From owner-freebsd-geom@FreeBSD.ORG  Wed May 27 20:32:16 2009
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 87CD910657F6;
	Wed, 27 May 2009 20:32:16 +0000 (UTC)
	(envelope-from volker@vwsoft.com)
Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103])
	by mx1.freebsd.org (Postfix) with ESMTP id 13F0A8FC23;
	Wed, 27 May 2009 20:32:14 +0000 (UTC)
	(envelope-from volker@vwsoft.com)
Received: from mail.vtec.ipme.de (Q7cdf.q.ppp-pool.de [89.53.124.223])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by frontmail.ipactive.de (Postfix) with ESMTP id CC39512884A;
	Wed, 27 May 2009 22:13:06 +0200 (CEST)
Received: from [192.168.16.4] (dardanos.sz.vwsoft.com [192.168.16.4])
	by mail.vtec.ipme.de (Postfix) with ESMTP id A16AD33F8F;
	Wed, 27 May 2009 22:12:50 +0200 (CEST)
Message-ID: <4A1D9EC5.3020006@vwsoft.com>
Date: Wed, 27 May 2009 22:12:53 +0200
From: Volker <volker@vwsoft.com>
User-Agent: Thunderbird 2.0.0.21 (X11/20090417)
MIME-Version: 1.0
To: Ivan Voras <ivoras@freebsd.org>
References: <cf9b1ee00905261637h248ae118i60068ab434e115be@mail.gmail.com>
	<gvj1de$jcr$1@ger.gmane.org>
In-Reply-To: <gvj1de$jcr$1@ger.gmane.org>
X-Enigmail-Version: 0.95.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-MailScanner-ID: A16AD33F8F.B925F
X-VWSoft-MailScanner: Found to be clean
X-MailScanner-From: volker@vwsoft.com
MailScanner-NULL-Check: 1244059980.3773@+bcp1xBSP8DOeoUVq1kUFg
X-ipactive-MailScanner-Information: Please contact the ISP for more information
X-ipactive-MailScanner: Found to be clean
X-ipactive-MailScanner-From: volker@vwsoft.com
Cc: RW <rwmaillists@googlemail.com>, freebsd-geom@freebsd.org
Subject: Re: Re: GELI encryption - CPU requirements?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2009 20:32:17 -0000

On 12/23/-58 20:59, Ivan Voras wrote:
> Dan Naumov wrote:
>> Hello (World).
>>
>> I am in the process of building a new system for a home NAS/webserver
>> use and the hardware is basically this:
>>
>> Intel Atom 330 (1,6 Ghz, dualcore), a motherboard based on Intel
>> D945GCLF2, 2 GB RAM.
>> Silicon Image SIL3124 4xSATA RAID card (intended to be used in JBOD mode)
>> 1 x 1.5 TB Western Digital Caviar Green (will get more as the need arises)
>>
>> A pic of the system, for the curious:
>> http://tranquilpc.files.wordpress.com/2009/03/bbs2-pure-and-simple-storage.jpg?w=500&h=360
>>
>> I have been looking into encrypting most of the system with GELI using
>> the default 256bit AES, how big of a performance hit should I expect
>> on this CPU? 
> 
> If you have an Atom machine you can simply check - issue an "openssl
> speed aes" command and check the results. For comparison, Xeon 5405 (2
> GHz) gives:
> 
> type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
> bytes
> aes-128 cbc      89558.04k   101934.80k   104123.42k   102857.83k
> 103801.84k
> aes-192 cbc      84368.49k    89821.97k    91069.49k    90385.70k
> 91112.45k
> aes-256 cbc      75515.15k    80486.21k    81367.19k    80650.02k
> 81554.34k
> 
> I.e. with AES-256 and blocks of data of 1024 bytes, I get 80 MB/s.
> 
> Except if you're really paranoid, you might want to relax your security
> requirements and use aes-128 without essentially reducing your practical
> security.
> 

For reference, here're the values taken on a dual core Atom:

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
bytes
aes-128 cbc      17947.16k    18502.91k    18703.91k    18271.91k
18955.39k

aes-192 cbc      16404.93k    15966.46k    16615.41k    16115.26k
16466.56k

aes-256 cbc      13711.70k    14016.79k    14342.35k    14109.98k
14738.16k


FreeBSD dardanos 7.2-STABLE FreeBSD 7.2-STABLE #10 r192673: Sun May 24
10:22:05 CEST 2009

CPU: Intel(R) Atom(TM) CPU  330   @ 1.60GHz (1618.44-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x106c2  Stepping = 2

Features=0xbfe9fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x40e31d<SSE3,DTES64,MON,DS_CPL,TM2,SSSE3,CX16,xTPR,PDCM,<b22>>
  AMD Features=0x20100000<NX,LM>
  AMD Features2=0x1<LAHF>
  Cores per package: 2
  Logical CPUs per core: 2
real memory  = 2137391104 (2038 MB)
avail memory = 2077528064 (1981 MB)
ACPI APIC Table: <INTEL  D945GLF2>
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP/HT): APIC ID:  1
 cpu2 (AP): APIC ID:  2
 cpu3 (AP/HT): APIC ID:  3
ioapic0: Changing APIC ID to 2
ioapic0 <Version 2.0> irqs 0-23 on motherboard
kbd1 at kbdmux0
cryptosoft0: <software crypto> on motherboard


I would not expect a fast workhorse but these machines are making a nice
desktop system.

Enjoy!

Volker