* [dm-crypt] Need some advices on LUKS2 cryptsetup (performance issue with integrity)
@ 2020-06-29 13:09 laurent cop
0 siblings, 0 replies; only message in thread
From: laurent cop @ 2020-06-29 13:09 UTC (permalink / raw)
To: dm-crypt, dm-devel
[-- Attachment #1: Type: text/plain, Size: 1177 bytes --]
Hello,
I would need some advice on LUKS2 cryptsetup (confidentiality + integrity).
My context was :
*encryption (cryptsetu*p aes_xts_plain64) on xfs formatted Raid5 (4+1 for
parity) soft raid (mdadm) on SSD nvme disks
I would like to include crypsetup integrity feature with
--cipher aes-gcm-random --integrity aead
on the same stack ( on xfs formatted Raid5 (4+1 for parity) soft raid
(mdadm) on SSD nvme disks)
Few tests with fio (I am testing *sequential write performances*)
--ioengine=libaio --bs=4K --size=30G --end_fsync=1 --numjobs=4
Provide me* a ratio of 3 between the two use cases.*
A study *"Practical Cryptographic Data Integrity Protection with Full Disk
Encryption Extended Version" from 1 Jul 2018*
seems to show this kind of ratio and illustrates the difference between
(JOURNAL and NO JOURNAL). In the case of NO JOURNAL, integrity seems to
have very low effects on performances.
1)How can I improve my performances with --cipher aes-gcm-random
--integrity aead ? (this ratio of 3 with aes_xts_plain64 is huge)
2) What are the impacts of NO JOURNAL, I understand the goal of
journalisation in fs in case of a crash. Is it the same goal?
Thank you.
[-- Attachment #2: Type: text/html, Size: 1569 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-06-29 13:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-29 13:09 [dm-crypt] Need some advices on LUKS2 cryptsetup (performance issue with integrity) laurent cop
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).