From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ldG5A2xxa3oc for <dm-crypt@saout.de>;
 Fri,  4 Jan 2013 22:56:28 +0100 (CET)
Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Fri,  4 Jan 2013 22:56:28 +0100 (CET)
Received: from gatewagner.dyndns.org (84-74-164-49.dclient.hispeed.ch
 [84.74.164.49]) by v4.tansi.org (Postfix) with ESMTPA id A524E1404001
 for <dm-crypt@saout.de>; Fri,  4 Jan 2013 22:56:28 +0100 (CET)
Date: Fri, 4 Jan 2013 22:56:27 +0100
From: Arno Wagner <arno@wagner.name>
Message-ID: <20130104215627.GA23626@tansi.org>
References: <50DF635C.90003@gmail.com> <50E6C1EC.1000307@gmail.com>
 <87sj6gn5g7.fsf@silenus.orebokech.com> <50E72A22.3060007@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <50E72A22.3060007@gmail.com>
Subject: Re: [dm-crypt] Switch to XTS mode for LUKS in cryptsetup in 1.6.0
 (Was Re: [ANNOUNCE] cryptsetup 1.6.0-rc1)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Fri, Jan 04, 2013 at 08:14:42PM +0100, Milan Broz wrote:
> On 01/04/2013 07:55 PM, Romain Francoise wrote:
> > Milan Broz <gmazyland@gmail.com> writes:
> > 
> >> Any serious objections to not do that now?
> > 
> > How does it compare to cbc in terms of (real-world) performance?
> 
> It is slower but on recent systems it shouldn't not be bottleneck
> (even with fast storage).
> 
> I really prefer security to performance here.
> 
> But anyway, there is now benchmark command to test it.
> 
> An example (on my 3 year old Thinkpad x201 notebook with AES-NI):
> 
> # Tests are approximate using memory only (no storage IO).
> #  Algorithm | Key |  Encryption |  Decryption
>      aes-cbc   128b   789.0 MiB/s  1899.0 MiB/s
>      aes-cbc   256b   595.0 MiB/s  1445.0 MiB/s
>      aes-xts   256b   572.0 MiB/s   571.4 MiB/s
>      aes-xts   512b   465.0 MiB/s   467.0 MiB/s
> 
> (I think XTS got some more optimization in recent kernel, this is from 3.6.)
> 
> You can try it yourself, just run "cryptsetup benchmark" with 1.6.0-rc1,
> perhaps we will need some new FAQ entry here.

Yes, I think so. I will write one.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell