George Koss <george_koss <at> hotmail.com> writes: > [...] > I think you have put your finger on the main problem, and I'm wondering if > higher performance can be achieved by adding the encryption functionality > into the top interface of the raid device, so that it can perform > encrypt/decrypt on chunksize blocks, rather than 4k pages. You are right. Now push this idea a little bit further and you will end up with the conclusion that in order to achieve the highest performance possible, encryption has to be integrated not only with the RAID layer, but also with the filesystem. As a side note, this is precisely the direction where ZFS is headed: features such as RAID and volume management are already integrated into this filesystem (crypto is on its way, see zfs-crypto). Such a fs can take advantage of the knowledge of the RAID layout, for example it always performs full-strip writes in the case of RAID 5 (Sun calls it RAID-Z), etc. AFAIK there are 1 or 2 efforts to port ZFS to Linux. Oh, thanks for the benchmark numbers you posted BTW. I find them interesting. -marc - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
