| 1 |
On Thu, 2008-02-28 at 16:34 +0100, Peter Meier wrote: |
| 2 |
> Hi |
| 3 |
> |
| 4 |
> > I just did some benchmarking on different ciphers for cryptsetup-luks |
| 5 |
> |
| 6 |
> will you share them somewhere? |
| 7 |
> |
| 8 |
> for the other questions I can say the same as Daniel. |
| 9 |
> |
| 10 |
> greets Pete |
| 11 |
|
| 12 |
I didn't test that much. I found many ciphers do not work with |
| 13 |
cryptsetup-luks. I think it's because of limitations on the blocksize. I |
| 14 |
also found that cryptsetup refuses to create partitions with >=512bit |
| 15 |
keys and I can't open ones with a keysize above 320bit (still have to |
| 16 |
check bug reports). |
| 17 |
|
| 18 |
As I already wrote, I was only interested in whether they are faster |
| 19 |
than my HDD (38MB/s) and I've only checked 64,128,256 and the maximum |
| 20 |
supported keysize. |
| 21 |
|
| 22 |
So here are the results: |
| 23 |
|
| 24 |
Blowfish: 64,128 and 256bit. Speed at 320bit: 31MB/s |
| 25 |
Twofish: 128,256bit |
| 26 |
AES (Rijndael): 128,256bit |
| 27 |
Serpent: none (26MB/s with 64bit keys) |
| 28 |
Anubis: 128,256,320bit |
| 29 |
Camellia: 128bit (I don't remember it's exact speed at 256bit but it |
| 30 |
lost dramatically) |
| 31 |
Cast6: none (Somewhere between 20 and 30MB/s) |
| 32 |
|
| 33 |
My system: |
| 34 |
|
| 35 |
Intel Celeron M 530 @ 1.73GHz |
| 36 |
Cache: 1024KB |
| 37 |
Flags: SSSE3 |
| 38 |
RAM: DDR2-533 |
| 39 |
HDD: 2,5" 5400rpm |
| 40 |
Kernel: 2.6.24-tuxonice-r2 64bit, preemtible |
| 41 |
|
| 42 |
UPDATE: Just as I wrote this, I did some new tests on my new kernel |
| 43 |
which is not completely preemtible and I also used a nice setting of -20 |
| 44 |
on dd. Apparently, now my system is fast enough for Blowfish with |
| 45 |
320bit. Therefore I did some new tests. |
| 46 |
|
| 47 |
This time I've watched CPU-utilization because Blowfish, AES, Twofish |
| 48 |
and Anubis all accomplished 38MB/s. Only Serpent still fails with |
| 49 |
26MB/s. |
| 50 |
|
| 51 |
Here are the results for *-xts-plain:sha256 --key-size 256 |
| 52 |
|
| 53 |
with * = |
| 54 |
AES:40-60% |
| 55 |
Twofish:60% |
| 56 |
Anubis: 65% |
| 57 |
Blowfish: 90% |
| 58 |
|
| 59 |
Some other tests: There seems to be no speed difference between |
| 60 |
cbc-essiv, lrw-benbi and xts-essiv/plain/benbi. |
| 61 |
|
| 62 |
The hash-function seems to have no influence, either. I've tested |
| 63 |
Whirlpool (wp512), SHA256, SHA-1 and Tiger (tgr128). |
| 64 |
|
| 65 |
Please take my results with a big dose of salt. I only did them for |
| 66 |
myself, everything quick and dirty. I did not switch to single-user mode |
| 67 |
although I repeated tests if I thought that there was some background |
| 68 |
activity. I did not repeat tests to average the results or something |
| 69 |
like that. |
| 70 |
|
| 71 |
In the end, I think I'll choose three ciphers: |
| 72 |
|
| 73 |
Since Serpent is still considered the safest of them all I'll use it for |
| 74 |
very important data which is easily stolen, for example my external HDD, |
| 75 |
maybe my /home-partition as well. |
| 76 |
|
| 77 |
Where speed is critical and other processes should not be interrupted, |
| 78 |
I'll use AES and possibly go down to 128bit, for example on /var. |
| 79 |
|
| 80 |
Where both security and speed are important, for example when making |
| 81 |
backups, I'll use Anubis with 320bit. I found some documentation from |
| 82 |
NESSIE on Anubis and it sound promising, especially because additional |
| 83 |
keysize adds more rounds to the encryption and thus making serious |
| 84 |
brakes harder to accomplish. |
| 85 |
|
| 86 |
Talking about hashs, I'll stick with Whirlpool because it made it |
| 87 |
through the NESSIE-evaluation. |
| 88 |
|
| 89 |
One last question for everyone who has read this rather long mail (thank |
| 90 |
you, btw): What exactly is benbi in aes-lrw-benbi:sha256 and what should |
| 91 |
I choose for XTS? The kernel description states plain but essiv and |
| 92 |
benbi work as well. |
Archives