Sebulon said:@lockdoc
Not that big of a difference, but measureable. The numbers are all there.
/Sebulon
Sebulon said:dd if=/dev/random of=/boot/geli/disks.key bs=64 count=1
Yes I posted that. But again, if you read thisvermaden said:@lockdoc
Its already described here in this thread:
http://forums.freebsd.org/showpost.php?p=185291&postcount=21
And then compare it to the benchmarks the users have done in this forum, it all doesnt make sense, as CBC seems to be faster....XTS will be more fast since you can do parallel operations.
I cannot extract security related information from that. So the question is still open....XTS have some strong design on some attacks...
[B]ALGORITHM BIT MB/s[/B]
NONE - 146
AES-XTS 128 70
AES-CBC 128 114 (65 without AESNI)
Blowfish-CBC 128 28
Camellia-CBC 128 43
3DES-CBC 192 14
AES-XTS 256 68
AES-CBC 256 106
Blowfish-CBC 256 28
Camellia-CBC 256 37
mmoll said:Hi,
if you use 9.x, have a look at the following patches which were commited to 10.x but not MFCed:
http://www.secnetix.de/olli/FreeBSD/svnews/index.py?r=226837
http://www.secnetix.de/olli/FreeBSD/svnews/index.py?r=226840
They haven't.nterupt said:1) how I can tell whether this has made it into 9.1
From the links above, you can get diffs/patches, which you can apply to your 9.x sources and rebuild the kernel.nterupt said:2) if not, what would be the best way for me to pull into this change onto my system.
Faldaani said:Hello
So... am I benchmarking the wrong way in FreeBSD? Any ideas on how to speed this up?
170mb/sec isn't going to cut it when split over 20 disks...
Support for AES-NI instruction and intrinsics has been added to gcc. The aesni module has been improved to use pipelining when possible. This results in a significant speed up for AES-XTS and AES-CBC decrypt.