Date: Thu, 11 Sep 2014 23:33:27 +0200 (CEST) From: Wojciech Puchar <wojtek@puchar.net> To: John-Mark Gurney <jmg@funkthat.com> Cc: hackers@freebsd.org Subject: Re: openssl with aes-in or padlock Message-ID: <alpine.BSF.2.00.1409112332160.2140@wojtek.dom> In-Reply-To: <20140911180258.GN82175@funkthat.com> References: <alpine.BSF.2.00.1409111858470.1185@wojtek.dom> <20140911180258.GN82175@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> #openssl speed -evp aes-256-cbc > > First off, you won't get much speed up w/ CBC encrypt... Try testing > using aes-256-ctr instead... CBC can't process multiple blocks in > parallel like CTR can... if you measure the cbc _decrypt_ speed, you > should see a big improvement as CBC decrypt can be parallelized... > >> in the same time dd from geli encrypted ramdisk to /dev/null is 66MB/s > > geli uses a different framework for it's crypto processing.. for geli, > make sure you have the aesni kernel module loaded before you attach > to a geli disk... You should get kernel messages like the following: > GEOM_ELI: Device gpt/werner.eli created. > GEOM_ELI: Encryption: AES-XTS 256 > GEOM_ELI: Crypto: hardware yes i have this. contrary to what you say - both AES-XTC and AES-CBC gets MUCH faster with AES-NI. > notice the Crypto: hardware line.. Also, make sure that your geli > sector size is 4k instead of 512... This reduces the loop overhead, as i already said - geli works fast and make use of AES-NI or padlock openssl does not
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1409112332160.2140>