[Haifux] Whole disk encryption, because it costs nothing?

Etzion Bar-Noy ezaton at tournament.org.il
Tue Jan 12 08:27:06 MSK 2010


Sequential IO is very simple, relatively, so that you will hardly feel the
performance impact testing it.
Test random IO loads with small packets (0.5K-4K) and you will probably feel
the performance impact there.

Ez

On Mon, Jan 11, 2010 at 7:00 PM, Eli Billauer <eli at billauer.co.il> wrote:

> Hello,
>
>
> I suppose that by now some of you have realized that I'm working on
> setting up my new computer. ;)
>
>
> The new question is whether I should encrypt the whole hard disk,
> including the swap partition (minus, possibly, a read-only mounted
> /boot). Just so I don't need to worry in case my computer gets stolen
> for worth in metal one day.
>
>
> Mind you, I have a quadcore (the kernel counts 8 CPUs), and I plan on
> hardware RAID-5 (Intel P55) with three 1 TB hard disks, not yet
> implemented (when I upgrade, I upgrade). RAM sums up to 4 GB.
>
>
> So I ran a small test. /secret is an encrypted partition. My home
> directory is not. While the encrypted write ran, I had more or less one
> CPU at 100% and seven others doing nothing. The results below are
> consistent and repeatable on my computer. Reads to /dev/null take
> grossly the same time as write.
>
>
> [eli at short ~]$ time dd if=/dev/zero of=/secret/zeros.delme bs=1M count=16k
> 16384+0 records in
> 16384+0 records out
> 17179869184 bytes (17 GB) copied, 158.784 s, 108 MB/s
>
> real    2m38.822s
> user    0m0.015s
> sys    0m13.655s
> [eli at short ~]$ time dd if=/dev/zero of=zeros.delme bs=1M count=16k
> 16384+0 records in
> 16384+0 records out
> 17179869184 bytes (17 GB) copied, 228.711 s, 75.1 MB/s
>
> real    3m49.069s
> user    0m0.010s
> sys    0m25.029s
>
>
> Aha! Encryption actually speeds up the write! Well, not really, I
> suppose. Maybe it has to do with /secret being untouched until now, and
> the cleartext disk being somewhat fragmented by now.
>
>
> But this little test makes me wonder if I pay anything at all for this
> (expect for a piece of unused CPU power). If there is any reason in the
> world not to encrypt the whole chunk.
>
>
> Inputs are welcome.
>
>   Eli
>
> --
> Web: http://www.billauer.co.il
>
> _______________________________________________
> Haifux mailing list
> Haifux at haifux.org
> http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://haifux.org/pipermail/haifux/attachments/20100112/c7a222fc/attachment.html 


More information about the Haifux mailing list