[Haifux] Whole disk encryption, because it costs nothing?
Eli Billauer
eli at billauer.co.il
Mon Jan 11 20:00:29 MSK 2010
Hello,
I suppose that by now some of you have realized that I'm working on
setting up my new computer. ;)
The new question is whether I should encrypt the whole hard disk,
including the swap partition (minus, possibly, a read-only mounted
/boot). Just so I don't need to worry in case my computer gets stolen
for worth in metal one day.
Mind you, I have a quadcore (the kernel counts 8 CPUs), and I plan on
hardware RAID-5 (Intel P55) with three 1 TB hard disks, not yet
implemented (when I upgrade, I upgrade). RAM sums up to 4 GB.
So I ran a small test. /secret is an encrypted partition. My home
directory is not. While the encrypted write ran, I had more or less one
CPU at 100% and seven others doing nothing. The results below are
consistent and repeatable on my computer. Reads to /dev/null take
grossly the same time as write.
[eli at short ~]$ time dd if=/dev/zero of=/secret/zeros.delme bs=1M count=16k
16384+0 records in
16384+0 records out
17179869184 bytes (17 GB) copied, 158.784 s, 108 MB/s
real 2m38.822s
user 0m0.015s
sys 0m13.655s
[eli at short ~]$ time dd if=/dev/zero of=zeros.delme bs=1M count=16k
16384+0 records in
16384+0 records out
17179869184 bytes (17 GB) copied, 228.711 s, 75.1 MB/s
real 3m49.069s
user 0m0.010s
sys 0m25.029s
Aha! Encryption actually speeds up the write! Well, not really, I
suppose. Maybe it has to do with /secret being untouched until now, and
the cleartext disk being somewhat fragmented by now.
But this little test makes me wonder if I pay anything at all for this
(expect for a piece of unused CPU power). If there is any reason in the
world not to encrypt the whole chunk.
Inputs are welcome.
Eli
--
Web: http://www.billauer.co.il
More information about the Haifux
mailing list