GELI encryption - CPU requirements?

Volker volker at vwsoft.com
Wed May 27 20:32:17 UTC 2009 

On 12/23/-58 20:59, Ivan Voras wrote:
> Dan Naumov wrote:
>> Hello (World).
>>
>> I am in the process of building a new system for a home NAS/webserver
>> use and the hardware is basically this:
>>
>> Intel Atom 330 (1,6 Ghz, dualcore), a motherboard based on Intel
>> D945GCLF2, 2 GB RAM.
>> Silicon Image SIL3124 4xSATA RAID card (intended to be used in JBOD mode)
>> 1 x 1.5 TB Western Digital Caviar Green (will get more as the need arises)
>>
>> A pic of the system, for the curious:
>> http://tranquilpc.files.wordpress.com/2009/03/bbs2-pure-and-simple-storage.jpg?w=500&h=360
>>
>> I have been looking into encrypting most of the system with GELI using
>> the default 256bit AES, how big of a performance hit should I expect
>> on this CPU? 
> 
> If you have an Atom machine you can simply check - issue an "openssl
> speed aes" command and check the results. For comparison, Xeon 5405 (2
> GHz) gives:
> 
> type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
> bytes
> aes-128 cbc      89558.04k   101934.80k   104123.42k   102857.83k
> 103801.84k
> aes-192 cbc      84368.49k    89821.97k    91069.49k    90385.70k
> 91112.45k
> aes-256 cbc      75515.15k    80486.21k    81367.19k    80650.02k
> 81554.34k
> 
> I.e. with AES-256 and blocks of data of 1024 bytes, I get 80 MB/s.
> 
> Except if you're really paranoid, you might want to relax your security
> requirements and use aes-128 without essentially reducing your practical
> security.
> 

For reference, here're the values taken on a dual core Atom:

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
bytes
aes-128 cbc      17947.16k    18502.91k    18703.91k    18271.91k
18955.39k

aes-192 cbc      16404.93k    15966.46k    16615.41k    16115.26k
16466.56k

aes-256 cbc      13711.70k    14016.79k    14342.35k    14109.98k
14738.16k


FreeBSD dardanos 7.2-STABLE FreeBSD 7.2-STABLE #10 r192673: Sun May 24
10:22:05 CEST 2009

CPU: Intel(R) Atom(TM) CPU  330   @ 1.60GHz (1618.44-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x106c2  Stepping = 2

Features=0xbfe9fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x40e31d<SSE3,DTES64,MON,DS_CPL,TM2,SSSE3,CX16,xTPR,PDCM,<b22>>
  AMD Features=0x20100000<NX,LM>
  AMD Features2=0x1<LAHF>
  Cores per package: 2
  Logical CPUs per core: 2
real memory  = 2137391104 (2038 MB)
avail memory = 2077528064 (1981 MB)
ACPI APIC Table: <INTEL  D945GLF2>
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP/HT): APIC ID:  1
 cpu2 (AP): APIC ID:  2
 cpu3 (AP/HT): APIC ID:  3
ioapic0: Changing APIC ID to 2
ioapic0 <Version 2.0> irqs 0-23 on motherboard
kbd1 at kbdmux0
cryptosoft0: <software crypto> on motherboard


I would not expect a fast workhorse but these machines are making a nice
desktop system.

Enjoy!

Volker

More information about the freebsd-geom mailing list