Simon Burge <sim...@netbsd.org> writes: > "Perry E. Metzger" wrote: > >> [ ... ] Encrypted swap should >> be the default -- either using cgd or by simply encrypting the blocks as >> they go in and out without using the cgd layer. > > You've benchmarked the effect of this, especially on older hardware?
No, but others have, and it is generally negligible. Why is this the case? Well, think about it for a moment -- the time to encrypt a disk block is a tiny fraction of the time needed to write it to disk. It is true that on older machines there is less processor, but there is also even less disk bandwidth. The situation is a lot worse if you're thrashing, but of course the situation is always a lot worse if you're thrashing. In any case: there would clearly be a knob to this on and off, and it can even be left off by default, at least on older ports. The problem is this: it is a significant effort to set this up at all, so no one does it. If it was trivial to set up, even something listed in sysinst, it would be widely used, unlike the situation now where it is barely if ever done. Perry -- Perry E. Metzger pe...@piermont.com