On Sun, Aug 13, 2017 at 01:16:13PM +0000, Michael Kjörling wrote: > On 13 Aug 2017 08:34 -0400, from angelomariafederichini191269@xxxxxxxxxxxxxx (angelomariafederichini191269): > >> How big is that keyfile? (And what is underlying storage?) > >> Just wonder why it is so slow... > > > > The keyfile size is the maximum allowed by cryptsetup so its 8MB. > > The storage is sometimes a tmpfs, i.e., RAM, and sometimes a SSD. > > It _does_ indeed appear to take excessively long when using a huge key > file. > > $ dd if=/dev/urandom bs=1 count=6000000 | base64 --wrap=0 > keyfile > 6000000+0 records in > 6000000+0 records out > 6000000 bytes (6,0 MB) copied, 14,9171 s, 402 kB/s > $ stat --printf='%s\n' keyfile > 8000000 > $ truncate -s 100M backing > $ sudo -i > # losetup -f --show backing > /dev/loop0 > # time cryptsetup luksFormat -c aes-xts-plain64 --key-size 512 --key-file keyfile --iter-time 1 --batch-mode /dev/loop0 > > real 0m32.832s > user 0m1.756s > sys 0m30.666s > # time cryptsetup luksFormat -c aes-xts-plain64 --key-size 512 --key-file keyfile --iter-time 30000 --batch-mode /dev/loop0 > > real 1m40.155s > user 1m8.384s > sys 0m30.258s > # > > Curiously, I see no significant difference when doing this with > backing storage being rotational HDDs in RAID6 (RAIDZ2, to be precise) > or with SSDs in RAID1 (actually a ZFS two-way mirror). If anything, it > seems to be a tiny bit _faster_ when reading the key file off of > spinning rust. I didn't try off a tmpfs or ramfs. no huge surprise, you are measuring the library, syscall and VFS overhead. Richard -- Name and OpenPGP keys available from pgp key servers _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
