From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m_3t7pAmIthS for ; Wed, 29 Jan 2014 16:53:15 +0100 (CET) Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Wed, 29 Jan 2014 16:53:15 +0100 (CET) Received: from fruiteater.riseup.net (fruiteater-pn.riseup.net [10.0.1.74]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 99B0A52F70 for ; Wed, 29 Jan 2014 07:53:07 -0800 (PST) Message-ID: <52E923D6.9000703@riseup.net> Date: Thu, 30 Jan 2014 02:52:54 +1100 From: "shmick@riseup.net" MIME-Version: 1.0 References: <52E90EA3.2020404@riseup.net> <52E9174B.6020803@gmail.com> In-Reply-To: <52E9174B.6020803@gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] benchmark, kernel, libgcrypt, comparisons List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Milan Broz: > On 01/29/2014 03:22 PM, shmick@riseup.net wrote: >> i came across a text file benchmark i did with the 2nd latest cryptsetup >> and thought id see how 1.6.3 would look >> >> i have different kernel and libgcrpyt versions since 1.6.2 as well and >> it was said on the gnupg list when libgcrypt 1.6.0 came out there were >> some speed improvements > > In fact, gcrypt 1.6.0 was major slowdown for PBKDF2 (previously cryptsetup > used own implementation because it was not available in gcrypt), but it will > be fixed in gcrypt 1.6.1. > >> what would likely be the main source of speed increases - kernel or >> libgcrypt ? > > In general, for hash algorithm used in header parsing or key derivation > user space library is important (gcrypt), for block ciphers it is kernel. > > Usually in userspace openssl backend is faster, but gcrypt is default. thanks i compiled with openssl to see and hash algos were approx 2x 'speedier' for me > > It is not much important because this is used only during device unlocking, > data access later is pure kernel dm-crypt job. > >> serpent decryption is vastly faster, twofish in general but seems AES isn't > > This depends on machine (and which cipher implementation - it can be accelerated > through AES-NI, SSE instruction etc, depends on your arch and kernel config). > I think kernel API has continuous improvement, so check crypt modules available > (dmcrypt will simply use what crypto API provides). > > Milan > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt >