I was curious to see if changes were significant on my old Asus laptop:
```
blackbird:~ # cryptsetup benchmark -c xchacha20,aes-adiantum
# Tests approximatifs en utilisant uniquement la mémoire (pas de stockage E/S).
# Algorithme | Clé | Chiffrement | Déchiffrement
xchacha20,aes-adiantum 256b 327,8 MiB/s 345,0 MiB/s
blackbird:~ # cryptsetup benchmark -c aes-xts-plain64
# Tests approximatifs en utilisant uniquement la mémoire (pas de stockage E/S).
# Algorithme | Clé | Chiffrement | Déchiffrement
aes-xts 256b 105,0 MiB/s 103,9 MiB/s
```
Results on a SATA disk (no SSD), and no AES flag in cpuinfo.
Regards,
Casper
py0xc3 a écrit :
> Good everning,
>
> I just experienced that, when setting up a new Fedora, Anaconda (both
> "Custom" and "Advanced Custom (Blivet-GUI)") always uses aes-xts-plain64 for
> disk encryption, even if the hardware does not support AES-NI.
>
> Does it make sense to use xchacha12,aes-adiantum-plain64 by default if there
> is no AES-NI in the hardware?
>
> For a general use case, the security advantages of Adiantum can be
> neglected; both aes-xts & chacha-adiantum are secure.
>
> But there are big performance disadvantages of AES when there is no AES-NI
> (this was the major reason for merging Adiantum into the kernel).
>
> Besides the use of system resources, netbooks and such may have strongly
> decreased battery life times with aes-xts (the issue is primarily aes, not
> xts).
>
> I tested with Fedora 35, KDE spin; but as the issue is Anaconda-centric, I
> expect that other Workstation installations tend to the same behavior.
>
> Adjustments would be limited to Anaconda.
>
> Regards & stay safe,
> Chris
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
--
GnuPG: AE157E0B29F0BEF2 at keys.openpgp.org
CA Cert: https://dl.casperlefantom.net/pub/ssl/root.der
Jabber/XMPP Messaging: casper@xxxxxxxxxxxxxxxxxx
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
