Ubuntu – the performance overhead of encrypted /home


I have a netbook with Windows on the second partition and Xubuntu (/ and /home) on the third partition. I selected to encrypt my home folder during installation. The performance of the netbook is adequate for the small machine that it is, but I'm looking to improve performance. I could not find much information about the overhead (CPU or drive) associated with home partition encryption. I ran the following, writing to my home partition as well as the the mounted Windows partition:

dd if=/dev/zero of=~/dummy bs=512 count=10240

dd if=/dev/zero of=/media/Windows/dummy bs=512 count=10240

The first returned 2.4MB/s and the second returned 2.5MB/s. Can I therefore deduce that there is very little overhead to home folder encryption? I'm not sure if the different filesystems will make any difference (/ and /home are ext3).

Update 1

I don't know why I didn't use /tmp instead of the mounted Windows folder. Only /home is encrypted, so /tmp is unencrypted ext3. The results of the dd as above are astounding:

~: 2.4 MB/s

/tmp: 42.6 MB/s

Comments please? The reason I am asking this is that disk access on the netbook is noticeably slow.

Update 2

I timed each of the dd operations with time:


real    0m2.217s  
user    0m0.028s  
sys     0m2.176s


real    0m0.152s  
user    0m0.012s  
sys     0m0.136s

See also: discussion on UbuntuForums.org and bug report (2012/05/11: now seems to be a bug relating to SSD)

Edit: Output of mount:

/dev/sda3 on / type ext3 (rw,noatime,errors=remount-ro,user_xattr,commit=600)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
gvfs-fuse-daemon on /home/USER/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=USER)

Update 2012/05/01: More related links for reference: an (old) Phoronix test, a similar question here, a duplicate question here and a similar SuperUser question. A good summary answer here suggests that performance penalties are only noticeable on small/netbook (Atom) processors and SSDs.

Best Answer

I have been using the encrypted home directory feature for years and I can tell you that while it behaves fine under normal circumstances it will bring your machine to its knees when doing any kind of intense file operations.

I have a quad-core Pentium i7 with 16GB of RAM from System7. By any measure it is a lightening fast laptop with a SATA 7200 RPM drive. Just today when I was unzipping a file with 20,000 small text files in it (take 10 minutes), my system is essentially unusable. Everything that touches the file system has a 1-2 second delay...including the web browser. My experience is exactly that of the OP -- the encrypted home directory is about 15x slower than unencrypted.

I didn't think anything about it because I am so used to it (this is my 4th laptop). On the wild chance that somebody has a tip on how to improve it, I thought I'd search here.

I encrypt my home directory because I HAVE to. If you don't have to...then don't.

Related Question