From owner-freebsd-geom@FreeBSD.ORG Wed May 27 09:33:50 2009 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD63A106564A for ; Wed, 27 May 2009 09:33:49 +0000 (UTC) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 47A5F8FC18 for ; Wed, 27 May 2009 09:33:48 +0000 (UTC) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1M9FW5-00062j-Cd for freebsd-geom@freebsd.org; Wed, 27 May 2009 09:33:45 +0000 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 27 May 2009 09:33:45 +0000 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 27 May 2009 09:33:45 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-geom@freebsd.org From: Ivan Voras Date: Wed, 27 May 2009 11:33:36 +0200 Lines: 61 Message-ID: References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig9F38BA1E16E44323EC6EBA69" X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Thunderbird 2.0.0.21 (X11/20090409) In-Reply-To: X-Enigmail-Version: 0.95.7 Sender: news Subject: Re: GELI encryption - CPU requirements? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 09:33:50 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9F38BA1E16E44323EC6EBA69 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Dan Naumov wrote: > Hello (World). >=20 > I am in the process of building a new system for a home NAS/webserver > use and the hardware is basically this: >=20 > Intel Atom 330 (1,6 Ghz, dualcore), a motherboard based on Intel > D945GCLF2, 2 GB RAM. > Silicon Image SIL3124 4xSATA RAID card (intended to be used in JBOD mod= e) > 1 x 1.5 TB Western Digital Caviar Green (will get more as the need aris= es) >=20 > A pic of the system, for the curious: > http://tranquilpc.files.wordpress.com/2009/03/bbs2-pure-and-simple-stor= age.jpg?w=3D500&h=3D360 >=20 > I have been looking into encrypting most of the system with GELI using > the default 256bit AES, how big of a performance hit should I expect > on this CPU?=20 If you have an Atom machine you can simply check - issue an "openssl speed aes" command and check the results. For comparison, Xeon 5405 (2 GHz) gives: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 89558.04k 101934.80k 104123.42k 102857.83k 103801.84k aes-192 cbc 84368.49k 89821.97k 91069.49k 90385.70k 91112.45k aes-256 cbc 75515.15k 80486.21k 81367.19k 80650.02k 81554.34k I.e. with AES-256 and blocks of data of 1024 bytes, I get 80 MB/s. Except if you're really paranoid, you might want to relax your security requirements and use aes-128 without essentially reducing your practical security. --------------enig9F38BA1E16E44323EC6EBA69 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkodCPcACgkQldnAQVacBcjEOACeP5RkioDhMRmy3V4iOwdvtC0d /zgAn1UkEhpLw4Oj8SENFDg3B3KhP2f2 =inDT -----END PGP SIGNATURE----- --------------enig9F38BA1E16E44323EC6EBA69--