On Thu, 2 Nov 2006, Alexander Klimov wrote: > I guess many people here have tried full disk encryption for > themselves, do you notice any difference in performance or not?
I've been using Matt Blaze's CFS (cryptographic file system) to encrypt personal E-mail archives since 1994 or so. CFS is about the slowest cryptographic file system around: it's implemented outside the kernel (via an NFS loopback mount), so there are lots of userland <--> kernel transitions and data copies going on. And it uses 3DES, which is a lot slower than (eg) AES. Despite all that, CFS performance is just fine. Back when I started using CFS, on a 33 MHz SPARC, the performance hit was noticable but tolerable. Now, when multi-GHz laptops abound, the CFS performance hit is really a drop in the bucket for normal interactive use on moderate-sized files. As a test, I just tried time dd if=/dev/arandom bs=65536 count=512 of=32m (to time writing 32 MB of random data to disk) on my laptop (Lenovo/IBM Thinkpad T43P, OpenBSD 3.9-stable). I ran the command three times (with different file names each time) on each of: (a) a CFS directory backed by my laptop's /home file system, (b) my laptop's /home file system (BSD FFS with soft dependencies), and (c) my laptop's /tmp file system (a memory file system) I was careless/lazy, so these trials all started with the system at its "idling" clock rate (600 MHz), and let the system ramp up the clock rate as needed once it noticed the CPU usage. The times (wall-clock seconds from the 'time' command) were pretty consistent for each of the 3 trials: (a) 10.33 10.75 9.69 (b) 2.12 2.08 2.05 (c) 1.84 1.89 1.85 So... even for 32-MB files, CFS only takes about 8 seconds for the encryption. For smaller files the hit is truly negligible -- when I tried this test on 64K files there was no difference in times between (a), (b), and (c) within the timing noise. ciao, -- -- "Jonathan Thornburg -- remove -animal to reply" <[EMAIL PROTECTED]> Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut), Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jthorn/home.html "Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral." -- quote by Freire / poster by Oxfam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]