Basics

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

I'm going to reinstall my ArchLinux and I thought I would try encrypting 
my home folder with dm-crypt.
I read this and ArchWiki several times, but I'm still so confused.
I'd like to keep my system as fast as just possible, sooo here is my 
benchmark results:

PBKDF2-sha1       644088 iterations per second
PBKDF2-sha256     391259 iterations per second
PBKDF2-sha512     321254 iterations per second
PBKDF2-ripemd160  410241 iterations per second
PBKDF2-whirlpool  151703 iterations per second
#  Algorithm | Key |  Encryption |  Decryption
     aes-cbc   128b   124.2 MiB/s   143.3 MiB/s
 serpent-cbc   128b    49.9 MiB/s   194.5 MiB/s
 twofish-cbc   128b   112.4 MiB/s   211.2 MiB/s
     aes-cbc   256b    96.4 MiB/s   107.1 MiB/s
 serpent-cbc   256b    49.9 MiB/s   194.2 MiB/s
 twofish-cbc   256b   112.4 MiB/s   210.9 MiB/s
     aes-xts   256b   141.5 MiB/s   143.3 MiB/s
 serpent-xts   256b   201.1 MiB/s   191.4 MiB/s
 twofish-xts   256b   207.9 MiB/s   209.1 MiB/s
     aes-xts   512b   108.5 MiB/s   106.2 MiB/s
 serpent-xts   512b   200.1 MiB/s   191.5 MiB/s
 twofish-xts   512b   207.8 MiB/s   209.3 MiB/s

So first thing; this is a 1TiB HDD. Do I need plain64? Or is there any 
drawbacks?

Second: Everybody talks about the aes. It seems the twofish is faster 
here. Does this really matters? I mean this is a HDD, I guess it never 
does anything at that pace. (207MiB/s)

Third: Since xts is supposed to be safer I think it's justified.

Fourth: Key size I'm totally lost. Why 512b (even though it's splitted 
to 256) faster than the others? I'm sure something is not right with my theory 
else who would use 256b?! Do encrypted files bigger with 512b or 
what is the point here?

Fifth: Hash: I'm thinking about sha256.

Sixth: iteration time. I misunderstood the benchmark. I thought 
sha256     391259 iterations per second
means 391259 iterations per second. However I set the iteration time to 
391259 and well... it needless to say, it didn't open the encrypted 
partition in a second, more like in 10 minutes. So I have no idea how 
should I interpret this one.

And lastly: --use-random or --use-urandom. I didn't get this one at all.

Thank you for your answer in advance

Mike
-- 
You are so lucky!
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux