Simple BDE disc encryption benchmark

Poul-Henning Kamp phk at
Mon Aug 9 02:55:50 PDT 2004

In message <411746EB.5030006 at>, Maxim Sobolev writes:

>> The only time the CPU was completely busy was when copying /bigfiles from
>> encrypted to encrypted.
>> My question is: Why does the it take so much longer when encryption is
>> involved even though 'top' seems to think there are CPU cycles left to burn?
>The problem (well, not quite "the problem" since it is design decision) 
>is that GBDE tries to rearrange sectors in pseudo-random fashion to make 
>cryptoanalysis harder. Usually filesystem tries to place all sectors 
>that belong to the same file consequently, to avoid expensive disk 
>seeks. But on encrypted disk logically ajaced sectors are physically 
>spread, so that reading them introduces seek delays.

Uhm, this is not quite correct.

It is true that I played around with pseudo-random sector mapping a
fair bit, but since it _totally_ killed performance I dropped it

The mapping GBDE performs is sequential with inserted key sectors,
this was the most performance friendly layout I could come up with.


Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the freebsd-current mailing list