From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <Tom_Roche@pobox.com>
Received: from smtp.pobox.com (b-pb-sasl-quonix.pobox.com [208.72.237.35])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Sat, 22 Mar 2014 06:51:29 +0100 (CET)
From: Tom Roche <Tom_Roche@pobox.com>
Date: Sat, 22 Mar 2014 01:51:26 -0400
Message-ID: <877g7mpyqp.fsf@pobox.com>
MIME-Version: 1.0
Content-Type: text/plain
Subject: [dm-crypt] cryptsetup benchmark with I/O?
Reply-To: dm-crypt@saout.de, Tom Roche <Tom_Roche@pobox.com>
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de


summary: Is there an I/O-inclusive cryptsetup benchmark available for users?

details:

Thanks to PePa's script, which I have fiddled[1], it is now quite easy/fast to install LMDE[2] with LUKS and LVM2. So easy that I'd like to improve (if not optimize) my cryptsetup, if it's not too difficult/time-consuming. On my target hardware (which is a few years old)

$ sudo cryptsetup benchmark
> # Tests are approximate using memory only (no storage IO).
> PBKDF2-sha1       313569 iterations per second
> PBKDF2-sha256     190511 iterations per second
> PBKDF2-sha512     125068 iterations per second
> PBKDF2-ripemd160  254015 iterations per second
> PBKDF2-whirlpool  132663 iterations per second
> #  Algorithm | Key |  Encryption |  Decryption
>      aes-cbc   128b   142.2 MiB/s   164.7 MiB/s
>  serpent-cbc   128b    54.5 MiB/s   225.8 MiB/s
>  twofish-cbc   128b   131.6 MiB/s   180.0 MiB/s
>      aes-cbc   256b   113.8 MiB/s   125.5 MiB/s
>  serpent-cbc   256b    55.7 MiB/s   224.2 MiB/s
>  twofish-cbc   256b   133.2 MiB/s   180.9 MiB/s
>      aes-xts   256b   168.0 MiB/s   165.0 MiB/s
>  serpent-xts   256b   197.6 MiB/s   201.5 MiB/s
>  twofish-xts   256b   168.3 MiB/s   170.0 MiB/s
>      aes-xts   512b   126.4 MiB/s   126.4 MiB/s
>  serpent-xts   512b   195.5 MiB/s   197.8 MiB/s
>  twofish-xts   512b   167.0 MiB/s   167.0 MiB/s

But, as it says in the first line, `cryptsetup benchmark` tests memory but not I/O. So although my current selection (--cipher=serpent-xts-plain64 , --key-size=256) seems to be working OK, I'd like to know, ...

Is there a better benchmark? with I/O? Ideally, I'd like an automated test I could let run for not too long (a few hours, tops) to more realistically check my current selection against "the standard" (which, IIUC, is --cipher=aes-xts-plain64 , --key-size=512). I don't have data on the target hardware, and the script makes it easy/quick to blast the old partitions/volumes and twiddle the crypto, so I could do that for an interation or two before I "setup the box for real."

TIA, Tom Roche <Tom_Roche@pobox.com>

[1]: https://bitbucket.org/tlroche/install_resizable_encrypted_lmde
[2]: http://www.linuxmint.com/download_lmde.php