GELI encryption - CPU requirements?
Ivan Voras
ivoras at freebsd.org
Wed May 27 09:33:50 UTC 2009
Dan Naumov wrote:
> Hello (World).
>
> I am in the process of building a new system for a home NAS/webserver
> use and the hardware is basically this:
>
> Intel Atom 330 (1,6 Ghz, dualcore), a motherboard based on Intel
> D945GCLF2, 2 GB RAM.
> Silicon Image SIL3124 4xSATA RAID card (intended to be used in JBOD mode)
> 1 x 1.5 TB Western Digital Caviar Green (will get more as the need arises)
>
> A pic of the system, for the curious:
> http://tranquilpc.files.wordpress.com/2009/03/bbs2-pure-and-simple-storage.jpg?w=500&h=360
>
> I have been looking into encrypting most of the system with GELI using
> the default 256bit AES, how big of a performance hit should I expect
> on this CPU?
If you have an Atom machine you can simply check - issue an "openssl
speed aes" command and check the results. For comparison, Xeon 5405 (2
GHz) gives:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
bytes
aes-128 cbc 89558.04k 101934.80k 104123.42k 102857.83k
103801.84k
aes-192 cbc 84368.49k 89821.97k 91069.49k 90385.70k
91112.45k
aes-256 cbc 75515.15k 80486.21k 81367.19k 80650.02k
81554.34k
I.e. with AES-256 and blocks of data of 1024 bytes, I get 80 MB/s.
Except if you're really paranoid, you might want to relax your security
requirements and use aes-128 without essentially reducing your practical
security.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20090527/a3b7ad9d/signature.pgp
More information about the freebsd-geom
mailing list