Re: [gentoo-user] Intel Atom: architecture, distcc, crossdev and compile flags

[Frank Steinmetzger <Warp_7@gmx.de>]

[-- Attachment #1: Type: text/plain, Size: 2486 bytes --]

On Wed, Dec 12, 2012 at 09:16:58AM +0100, Florian Philipp wrote:

> >>> * The last thing I’m going to set up is filesystem encryption, at least for ~.
> >>>   I already know/think that AES would be the best choice due to limited CPU
> >>>   power, but what else is there to heed besides key size?
> >>
> >> Nothing, you're good. Hash and key chaining method have negligible
> >> impact. If you stick with an x86_32 userspace I suggest at least using
> >> an x64 kernel so you can use of CRYPTO_AES_X86_64.
> > 
> > That's an interesting idea.
> >> [...] 
> > I haven't done any comparisons of 32/64 crypto yet, I'm just reading
> > docs on Luks (never used it before).

Well now, I did a few comparisons yesterday. Not much---just permutated a few
of the most probable crypto combinations (aes/twofish, cbc/xts, essiv/plain).
I created the LUKS container, opened it and gave it a spin with hdparm -t.

The result was shocking and outrageous; reported throughput w/o encryption was
75 MB/s, which is your typical 5400 rev laptop HDD.  First I was disappointed
when I saw what aes-cbc-essiv gave me on 32 bit: a mere 19 and a bit.  But on
64 bit, it yielded a whopping 34 MB/s.  I had a hunch and booted the 32 bit
system with the 64 bit kernel---and throughput stayed high as expected.

So for the sake of simplicity (and to give it a rest after two weeks of ricing
to the day), I will use the 32 bit userland with a 64 bit kernel.  I will only
need to set up some magic (a multilib crossdev gcc and separate build dirs) so
I can build both kernels with their separate configs from the same source dir.

> I personally see no reason for encrypting root as there is nothing of
> interest in there.

Hm ideed, the only password I have in a plaintext config file are WiFi
passwords vor wpa and vpnc.  For those the symlink solution could be used.
Not needing an initrd is a big incentive. :)

> > On a sidenote, While I was cleaning up unread mails in the ML, I just
> > found your interesting frontswap/zcache trick.

I tried that, too, but for now will keep it disabled---simple copying of big
files was slowed down to 33 MB/s, obviously b/c the cache is constantly being
changed.  It's just not suitable for little Atoms.
-- 
Gruß | Greetings | Qapla’
Please do not share anything from, with or about me with any Facebook service.

The duration of a minute is relative.
It depends on the side of the toilet door you are standing on.

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]