On Wed, Jul 27, 2011 at 07:18:24PM -0400, Jorge F?bregas wrote: > Hello everyone, > > Inspired by this old blog post: > > http://movingparts.net/2007/10/26/truecrypt-versus-luks-speed-test/ > > ...I decided to perform some tests on my Fedora 14 box. This is not a > pro benchmark so be warned :) > > Common Facts for both tests: > > - source & destination filesystems were ext4 > - destination is an external USB drive > - source data size is 143GB (a folder with lots of files & directories, > small & large files, regular data...) > - rsync was used to perform the actual copy > - I'm using an "encrypted partition " (against an encrypted file) > - I did a test first with TrueCrypt and then with LUKS > - Between the above tests, I shut down the machine (to flush filesystem > cache). > - my system kernel: 2.6.35.13-92.fc14.i686 > > ### TrueCrypt Results #### > I used AES-256 (XTS operation mode), hash algorithm: ripemd-160 and the > package was realcrypt-7.0a-1.fc14.i686 > > Output of time command after rsync finished: > > real 105m22.211s > user 28m10.471s > sys 41m35.319s > > > ### DM-Crypt LUKS Results ### > I used the defaults: AES-256 (CBC), sha1 for header hashing and the > package cryptsetup-luks-1.1.3-1.fc14.i686 > > Output of time command after rsync finished: > > real 108m55.291s > user 28m6.534s > sys 42m53.400s > > > As you can see, there's almost a 4 minute difference. I was expecting > LUKS to be faster (as dm-crypt is a kernel module) and TrueCrypt runs > mainly in user space isn't it? Do you think the cipher operation modes > (XTS vs CBC) played a role in this difference? Have any of you performed > a similar test? There is an old gemran egineering saying: "wer mist mist mist" (along the lines of "Those who measure measure crap") I think it applies here. Real-time is tricky. It does not reflect effort invested. If you look at the sys itime, you see that the crypto-effort is only about 90 seconds more. Even that is pretty much below the measurement error. Very likely the differences are due to storage differences and do not show crypto-speed differences. I suggest you run both tests at least 3 times and make sure your storage is significantly faster than the crypto, e.g. by doing this between RAM disks or SSD storage. Also a complex disk access patterhn like rsync is not suitable as it may have complex interactions with caching and buffering. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
