From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id vXFISLrTGUwx for <dm-crypt@saout.de>;
 Wed, 29 Jan 2014 15:59:30 +0100 (CET)
Received: from mail-ea0-x229.google.com (mail-ea0-x229.google.com
 [IPv6:2a00:1450:4013:c01::229])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 29 Jan 2014 15:59:30 +0100 (CET)
Received: by mail-ea0-f169.google.com with SMTP id h10so994680eak.28
 for <dm-crypt@saout.de>; Wed, 29 Jan 2014 06:59:29 -0800 (PST)
Message-ID: <52E9174B.6020803@gmail.com>
Date: Wed, 29 Jan 2014 15:59:23 +0100
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <52E90EA3.2020404@riseup.net>
In-Reply-To: <52E90EA3.2020404@riseup.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] benchmark, kernel, libgcrypt, comparisons
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: "shmick@riseup.net" <shmick@riseup.net>, dm-crypt@saout.de

On 01/29/2014 03:22 PM, shmick@riseup.net wrote:
> i came across a text file benchmark i did with the 2nd latest cryptsetup
> and thought id see how 1.6.3 would look
> 
> i have different kernel and libgcrpyt versions since 1.6.2 as well and
> it was said on the gnupg list when libgcrypt 1.6.0 came out there were
> some speed improvements

In fact, gcrypt 1.6.0 was major slowdown for PBKDF2 (previously cryptsetup
used own implementation because it was not available in gcrypt), but it will
be fixed in gcrypt 1.6.1.

> what would likely be the main source of speed increases - kernel or
> libgcrypt ?

In general, for hash algorithm used in header parsing or key derivation
user space library is important (gcrypt), for block ciphers it is kernel.

Usually in userspace openssl backend is faster, but gcrypt is default.

It is not much important because this is used only during device unlocking,
data access later is pure kernel dm-crypt job.

> serpent decryption is vastly faster, twofish in general but seems AES isn't

This depends on machine (and which cipher implementation - it can be accelerated
through AES-NI, SSE instruction etc, depends on your arch and kernel config).
I think kernel API has continuous improvement, so check crypt modules available
(dmcrypt will simply use what crypto API provides).

Milan