On Thu, 2008-02-28 at 16:34 +0100, Peter Meier wrote: > Hi > > > I just did some benchmarking on different ciphers for cryptsetup-luks > > will you share them somewhere? > > for the other questions I can say the same as Daniel. > > greets Pete I didn't test that much. I found many ciphers do not work with cryptsetup-luks. I think it's because of limitations on the blocksize. I also found that cryptsetup refuses to create partitions with >=512bit keys and I can't open ones with a keysize above 320bit (still have to check bug reports). As I already wrote, I was only interested in whether they are faster than my HDD (38MB/s) and I've only checked 64,128,256 and the maximum supported keysize. So here are the results: Blowfish: 64,128 and 256bit. Speed at 320bit: 31MB/s Twofish: 128,256bit AES (Rijndael): 128,256bit Serpent: none (26MB/s with 64bit keys) Anubis: 128,256,320bit Camellia: 128bit (I don't remember it's exact speed at 256bit but it lost dramatically) Cast6: none (Somewhere between 20 and 30MB/s) My system: Intel Celeron M 530 @ 1.73GHz Cache: 1024KB Flags: SSSE3 RAM: DDR2-533 HDD: 2,5" 5400rpm Kernel: 2.6.24-tuxonice-r2 64bit, preemtible UPDATE: Just as I wrote this, I did some new tests on my new kernel which is not completely preemtible and I also used a nice setting of -20 on dd. Apparently, now my system is fast enough for Blowfish with 320bit. Therefore I did some new tests. This time I've watched CPU-utilization because Blowfish, AES, Twofish and Anubis all accomplished 38MB/s. Only Serpent still fails with 26MB/s. Here are the results for *-xts-plain:sha256 --key-size 256 with * = AES:40-60% Twofish:60% Anubis: 65% Blowfish: 90% Some other tests: There seems to be no speed difference between cbc-essiv, lrw-benbi and xts-essiv/plain/benbi. The hash-function seems to have no influence, either. I've tested Whirlpool (wp512), SHA256, SHA-1 and Tiger (tgr128). Please take my results with a big dose of salt. I only did them for myself, everything quick and dirty. I did not switch to single-user mode although I repeated tests if I thought that there was some background activity. I did not repeat tests to average the results or something like that. In the end, I think I'll choose three ciphers: Since Serpent is still considered the safest of them all I'll use it for very important data which is easily stolen, for example my external HDD, maybe my /home-partition as well. Where speed is critical and other processes should not be interrupted, I'll use AES and possibly go down to 128bit, for example on /var. Where both security and speed are important, for example when making backups, I'll use Anubis with 320bit. I found some documentation from NESSIE on Anubis and it sound promising, especially because additional keysize adds more rounds to the encryption and thus making serious brakes harder to accomplish. Talking about hashs, I'll stick with Whirlpool because it made it through the NESSIE-evaluation. One last question for everyone who has read this rather long mail (thank you, btw): What exactly is benbi in aes-lrw-benbi:sha256 and what should I choose for XTS? The kernel description states plain but essiv and benbi work as well.