Well, the reason that it takes more than a few miliseconds is security related as it iterates a number of times depending on machine speed to make brute-forcing difficult. Howver, I do not know what the particular reason fro it to drop is. I can only speculate that increasing keysize does reduce iterations at 1k asd 128k i.e. at some thresholds. Arno On Wed, Jul 22, 2009 at 03:48:49AM +0200, Jonas Meurer wrote: > hey, > > i just did some benchmarking regarding the speed of luksOpen, as i have > the impression that it sometimes takes really long. > > for the benchmark i created eight different key files > (dd if=/dev/urandom of=key_<size> bs=<size> count=1) > with different sizes: 128b 512b 1k 16k 64k 128k 512k 1m > > afterwards i added all these keys to key slots of a luks device. i used > a 4mb lvm logical volume as device. > > after running luksOpen for the device with every key several times i got > the following result: > > run #1: > luksOpen_128b: 0:10.14 > luksOpen_512b: 0:16.08 > luksOpen_1k: 0:05.70 > luksOpen_16k: 0:14.10 > luksOpen_64k: 0:11.73 > luksOpen_128k: 0:02.14 > luksOpen_512k: 0:05.26 > luksOpen_1m: 0:13.41 > > run #2: > luksOpen_128b: 0:09.70 > luksOpen_512b: 0:16.05 > luksOpen_1k: 0:05.67 > luksOpen_16k: 0:14.05 > luksOpen_64k: 0:12.11 > luksOpen_128k: 0:01.79 > luksOpen_512k: 0:05.23 > luksOpen_1m: 0:13.36 > > run #3: > luksOpen_128b: 0:09.62 > luksOpen_512b: 0:16.05 > luksOpen_1k: 0:05.69 > luksOpen_16k: 0:13.22 > luksOpen_64k: 0:12.07 > luksOpen_128k: 0:02.12 > luksOpen_512k: 0:05.30 > luksOpen_1m: 0:12.92 > > > it is obvious that the time luksOpen takes is related to the keysize. > > but for some non-obvious reason it is neither proportional nor inverse > proportional related to size. > instead there seem to be keyfile sizes which cryptsetup is able to > process a lot faster than others. especially 128k seems to be a very > good size for key files. > > can anybody explain that to me? > > greetings, > jonas -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
