On Fri, Feb 24, 2012 at 02:30:20PM -0800, Tracy Reed wrote: > On Fri, Feb 24, 2012 at 09:05:29PM +0100, Arno Wagner spake thusly: > > Blocks used in dm-crypt are allways 512 Bytes in size, hence no extra reads > > or writes compared to non-encrypted disks should ever be required. > > Ok, so there goes that theory. > > > Please to not. ECB is massively insecure. And it will not result in reading > > less data. Well, you can do it as an experiement, but please do not use it > > when it has to be secure. > > I already did a test with it and as you correctly expected, it made no > difference. We certainly won't be deploying ECB. I am aware of the same > plaintext security issues with it. > > > It should not. But if you notice a difference, it may be interesting to see > > what it is. > > I found no difference. As expected. Still good to know, sometomes these assumptions turn out to be wrong. > > There is also another possible factor that may make a larger or smaller > > difference: If I remember correctly, you said the dump was going to the same > > disk, but from different partitions for encrypted and non-encrypted. This may > > influence speeds. First, head seeks are dependend on seek distance. The > > You remember incorrectly: The dump is being done using mysqldump on a remote > machine. So it is going over the network and writing to totally different > disks. Ah, sorry. > > regions have different data density. My observation is that disk linear > > throughput drops to less than half towards the end of many disks. And third, > > you may have a different fragmentation or data placement situation or > > filesystem parameter on both source disks. > > This is a very good observation and could be part of the problem here. I have > been using different logical volumes on the same disk. I will try using the > same LV mapped with dm-crypt vs no crypto and see if that helps. It would be an easy explanation. Let us know about the results. > Thanks! No problem. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
