Hello,
I was really annoyed by the numbers I got. So I did the testings again.
Using
a brand new VM. Being really careful on what I was doing and writing it
down
after each command run. I did the testings using 6.1 and 6.2-current, in
case
there were some changes. There weren't.
First of all. There isn't 10x difference between PLAIN and ENCRYPTED.
I believe I have mixed numbers from my various testings. I also believe
Cloud
providers don't/can't guarantee throughput on disk. I noticed variations
from
1 to 4 on the same VM between 2 days... whatever the OS was.
In the end, there only seem to be a 1.5 factor difference between PLAIN
and
ENCRYPTED. And according to iostat, what happens is that when writing on
the
encrypted partition (sd1a), io already happen on the plain partition
(sd0a).
# disklabel sd0
(...)
a: 52420031 64 RAID
c: 52428800 0 unused
# disklabel sd1
(...)
a: 48194944 4209056 4.2BSD 2048 16384 12958 # /
b: 4208966 64 swap # none
c: 52419503 0 unused
# iostat -w 1 sd0 sd1
tty sd0 sd1 cpu
tin tout KB/t t/s MB/s KB/t t/s MB/s us ni sy in id
0 61 16.00 5180 80.94 16.00 5180 80.94 1 0 91 8 0
0 184 16.00 4594 71.78 16.00 4594 71.78 0 0 95 5 0
0 61 16.00 5126 80.09 16.00 5126 80.09 1 0 95 4 0
0 61 16.00 5014 78.34 16.00 5012 78.31 0 0 94 6 0
(...)
Regards.
Le 18/09/2017 09:40, Stefan Sperling a écrit :
On Sun, Sep 17, 2017 at 07:32:49PM +0100, Kevin Chadwick wrote:
I'm not a developer but I know 6.1 moved to a shiny new side channel
resistant AES. I seem to remember Theo saying that if it is that slow
then even worse; people won't use encryption at all and if they need
side channel resistance then they could get a processor with AES-NI
etc.. Not sure if it was reverted in the end or not.
It was reverted.
