* [dm-crypt] cryptsetup benchmark with I/O?
@ 2014-03-22 5:51 Tom Roche
2014-03-22 7:40 ` Arno Wagner
0 siblings, 1 reply; 2+ messages in thread
From: Tom Roche @ 2014-03-22 5:51 UTC (permalink / raw)
To: dm-crypt
summary: Is there an I/O-inclusive cryptsetup benchmark available for users?
details:
Thanks to PePa's script, which I have fiddled[1], it is now quite easy/fast to install LMDE[2] with LUKS and LVM2. So easy that I'd like to improve (if not optimize) my cryptsetup, if it's not too difficult/time-consuming. On my target hardware (which is a few years old)
$ sudo cryptsetup benchmark
> # Tests are approximate using memory only (no storage IO).
> PBKDF2-sha1 313569 iterations per second
> PBKDF2-sha256 190511 iterations per second
> PBKDF2-sha512 125068 iterations per second
> PBKDF2-ripemd160 254015 iterations per second
> PBKDF2-whirlpool 132663 iterations per second
> # Algorithm | Key | Encryption | Decryption
> aes-cbc 128b 142.2 MiB/s 164.7 MiB/s
> serpent-cbc 128b 54.5 MiB/s 225.8 MiB/s
> twofish-cbc 128b 131.6 MiB/s 180.0 MiB/s
> aes-cbc 256b 113.8 MiB/s 125.5 MiB/s
> serpent-cbc 256b 55.7 MiB/s 224.2 MiB/s
> twofish-cbc 256b 133.2 MiB/s 180.9 MiB/s
> aes-xts 256b 168.0 MiB/s 165.0 MiB/s
> serpent-xts 256b 197.6 MiB/s 201.5 MiB/s
> twofish-xts 256b 168.3 MiB/s 170.0 MiB/s
> aes-xts 512b 126.4 MiB/s 126.4 MiB/s
> serpent-xts 512b 195.5 MiB/s 197.8 MiB/s
> twofish-xts 512b 167.0 MiB/s 167.0 MiB/s
But, as it says in the first line, `cryptsetup benchmark` tests memory but not I/O. So although my current selection (--cipher=serpent-xts-plain64 , --key-size=256) seems to be working OK, I'd like to know, ...
Is there a better benchmark? with I/O? Ideally, I'd like an automated test I could let run for not too long (a few hours, tops) to more realistically check my current selection against "the standard" (which, IIUC, is --cipher=aes-xts-plain64 , --key-size=512). I don't have data on the target hardware, and the script makes it easy/quick to blast the old partitions/volumes and twiddle the crypto, so I could do that for an interation or two before I "setup the box for real."
TIA, Tom Roche <Tom_Roche@pobox.com>
[1]: https://bitbucket.org/tlroche/install_resizable_encrypted_lmde
[2]: http://www.linuxmint.com/download_lmde.php
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [dm-crypt] cryptsetup benchmark with I/O?
2014-03-22 5:51 [dm-crypt] cryptsetup benchmark with I/O? Tom Roche
@ 2014-03-22 7:40 ` Arno Wagner
0 siblings, 0 replies; 2+ messages in thread
From: Arno Wagner @ 2014-03-22 7:40 UTC (permalink / raw)
To: dm-crypt
Complex benchmarks are notoriously difficult and misleading.
With the cryptsetup internal benchmarks, you get realistic
encryption speed benchmarks. For a realistic "filesystem
performance benchmark", there is nothing out there. Filesystems
and raw storage layers are too different and their behaviour is
too complex that you can compare them meaningfully in a "general
setting".
Arno
On Sat, Mar 22, 2014 at 06:51:26 CET, Tom Roche wrote:
>
> summary: Is there an I/O-inclusive cryptsetup benchmark available for users?
>
> details:
>
> Thanks to PePa's script, which I have fiddled[1], it is now quite easy/fast to install LMDE[2] with LUKS and LVM2. So easy that I'd like to improve (if not optimize) my cryptsetup, if it's not too difficult/time-consuming. On my target hardware (which is a few years old)
>
> $ sudo cryptsetup benchmark
> > # Tests are approximate using memory only (no storage IO).
> > PBKDF2-sha1 313569 iterations per second
> > PBKDF2-sha256 190511 iterations per second
> > PBKDF2-sha512 125068 iterations per second
> > PBKDF2-ripemd160 254015 iterations per second
> > PBKDF2-whirlpool 132663 iterations per second
> > # Algorithm | Key | Encryption | Decryption
> > aes-cbc 128b 142.2 MiB/s 164.7 MiB/s
> > serpent-cbc 128b 54.5 MiB/s 225.8 MiB/s
> > twofish-cbc 128b 131.6 MiB/s 180.0 MiB/s
> > aes-cbc 256b 113.8 MiB/s 125.5 MiB/s
> > serpent-cbc 256b 55.7 MiB/s 224.2 MiB/s
> > twofish-cbc 256b 133.2 MiB/s 180.9 MiB/s
> > aes-xts 256b 168.0 MiB/s 165.0 MiB/s
> > serpent-xts 256b 197.6 MiB/s 201.5 MiB/s
> > twofish-xts 256b 168.3 MiB/s 170.0 MiB/s
> > aes-xts 512b 126.4 MiB/s 126.4 MiB/s
> > serpent-xts 512b 195.5 MiB/s 197.8 MiB/s
> > twofish-xts 512b 167.0 MiB/s 167.0 MiB/s
>
> But, as it says in the first line, `cryptsetup benchmark` tests memory but not I/O. So although my current selection (--cipher=serpent-xts-plain64 , --key-size=256) seems to be working OK, I'd like to know, ...
>
> Is there a better benchmark? with I/O? Ideally, I'd like an automated test I could let run for not too long (a few hours, tops) to more realistically check my current selection against "the standard" (which, IIUC, is --cipher=aes-xts-plain64 , --key-size=512). I don't have data on the target hardware, and the script makes it easy/quick to blast the old partitions/volumes and twiddle the crypto, so I could do that for an interation or two before I "setup the box for real."
>
> TIA, Tom Roche <Tom_Roche@pobox.com>
>
> [1]: https://bitbucket.org/tlroche/install_resizable_encrypted_lmde
> [2]: http://www.linuxmint.com/download_lmde.php
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. - Plato
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-03-22 7:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-03-22 5:51 [dm-crypt] cryptsetup benchmark with I/O? Tom Roche
2014-03-22 7:40 ` Arno Wagner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.