Recently I tried to copy 200GB to a 1TB external / USB2 / encrypted disk and it took 36 hours. The same copy when the disk was not encrypted took no longer than 1 hour.
I am using dm-crypt (LUKS) with the default cipher and ext4 filesystem. I would like to know what I can do to optimize the performance.
Best Answer
Recent Intel and AMD processors have a cryptographic accelerator called AES-NI. This can provide a visible speedup when encrypting a large volume of data. It's up to you to decide whether a speedup in encryption is worth buying a more recent processor.
The default cipher is somewhat conservative. When creating the encrypted volume, pick AES as the cipher (that's usually the default) and 128 as the key size (instead of 256). Using a 128-bit key can provide a noticeable speedup with no practical reduction in security. In particular, if your passphrase has less than 128 bits of entropy (that's 20 random printable characters, and far more than that if the passphrase is not random), increasing the key size beyond 128 provides no added security. Note that you need to decide on a key size when creating the volume, this isn't something you can change afterwards.
The relative performance of filesystems is the same whether the disk is encrypted or not.