Announcement

Collapse
No announcement yet.

The Cost Of Home Directory Encryption & LUKS Full Disk Encryption On Ubuntu 18.04

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Cost Of Home Directory Encryption & LUKS Full Disk Encryption On Ubuntu 18.04

    Phoronix: The Cost Of Home Directory Encryption & LUKS Full Disk Encryption On Ubuntu 18.04

    With many of you likely upgrading to Ubuntu 18.04 LTS upon release and the recommendation to use disk encryption as important as ever on any important system especially laptops/ultrabooks, here are some fresh benchmarks using a development snapshot of Ubuntu 18.04 "Bionic Beaver" and looking at the current performance overhead of using the current "home directory encryption" and "full disk encryption" options available to Ubuntu Linux users.

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Thanks Michael. That's really useful info.

    Comment


    • #3
      /me ponders the status of ext4 encryption.

      Comment


      • #4
        Michael, have thought in doing battery test on web browsing with PTS? That is a common test in Windows focused websites and it would be nice to see that too on Phoronix. Also, I missed a battery test on this encryption benchmark, since it looks like it will have a big impact on battery life.

        Comment


        • #5
          I'm guessing that this is because with whole disk encryption, the FS sits on top of the encryption layer, so there is no penalty transaction wise in delay, but every read/write still has to be encrypted underneath it all, which is that extra cpu requirement (using the AES extensions). Meanwhile, home encryption invokes encryption only when home things are going on, and not when it's not. So that would cause transaction delays, but less cpu overall.

          I'm also guessing the results would be a much more dramatic difference between none and some encryption if using an algorithm different than AES, like serpent, or using a key bigger than 512 bits for AES. There is a reason Truecrypt is Not Safe Anymore.

          Comment


          • #6
            Originally posted by AndyChow View Post
            There is a reason Truecrypt is Not Safe Anymore.
            What reason? I couldn't glean it from your post.

            Obviously TrueCrypt is no longer maintained, but I'm guessing that isn't what you were referring to.

            Comment


            • #7
              Random encrypting swap is also nice: https://wiki.archlinux.org/index.php...wap_encryption

              Comment


              • #8
                I wish that Linux distros would put some work into detecting usable TPM and SED hardware. On almost any modern laptop the hardware can manage secure key storage and full disk encryption on its own. There's zero reason to have the CPU encrypting for you on those machines.

                Comment


                • #9
                  ..and I've been encrypting only the home folder all these years thinking it'll be faster!!
                  Thanks Michael, valuable info.

                  Comment


                  • #10
                    Originally posted by Zan Lynx View Post
                    I wish that Linux distros would put some work into detecting usable TPM and SED hardware. On almost any modern laptop the hardware can manage secure key storage and full disk encryption on its own. There's zero reason to have the CPU encrypting for you on those machines.
                    as you write "mange secure key storage", the TPM is not doing mass, high bandwidth crypto for you, the CPU still has to do that, and has dedicated instructions for this, nowadays.

                    PS: I would not trust SED a bit, ...

                    Comment

                    Working...
                    X