<div dir="ltr">Sequential IO is very simple, relatively, so that you will hardly feel the performance impact testing it.<div>Test random IO loads with small packets (0.5K-4K) and you will probably feel the performance impact there.</div>
<div><br></div><div>Ez<br><br><div class="gmail_quote">On Mon, Jan 11, 2010 at 7:00 PM, Eli Billauer <span dir="ltr"><<a href="mailto:eli@billauer.co.il">eli@billauer.co.il</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hello,<br>
<br>
<br>
I suppose that by now some of you have realized that I'm working on<br>
setting up my new computer. ;)<br>
<br>
<br>
The new question is whether I should encrypt the whole hard disk,<br>
including the swap partition (minus, possibly, a read-only mounted<br>
/boot). Just so I don't need to worry in case my computer gets stolen<br>
for worth in metal one day.<br>
<br>
<br>
Mind you, I have a quadcore (the kernel counts 8 CPUs), and I plan on<br>
hardware RAID-5 (Intel P55) with three 1 TB hard disks, not yet<br>
implemented (when I upgrade, I upgrade). RAM sums up to 4 GB.<br>
<br>
<br>
So I ran a small test. /secret is an encrypted partition. My home<br>
directory is not. While the encrypted write ran, I had more or less one<br>
CPU at 100% and seven others doing nothing. The results below are<br>
consistent and repeatable on my computer. Reads to /dev/null take<br>
grossly the same time as write.<br>
<br>
<br>
[eli@short ~]$ time dd if=/dev/zero of=/secret/zeros.delme bs=1M count=16k<br>
16384+0 records in<br>
16384+0 records out<br>
17179869184 bytes (17 GB) copied, 158.784 s, 108 MB/s<br>
<br>
real 2m38.822s<br>
user 0m0.015s<br>
sys 0m13.655s<br>
[eli@short ~]$ time dd if=/dev/zero of=zeros.delme bs=1M count=16k<br>
16384+0 records in<br>
16384+0 records out<br>
17179869184 bytes (17 GB) copied, 228.711 s, 75.1 MB/s<br>
<br>
real 3m49.069s<br>
user 0m0.010s<br>
sys 0m25.029s<br>
<br>
<br>
Aha! Encryption actually speeds up the write! Well, not really, I<br>
suppose. Maybe it has to do with /secret being untouched until now, and<br>
the cleartext disk being somewhat fragmented by now.<br>
<br>
<br>
But this little test makes me wonder if I pay anything at all for this<br>
(expect for a piece of unused CPU power). If there is any reason in the<br>
world not to encrypt the whole chunk.<br>
<br>
<br>
Inputs are welcome.<br>
<br>
Eli<br>
<font color="#888888"><br>
--<br>
Web: <a href="http://www.billauer.co.il" target="_blank">http://www.billauer.co.il</a><br>
<br>
_______________________________________________<br>
Haifux mailing list<br>
<a href="mailto:Haifux@haifux.org">Haifux@haifux.org</a><br>
<a href="http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux" target="_blank">http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux</a><br>
</font></blockquote></div><br></div></div>