From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ms@citd.de>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id FQP0V2BpFlSG for <dm-crypt@saout.de>;
 Thu, 14 Mar 2013 14:15:04 +0100 (CET)
Received: from awesome.dsw2k3.info (awesome.dsw2k3.info
 [IPv6:2a01:198:661:1f::3])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Thu, 14 Mar 2013 14:15:03 +0100 (CET)
Date: Thu, 14 Mar 2013 14:14:57 +0100
From: Matthias Schniedermeyer <ms@citd.de>
Message-ID: <20130314131457.GA5307@citd.de>
References: <40727.130.226.154.66.1362921572.squirrel@lavabit.com>
 <20130310192312.GA9676@tansi.org>
 <alpine.LRH.2.00.1303131642510.6143@rray.drdc.mstc.ms.gov>
 <CAFnMBaRE2sAmnTohywkTc6Pcv6DhmgDhF+hv+c3_nyWQ4W+1mA@mail.gmail.com>
 <alpine.LRH.2.00.1303140558360.6533@rray.drdc.mstc.ms.gov>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.LRH.2.00.1303140558360.6533@rray.drdc.mstc.ms.gov>
Subject: Re: [dm-crypt] hardware encryption
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: lxnf98mm@gmail.com
Cc: dm-crypt@saout.de

On 14.03.2013 06:12, lxnf98mm@gmail.com wrote:
> On Wed, 13 Mar 2013, .. ink .. wrote:
> 
> >On Wed, Mar 13, 2013 at 5:45 PM, <lxnf98mm@gmail.com> wrote:
> >
> >>Can dm-crypt make use of the encryption capabilities of the cpu
> >>I am probably not asking the right question but gotta start somewhere
> >>
> >>
> >The answer to your question according the  link given next is "yes" :
> >http://www.saout.de/pipermail/dm-crypt/2011-October/002092.html
> >
> >best place to start with cryptsetup is to go through its FAQ located at:
> >http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
> >
> 
> This is probably not the place to ask but how about a Marvell 88F6281
> www.marvell.com/embedded-processors/kirkwood/assets/HW_88F6281_OpenSource.pdf
> I tried openssl speed test and it out performs a 3.4Ghz Intel
> Right now running dm-crypt on the Marvell uses about 50% cpu

Given that openssl doesn't support AES-NI i'm not surprized.

Last time i looked AES-NI support in openssl was "in Limbo" and it may 
still take quite some time(years) until there is a release which 
officially supports AES-NI. This is despite first patches beeing made 
available before there was silicon, so openssl is quite a few years 
behind.

I'm using an unofficial "something" (Can't remember what it is excatly ) 
so that openssl can utelize AES-NI which in turn enables AES-NI usage 
for SSH, so i can use it for scp or rsync over SSH.
The difference is quite noticable, altough in LANs i just use ARCFOUR. 
No patching necesarry to saturate Gigabit. :-)

When i tested it some time back over loopback both AES-128-CBC(*) (with 
AES-NI) and ARCFOUR peaked at about 400MB/s(IIRC), so no problem doing 
the 110MB/s needed to saturate Gigabit.


*:
AES-128-CTR doesn't appeared to either support AES-NI or get any 
performance benefit from AES-NI.


-- 

Matthias