1 |
On Thu, 2008-02-28 at 16:34 +0100, Peter Meier wrote: |
2 |
> Hi |
3 |
> |
4 |
> > I just did some benchmarking on different ciphers for cryptsetup-luks |
5 |
> |
6 |
> will you share them somewhere? |
7 |
> |
8 |
> for the other questions I can say the same as Daniel. |
9 |
> |
10 |
> greets Pete |
11 |
|
12 |
I didn't test that much. I found many ciphers do not work with |
13 |
cryptsetup-luks. I think it's because of limitations on the blocksize. I |
14 |
also found that cryptsetup refuses to create partitions with >=512bit |
15 |
keys and I can't open ones with a keysize above 320bit (still have to |
16 |
check bug reports). |
17 |
|
18 |
As I already wrote, I was only interested in whether they are faster |
19 |
than my HDD (38MB/s) and I've only checked 64,128,256 and the maximum |
20 |
supported keysize. |
21 |
|
22 |
So here are the results: |
23 |
|
24 |
Blowfish: 64,128 and 256bit. Speed at 320bit: 31MB/s |
25 |
Twofish: 128,256bit |
26 |
AES (Rijndael): 128,256bit |
27 |
Serpent: none (26MB/s with 64bit keys) |
28 |
Anubis: 128,256,320bit |
29 |
Camellia: 128bit (I don't remember it's exact speed at 256bit but it |
30 |
lost dramatically) |
31 |
Cast6: none (Somewhere between 20 and 30MB/s) |
32 |
|
33 |
My system: |
34 |
|
35 |
Intel Celeron M 530 @ 1.73GHz |
36 |
Cache: 1024KB |
37 |
Flags: SSSE3 |
38 |
RAM: DDR2-533 |
39 |
HDD: 2,5" 5400rpm |
40 |
Kernel: 2.6.24-tuxonice-r2 64bit, preemtible |
41 |
|
42 |
UPDATE: Just as I wrote this, I did some new tests on my new kernel |
43 |
which is not completely preemtible and I also used a nice setting of -20 |
44 |
on dd. Apparently, now my system is fast enough for Blowfish with |
45 |
320bit. Therefore I did some new tests. |
46 |
|
47 |
This time I've watched CPU-utilization because Blowfish, AES, Twofish |
48 |
and Anubis all accomplished 38MB/s. Only Serpent still fails with |
49 |
26MB/s. |
50 |
|
51 |
Here are the results for *-xts-plain:sha256 --key-size 256 |
52 |
|
53 |
with * = |
54 |
AES:40-60% |
55 |
Twofish:60% |
56 |
Anubis: 65% |
57 |
Blowfish: 90% |
58 |
|
59 |
Some other tests: There seems to be no speed difference between |
60 |
cbc-essiv, lrw-benbi and xts-essiv/plain/benbi. |
61 |
|
62 |
The hash-function seems to have no influence, either. I've tested |
63 |
Whirlpool (wp512), SHA256, SHA-1 and Tiger (tgr128). |
64 |
|
65 |
Please take my results with a big dose of salt. I only did them for |
66 |
myself, everything quick and dirty. I did not switch to single-user mode |
67 |
although I repeated tests if I thought that there was some background |
68 |
activity. I did not repeat tests to average the results or something |
69 |
like that. |
70 |
|
71 |
In the end, I think I'll choose three ciphers: |
72 |
|
73 |
Since Serpent is still considered the safest of them all I'll use it for |
74 |
very important data which is easily stolen, for example my external HDD, |
75 |
maybe my /home-partition as well. |
76 |
|
77 |
Where speed is critical and other processes should not be interrupted, |
78 |
I'll use AES and possibly go down to 128bit, for example on /var. |
79 |
|
80 |
Where both security and speed are important, for example when making |
81 |
backups, I'll use Anubis with 320bit. I found some documentation from |
82 |
NESSIE on Anubis and it sound promising, especially because additional |
83 |
keysize adds more rounds to the encryption and thus making serious |
84 |
brakes harder to accomplish. |
85 |
|
86 |
Talking about hashs, I'll stick with Whirlpool because it made it |
87 |
through the NESSIE-evaluation. |
88 |
|
89 |
One last question for everyone who has read this rather long mail (thank |
90 |
you, btw): What exactly is benbi in aes-lrw-benbi:sha256 and what should |
91 |
I choose for XTS? The kernel description states plain but essiv and |
92 |
benbi work as well. |