On Thu, 2008-02-28 at 16:34 +0100, Peter Meier wrote:
> > I just did some benchmarking on different ciphers for cryptsetup-luks
> will you share them somewhere?
> for the other questions I can say the same as Daniel.
> greets Pete
I didn't test that much. I found many ciphers do not work with
cryptsetup-luks. I think it's because of limitations on the blocksize. I
also found that cryptsetup refuses to create partitions with >=512bit
keys and I can't open ones with a keysize above 320bit (still have to
check bug reports).
As I already wrote, I was only interested in whether they are faster
than my HDD (38MB/s) and I've only checked 64,128,256 and the maximum
So here are the results:
Blowfish: 64,128 and 256bit. Speed at 320bit: 31MB/s
AES (Rijndael): 128,256bit
Serpent: none (26MB/s with 64bit keys)
Camellia: 128bit (I don't remember it's exact speed at 256bit but it
Cast6: none (Somewhere between 20 and 30MB/s)
Intel Celeron M 530 @ 1.73GHz
HDD: 2,5" 5400rpm
Kernel: 2.6.24-tuxonice-r2 64bit, preemtible
UPDATE: Just as I wrote this, I did some new tests on my new kernel
which is not completely preemtible and I also used a nice setting of -20
on dd. Apparently, now my system is fast enough for Blowfish with
320bit. Therefore I did some new tests.
This time I've watched CPU-utilization because Blowfish, AES, Twofish
and Anubis all accomplished 38MB/s. Only Serpent still fails with
Here are the results for *-xts-plain:sha256 --key-size 256
with * =
Some other tests: There seems to be no speed difference between
cbc-essiv, lrw-benbi and xts-essiv/plain/benbi.
The hash-function seems to have no influence, either. I've tested
Whirlpool (wp512), SHA256, SHA-1 and Tiger (tgr128).
Please take my results with a big dose of salt. I only did them for
myself, everything quick and dirty. I did not switch to single-user mode
although I repeated tests if I thought that there was some background
activity. I did not repeat tests to average the results or something
In the end, I think I'll choose three ciphers:
Since Serpent is still considered the safest of them all I'll use it for
very important data which is easily stolen, for example my external HDD,
maybe my /home-partition as well.
Where speed is critical and other processes should not be interrupted,
I'll use AES and possibly go down to 128bit, for example on /var.
Where both security and speed are important, for example when making
backups, I'll use Anubis with 320bit. I found some documentation from
NESSIE on Anubis and it sound promising, especially because additional
keysize adds more rounds to the encryption and thus making serious
brakes harder to accomplish.
Talking about hashs, I'll stick with Whirlpool because it made it
through the NESSIE-evaluation.
One last question for everyone who has read this rather long mail (thank
you, btw): What exactly is benbi in aes-lrw-benbi:sha256 and what should
I choose for XTS? The kernel description states plain but essiv and
benbi work as well.