Generally I use the following line: # cryptsetup -c aes-xts-plain64:sha512 -h sha512 -y -s 512 -i 5000 --use-random luksFormat /dev/sdX But AES should be faster, if your CPU supports AES-IN instruction (most modern CPU's should). Though you are free to choose whatever cipher you prefer (aes, twofish, serpent). On my PC AES (software) is a bit faster than serpent and a bit slower than twofish. AES (hardware is fastest). On 25. 09. 2015 19:33, Mike Nagie wrote: > Hi all, > > I'm going to reinstall my ArchLinux and I thought I would try encrypting > my home folder with dm-crypt. > I read this and ArchWiki several times, but I'm still so confused. > I'd like to keep my system as fast as just possible, sooo here is my > benchmark results: > > PBKDF2-sha1 644088 iterations per second > PBKDF2-sha256 391259 iterations per second > PBKDF2-sha512 321254 iterations per second > PBKDF2-ripemd160 410241 iterations per second > PBKDF2-whirlpool 151703 iterations per second > # Algorithm | Key | Encryption | Decryption > aes-cbc 128b 124.2 MiB/s 143.3 MiB/s > serpent-cbc 128b 49.9 MiB/s 194.5 MiB/s > twofish-cbc 128b 112.4 MiB/s 211.2 MiB/s > aes-cbc 256b 96.4 MiB/s 107.1 MiB/s > serpent-cbc 256b 49.9 MiB/s 194.2 MiB/s > twofish-cbc 256b 112.4 MiB/s 210.9 MiB/s > aes-xts 256b 141.5 MiB/s 143.3 MiB/s > serpent-xts 256b 201.1 MiB/s 191.4 MiB/s > twofish-xts 256b 207.9 MiB/s 209.1 MiB/s > aes-xts 512b 108.5 MiB/s 106.2 MiB/s > serpent-xts 512b 200.1 MiB/s 191.5 MiB/s > twofish-xts 512b 207.8 MiB/s 209.3 MiB/s > > So first thing; this is a 1TiB HDD. Do I need plain64? Or is there any > drawbacks? > > Second: Everybody talks about the aes. It seems the twofish is faster > here. Does this really matters? I mean this is a HDD, I guess it never > does anything at that pace. (207MiB/s) > > Third: Since xts is supposed to be safer I think it's justified. > > Fourth: Key size I'm totally lost. Why 512b (even though it's splitted > to 256) faster than the others? I'm sure something is not right with my theory > else who would use 256b?! Do encrypted files bigger with 512b or > what is the point here? > > Fifth: Hash: I'm thinking about sha256. > > Sixth: iteration time. I misunderstood the benchmark. I thought > sha256 391259 iterations per second > means 391259 iterations per second. However I set the iteration time to > 391259 and well... it needless to say, it didn't open the encrypted > partition in a second, more like in 10 minutes. So I have no idea how > should I interpret this one. > > And lastly: --use-random or --use-urandom. I didn't get this one at all. > > Thank you for your answer in advance > > Mike > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
