Re: LUKS overhead (was Re: encrypted root fs on a slug and crypto-modules)
Tomasz Chmielewski wrote: Tobias Frost schrieb: to throw another number into the round, I got around 2-3 MByte/s on the new ABI. BTW: Does someone know a Mini-PCI crypto accelerator card fit for LUKS/device-mapper? I found some two solutiions the net, but all of them are very "secret", that is you need probably a NDA to get more infos like datasheets or in which format the drivers are supplied ... (The best candidate so far would be the NITROX XL NMB Acceleration Boards, http://www.caviumnetworks.com/acceleration_boards_Mini-PCI.htm) VPN 1411 from Soekris could in theory help: http://soekris.com/vpn1401.htm In theory only, because there is no working driver for Linux 2.6 (there are sources for Linux 2.4 and OpenBSD/FreeBSD). (Slightly) OT, are there any HOWTOs or other general overviews of the crypto-related APIs in the kernel that appear to be getting significant attention the last few releases? It looks like there's more than an accelerator API there lately, I'm trying to get a sense of the motivations for its use--- as well as how to use it, of course. b.g. -- Bill Gatliff [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LUKS overhead (was Re: encrypted root fs on a slug and crypto-modules)
Yes, this is the other card I found. However, as written on some list (lost the URL), the 2.4 driver must be buggy as hell and datasheets are subject to NDAs. > > Boards, http://www.caviumnetworks.com/acceleration_boards_Mini-PCI.htm) > > VPN 1411 from Soekris could in theory help: http://soekris.com/vpn1401.htm > > In theory only, because there is no working driver for Linux 2.6 (there > are sources for Linux 2.4 and OpenBSD/FreeBSD). > > > > -- > Tomasz Chmielewski > http://wpkg.org > > signature.asc Description: This is a digitally signed message part
Re: LUKS overhead (was Re: encrypted root fs on a slug and crypto-modules)
Tobias Frost schrieb: to throw another number into the round, I got around 2-3 MByte/s on the new ABI. BTW: Does someone know a Mini-PCI crypto accelerator card fit for LUKS/device-mapper? I found some two solutiions the net, but all of them are very "secret", that is you need probably a NDA to get more infos like datasheets or in which format the drivers are supplied ... (The best candidate so far would be the NITROX XL NMB Acceleration Boards, http://www.caviumnetworks.com/acceleration_boards_Mini-PCI.htm) VPN 1411 from Soekris could in theory help: http://soekris.com/vpn1401.htm In theory only, because there is no working driver for Linux 2.6 (there are sources for Linux 2.4 and OpenBSD/FreeBSD). -- Tomasz Chmielewski http://wpkg.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LUKS overhead (was Re: encrypted root fs on a slug and crypto-modules)
to throw another number into the round, I got around 2-3 MByte/s on the new ABI. BTW: Does someone know a Mini-PCI crypto accelerator card fit for LUKS/device-mapper? I found some two solutiions the net, but all of them are very "secret", that is you need probably a NDA to get more infos like datasheets or in which format the drivers are supplied ... (The best candidate so far would be the NITROX XL NMB Acceleration Boards, http://www.caviumnetworks.com/acceleration_boards_Mini-PCI.htm) signature.asc Description: This is a digitally signed message part
LUKS overhead (was Re: encrypted root fs on a slug and crypto-modules)
On Sun, Mar 09, 2008 at 11:54:29PM +0100, Anders Lennartsson wrote: > As a further note on the subject of this thread, I did manage to > install Debian Etch on a fully encrypted USB-stick (1 GB) with two > partitions, one for root and one for swap. I used default settings for > LUKS encryption which I belive is 128 bits. My impression is that it > didn't really affect performance but I have not made any objective > tests of this. I built a 2.4.24 armel system on my Thecus N2100 last night, and created a 100GB data partition to test this out. There are a few layers WDC5000KS -> md (raid-1) -> lvm2 -> dm-crypt -> ext3 -> smb That's two more (lvm2; dm-crypt) than I'm used to on this machine. Copying a few GB onto the device via SMB resulted in kcryptd consuming a lot of CPU for several minutes after each transfer. I'm not sure if it impacted the speeds much, I got ~1.5MB/s which is far from great (100-base-t switch is the limiting factor ethernet wise) but I was getting roughly that (mostly over SSH rather than SMB) beforehand (with the old ABI). The machine didn't boot this morning, but if it does when I get back from work, I'll try and get some more figures on how much of an overhead LUKS proves. I'd expect things to be worse on the slug than the n2100. -- Jon Dowland -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
