[Crypto] Poor performance with AESNI GELI - Page 2

Sebulon · #26 July 29th, 2012, 14:13

@lockdoc

Not that big of a difference, but measureable. The numbers are all there.

/Sebulon

lockdoc · #27 July 29th, 2012, 16:19

Quote:

Originally Posted by Sebulon

@lockdoc
Not that big of a difference, but measureable. The numbers are all there.
/Sebulon

I meant the keyfile. You only have used one.

Quote:

Originally Posted by Sebulon

dd if=/dev/random of=/boot/geli/disks.key bs=64 count=1

Sebulon · #28 July 29th, 2012, 16:43

@lockdoc

Ahh, OK, now I get it. Yes, I only used the same key, with the lenght described in the Handbook. In case it affected performance, the results wouldn't have been comparable.

/Sebulon

lockdoc · #29 August 4th, 2012, 09:56

Anyone know what the security difference between AES-XTS and AES-CBS is?
I mean, as seen from the benchmarks above I would like to migrate to AES-CBC, but only if it is as secure as XTS.

vermaden · #30 August 4th, 2012, 20:19

@lockdoc

Its already described here in this thread:
http://forums.freebsd.org/showpost.p...1&postcount=21

lockdoc · #31 August 5th, 2012, 12:49

Quote:

Originally Posted by vermaden

@lockdoc

Its already described here in this thread:
http://forums.freebsd.org/showpost.p...1&postcount=21

Yes I posted that. But again, if you read this

Quote:

...XTS will be more fast since you can do parallel operations.

And then compare it to the benchmarks the users have done in this forum, it all doesnt make sense, as CBC seems to be faster.

Quote:

...XTS have some strong design on some attacks...

I cannot extract security related information from that. So the question is still open.

vermaden · #32 August 5th, 2012, 20:32

I have read that both CBC and XTS are bing considered secure, its like AES vs blowfish debate, but I am not that into cryptography to tell You exact differences to tell You which one is more secure.

Below are real world benchmark results from some user of these forums, all WITH aesni(4), one without:

Code:

ALGORITHM     BIT  MB/s
NONE           -   146
AES-XTS       128   70
AES-CBC       128  114 (65 without AESNI)
Blowfish-CBC  128   28
Camellia-CBC  128   43
3DES-CBC      192   14
AES-XTS       256   68
AES-CBC       256  106
Blowfish-CBC  256   28
Camellia-CBC  256   37

nterupt · #33 May 28th, 2013, 19:42

Quote:

Originally Posted by mmoll

Hi,
if you use 9.x, have a look at the following patches which were commited to 10.x but not MFCed:
http://www.secnetix.de/olli/FreeBSD/...ex.py?r=226837
http://www.secnetix.de/olli/FreeBSD/...ex.py?r=226840

I am currently using FreeBSD 9.1 x64 and AES-XTS 256. I am having some performance issues and was wondering 1) how I can tell whether this has made it into 9.1 and 2) if not, what would be the best way for me to pull into this change onto my system.

mmoll · #34 May 28th, 2013, 22:49

Hi,

Quote:

Originally Posted by nterupt

1) how I can tell whether this has made it into 9.1

They haven't.

Quote:

Originally Posted by nterupt

2) if not, what would be the best way for me to pull into this change onto my system.

From the links above, you can get diffs/patches, which you can apply to your 9.x sources and rebuild the kernel.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
[PF] Poor network performance with PF firewall	pva	Firewalls	4	October 9th, 2011 16:19
poor network performance	jsibsd	Networking	8	March 16th, 2011 06:58
Poor samba performance	palmboy5	Web & Network Services	8	January 11th, 2011 10:56
[Solved] Poor RAID performance	erikf154	System Hardware	3	February 10th, 2010 10:38
[Solved] opera-10 poor performance	warudemaru	Installation and Maintenance of FreeBSD Ports or Packages	13	October 18th, 2009 05:40