Ubuntu – How will 12.10 disk encryption affect performance

12.10encryptionperformance

As the title suggests. Massive performance degradation?

And what technology does it use?

Best Answer

Depends on your hardware of course. Most important performance enhancement is using a CPU with AES-NI capabilities, provided by most of the recent Core i5/i7 processors and a kernel supporting it (most recent versions do). It's similar to video acceleration, but then for AES calculations.

Do a grep aes /proc/cpuinfo to see if your CPU is capable. If so, it will then be able to en/decrypt hundreds of megabytes a second without too much load; more than enough for most systems or a root filesystem. Provided your encryption software uses this (kernel interface). Using dm-crypt (Luks) does this for sure. This Arch Wiki article claims you should be able to do roughly 570 MB/s on a first-generation i7 CPU.

I haven't done real benchmarking, but I find almost no slowdown in doing a read-only benchmark using 'palimpsest' (Gnome Disk Utility) on my Intel 310 series 80GB SSD using dm-crypt (full disk) encryption enabled. A steady ~ 250 MB/s sequential reading all the way on an LVM LV (on top of dm-crypt).

See this Phoronix article for serious benchmarks of AES-NI and dm-crypt. An excerpt from that article:

While the Ubuntu home directory encryption feature with eCryptfs may not be beneficial at this point with Intel AES-NI, full-disk encryption with Intel AES-NI using dmcrypt is noticeably better. Several of the benchmarks produced dramatically better results with AES-NI while at the same time delivering lower CPU usage. AES-NI appears to be a huge win if planning to encrypt your entire disk using this feature found in Ubuntu's alternate installer.

This is a bit outdated now, and eCryptfs might not be suffering these slowdowns anymore.

Related Question