Date: Wed, 14 Jan 2009 22:55:38 +0000 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: freebsd encrypted hard disk? Message-ID: <20090114225538.66e001de@gumby.homeunix.com> In-Reply-To: <20090114175954.GC97086@slackbox.xs4all.nl> References: <ab52c4f40901140923k58245c1au2b4a2c89adde90bc@mail.gmail.com> <20090114175954.GC97086@slackbox.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 14 Jan 2009 18:59:54 +0100 Roland Smith <rsmith@xs4all.nl> wrote: > Geli is > convenient and seems to work well. On modern machines the performance > penalty is slight. It supports well-regarded encryption algorithms > like AES and Blowfish. It depends on what you mean by modern, and slight, on my single-core amd64 2.8G the performance penalty of geli is substantial. Not just in reduced transfer rates, but also in terms of CPU cycles used - a sustained geli to geli file copy makes things really slow for me. I think most people find that filling a disk from /dev/random is slower than from /dev/null, or it at least has an impact on overall performance. And the /dev/random generator stage is AES encryption of a counter so the performance hit against /dev/null should be similar to writing to geli (and in my experience it is). And the faster your disks are, the more cpu speed you need to avoid cpu-limiting.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090114225538.66e001de>