On Monday 09 July 2007 22:23, Anders Breindahl <[EMAIL PROTECTED]> wrote: > > Where "reasonably fast" means faster than a 3GHz P4. A 3GHz P4 system I > > was working on recently appeared to be limited to 4MB/s, if it wasn't for > > the fact that the machine is about to be decommissioned then I would > > probably investigate this further as the performance is lower than > > expected. > > Funny. I get 4 MB/s of AES256 on an 850MHz P3. And >11MB/s on a 3500+ > AMD Sempron. And well above that when using VIA Padlock on another > system. Are you certain that you're not bottlenecked by some other > problem?
Not certain, and the machine was being used for some processes other than the disk copy. I may do some further tests after completely decommissioning it. > > > However, if you should choose to encrypt only, say /home, you'd need to > > > make sure that data won't ``sieve'' onto the unencrypted parts of the > > > system, such as /tmp or swap space. > > > > True. But the advantage to encrypting only some partitions is that you > > can get better performance for non-secret data. > > If you're stuck with 4MB/s as transfer speed, you could consider > security trade-offs for performance. But in a faster scenario, I > wouldn't opt for it. I don't think that it's a security trade-off to have a file-system for ISOs of Linux distributions that is unencrypted (as an example of one of my machines) - unless the threat model includes an attacker sneaking in, modifying things, and then leaving without detection - a much harder problem to solve. -- [EMAIL PROTECTED] http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
