ubsec(4) and geli(4) Benchmarks (WAS: Re: freebsd encrypted hard disk? (fwd))

2009-04-01 Thread Brian A. Seklecki
message -- Date: Thu, 15 Jan 2009 18:33:30 +0100 (CET) From: Wojciech Puchar woj...@wojtek.tensor.gdynia.pl To: Roland Smith rsm...@xs4all.nl Cc: RW rwmailli...@googlemail.com, freebsd-questions@freebsd.org Subject: Re: freebsd encrypted hard disk? It turns out that on a multi-core machine

Re: freebsd encrypted hard disk?

2009-01-15 Thread Wojciech Puchar
It turns out that on a multi-core machine a geli thread is started on each core for each disk (4 cores, two disks): and it is actually used when many transfers are done in parallel. my core2duo saturates (both cores 100% load) at about 100MB/s disk I/O

Re: freebsd encrypted hard disk?

2009-01-14 Thread Steve Bertrand
Johann Hasselbach wrote: I read the encrypting disk partitions section of the Handbook. What is the preferred method nowdays, geli or gbde? Is there another method that would be better? I don't know what is best, but for quite some time I've used GELI to encrypt my entire hard disk,

Re: freebsd encrypted hard disk?

2009-01-14 Thread Roland Smith
On Wed, Jan 14, 2009 at 12:23:09PM -0500, Johann Hasselbach wrote: I read the encrypting disk partitions section of the Handbook. What is the preferred method nowdays, geli or gbde? Geli seems to be the preferred method these days. It is also what I use to encrypt my /home. It works without

Re: freebsd encrypted hard disk?

2009-01-14 Thread RW
On Wed, 14 Jan 2009 12:23:09 -0500 Johann Hasselbach jhas...@gmail.com wrote: I read the encrypting disk partitions section of the Handbook. What is the preferred method nowdays, geli or gbde? Geli. Geli is more secure when used with real-world passphrases, supports hardware acceleration,

Re: freebsd encrypted hard disk?

2009-01-14 Thread RW
On Wed, 14 Jan 2009 18:59:54 +0100 Roland Smith rsm...@xs4all.nl wrote: Geli is convenient and seems to work well. On modern machines the performance penalty is slight. It supports well-regarded encryption algorithms like AES and Blowfish. It depends on what you mean by modern, and slight,

Re: freebsd encrypted hard disk?

2009-01-14 Thread Roland Smith
On Wed, Jan 14, 2009 at 10:55:38PM +, RW wrote: On Wed, 14 Jan 2009 18:59:54 +0100 Roland Smith rsm...@xs4all.nl wrote: Geli is convenient and seems to work well. On modern machines the performance penalty is slight. It supports well-regarded encryption algorithms like AES and

Re: freebsd encrypted hard disk?

2009-01-14 Thread RW
On Thu, 15 Jan 2009 00:20:54 +0100 Roland Smith rsm...@xs4all.nl wrote: On Wed, Jan 14, 2009 at 10:55:38PM +, RW wrote: Not just in reduced transfer rates, but also in terms of CPU cycles used - a sustained geli to geli file copy makes things really slow for me. That's probably