2 is a SandForce SSD, SandForce Chips are slower when data can't be compressed.

    So part of the performance hit is the SSD Controller, not the CPU
    Last edited by ObiWan; 05-20-2013 at 06:33 AM.

  7. #7
    Join Date
    Jan 2009
    Location
    Vienna, Austria; Germany; hello world :)
    Posts
    637

    Default

    is the support for AES-NI hardware acceleration compiled into the kernel ?

  8. #8
    Join Date
    Mar 2010
    Location
    Cambridge, UK
    Posts
    70

    Default

    encrypting in the OS onto an SSD is bad practise. if you need disk encryption determine how to use the embedded crypto in an SSD - most have them, it's actually a useful feature so as to achieve the randomisation of data to avoid writing long contiguous 1's or 0's to flash.

    if your SSD doesn't allow you to easily control encryption, you bought the wrong one!

  9. #9
    Join Date
    Feb 2008
    Location
    Linuxland
    Posts
    5,103

    Default

    @speculatrix

    Sure, this would kill the SSD faster, but at least you can trust it. How can you trust the chip inside does the right thing?

  10. #10
    Join Date
    Nov 2012
    Location
    France
    Posts
    573

    Default

    Quote Originally Posted by curaga View Post
    @speculatrix

    Sure, this would kill the SSD faster, but at least you can trust it. How can you trust the chip inside does the right thing?
    Who cares?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •