Can you keep a secret? This encrypted drive can...

Jonathan Thornburg jthorn at aei.mpg.de
Mon Nov 6 09:18:15 EST 2006 

On Thu, 2 Nov 2006, Alexander Klimov wrote:
> I guess many people here have tried full disk encryption for
> themselves, do you notice any difference in performance or not?

I've been using Matt Blaze's CFS (cryptographic file system) to encrypt
personal E-mail archives since 1994 or so.  CFS is about the slowest
cryptographic file system around: it's implemented outside the kernel
(via an NFS loopback mount), so there are lots of userland <--> kernel
transitions and data copies going on.  And it uses 3DES, which is a
lot slower than (eg) AES.

Despite all that, CFS performance is just fine.  Back when I started
using CFS, on a 33 MHz SPARC, the performance hit was noticable but
tolerable.  Now, when multi-GHz laptops abound, the CFS performance
hit is really a drop in the bucket for normal interactive use on
moderate-sized files.

As a test, I just tried
   time dd if=/dev/arandom bs=65536 count=512 of=32m
(to time writing 32 MB of random data to disk) on my laptop
(Lenovo/IBM Thinkpad T43P, OpenBSD 3.9-stable).  I ran the command
three times (with different file names each time) on each of:
(a) a CFS directory backed by my laptop's /home file system,
(b) my laptop's /home file system (BSD FFS with soft dependencies), and
(c) my laptop's /tmp file system (a memory file system)
I was careless/lazy, so these trials all started with the system at
its "idling" clock rate (600 MHz), and let the system ramp up the
clock rate as needed once it noticed the CPU usage.

The times (wall-clock seconds from the 'time' command) were pretty
consistent for each of the 3 trials:
(a) 10.33 10.75  9.69
(b)  2.12  2.08  2.05
(c)  1.84  1.89  1.85

So... even for 32-MB files, CFS only takes about 8 seconds for the
encryption.  For smaller files the hit is truly negligible -- when
I tried this test on 64K files there was no difference in times between
(a), (b), and (c) within the timing noise.

ciao,

-- 
-- "Jonathan Thornburg -- remove -animal to reply" <jthorn at aei.mpg-zebra.de>
   Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
   Golm, Germany, "Old Europe"     http://www.aei.mpg.de/~jthorn/home.html      
   "Washing one's hands of the conflict between the powerful and the
    powerless means to side with the powerful, not to be neutral."
                                      -- quote by Freire / poster by Oxfam



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list