I'm running on a 30 TB server with about 1.4 million files. I think that at last audit, the single largest file is 45 GB (as an example).
And I'm prepping to run AES-256-CBC. The host system has a SATA 6 Gbps, 10 drive, RAID5 array; so I'm pretty sure that I can peg (or at least supply) the full 6 Gbps bandwidth for encryption. I'm currently using OpenSSL 0.9.8, and evaluations to upgrade to the latest openssl package is also being considered at this time (as well as possible a change to the host system OS to Linux (e.g. Ubuntu 12.04) or Solaris 11) or that I am just going to stream the data over 10 GbE connection (by mounting over SMB/NFS and running the encryption using the client processor, but the data is just being passed through during the encryption process - no data is stored on the client system post-encryption). The openssl wasn't recompiled from source; but whatever's built/included with the OS. On Wed, Mar 13, 2013 at 3:51 PM, Erwann Abalea <erwann.aba...@keynectis.com> wrote: > > Le 13/03/2013 20:06, Ewen Chan a écrit : > >> I'm asking about the '-engine aesni' flag because when I google >> "openssl aes-ni" - that's what comes up. >> >> I've never used it before, but I'm about to as I've recently aquired a >> system that supports AES-NI. >> >> I'm also asking because I'm about to encrypt a whole bunch of files >> and some of them are quite large, so I want to have an idea if the >> encryption job is going to be something that's going to be done in a >> few minutes, a few hours, or a few days? > > > Define "quite large". > By disabling AES-NI detection on my laptop, I can encrypt files at about > 225MB/s (1 GB in 4.5 seconds, AES-128-CBC). That's much faster than what my > SATA harddrive can do. > Disabling SSE* and MMX instructions allow the same machine to encrypt data > at about 82MB/s (1 GB in 13 seconds). Again, more than enough to saturate my > hard drive. > > >> I was under the impression (based on the documentation and what I've >> been able to find online on google) that you had to invoke the AES-NI >> by using the '-engine' flag; but I guess from what you're saying, that >> that's not true. > > > That's useless for "openssl enc". > That may be useful for "openssl speed" (as "-evp" may also be useful), but > it's a different goal. > > And it can also depend on your hardware, your OpenSSL version, and > compilation flags. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
