On 1/17/20 11:15 AM, Matthew Ahrens wrote: > > Change encryption=on from aes-256-ccm to aes-256-gcm? See especially > the comments starting here: > https://github.com/zfsonlinux/zfs/pull/9749#issuecomment-568633557(rlaager) > > * > > The two main motivators of this proposal are security and performance. > > o > > From a security standpoint, Mozilla and TLS default to gcm. > > o > > According to Richard’s estimates, performance could get a ~3x > improvement with gcm. > One minor nit, it's really "Attila Fülöp's estimates", not mine. I don't want to be seen as stealing credit for someone else's (excellent!) work. :) I was repeating Attila Fülöp's comments from PR 9749:
GCM is 1.15x the speed of CCM before PR 9749: "I did run the fio tests above on an aes-256-gcm and an aes-256-ccm dataset and the GCM run is approximately 1.15 times faster than the CCM run." -- https://github.com/zfsonlinux/zfs/pull/9749#issuecomment-569132997 The PR gives "up to approximately 12x throughput increase for large (128 KiB) blocks." See the Description section in the PR description: https://github.com/zfsonlinux/zfs/pull/9749 "If there's enough interest I could be beaten to port the openssl CCM assembler routines too, but the improvements won't be as big as in the GCM case. Here is the output of openssl speed indicating that GCM performs 3-4 times faster then CCM." https://github.com/zfsonlinux/zfs/pull/9749#issuecomment-570065780 I did test just now to confirm those results personally. With OpenSSL, I'm seeing GCM as 2.6x to 4.8x the speed of CCM, depending on block size. You can test on your system with: openssl speed -evp aes-256-gcm openssl speed -evp aes-256-ccm -- Richard ------------------------------------------ openzfs: openzfs-developer Permalink: https://openzfs.topicbox.com/groups/developer/Td6ebc6df2e2a14bd-Mabcdb42f4e1aed60b4ffc57e Delivery options: https://openzfs.topicbox.com/groups/developer/subscription