From owner-freebsd-current@FreeBSD.ORG Mon Aug 9 09:55:50 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 70D2D16A4CF for ; Mon, 9 Aug 2004 09:55:50 +0000 (GMT) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id D28B043D45 for ; Mon, 9 Aug 2004 09:55:49 +0000 (GMT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.13.1/8.13.1) with ESMTP id i799tlwU017521; Mon, 9 Aug 2004 11:55:47 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Maxim Sobolev From: "Poul-Henning Kamp" In-Reply-To: Your message of "Mon, 09 Aug 2004 12:42:03 +0300." <411746EB.5030006@portaone.com> Date: Mon, 09 Aug 2004 11:55:47 +0200 Message-ID: <17520.1092045347@critter.freebsd.dk> Sender: phk@critter.freebsd.dk cc: freebsd-current@freebsd.org cc: Daniel Eriksson Subject: Re: Simple BDE disc encryption benchmark X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Aug 2004 09:55:50 -0000 In message <411746EB.5030006@portaone.com>, Maxim Sobolev writes: >> The only time the CPU was completely busy was when copying /bigfiles from >> encrypted to encrypted. >> >> My question is: Why does the it take so much longer when encryption is >> involved even though 'top' seems to think there are CPU cycles left to burn? > >The problem (well, not quite "the problem" since it is design decision) >is that GBDE tries to rearrange sectors in pseudo-random fashion to make >cryptoanalysis harder. Usually filesystem tries to place all sectors >that belong to the same file consequently, to avoid expensive disk >seeks. But on encrypted disk logically ajaced sectors are physically >spread, so that reading them introduces seek delays. Uhm, this is not quite correct. It is true that I played around with pseudo-random sector mapping a fair bit, but since it _totally_ killed performance I dropped it again. The mapping GBDE performs is sequential with inserted key sectors, this was the most performance friendly layout I could come up with. Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.