From: Felix Blanke <felixblanke@gmail.com>
To: Billy Crook <billycrook@gmail.com>
Cc: Sandra Schlichting <littlesandra88@gmail.com>,
linux-btrfs@vger.kernel.org
Subject: Re: Encryption implementation like ZFS?
Date: Sat, 31 Dec 2011 10:53:31 +0100 [thread overview]
Message-ID: <20111231095331.GA2829@scooter> (raw)
In-Reply-To: <CANZ96zXurbiy=WOOmULcs13fiQomuw=WzDtqm-KFptCx_4TA5A@mail.gmail.com>
Hi,
I tried my SSD with luks and it is damn slow. I don't have any numbers for i/o per
second but the read/write speed was <50% of the speed without luks. If you want
encryption and speed you have to use loopaes. Unfortunetly you have to patch your
util-linux for that.
The advantage of loopaes is that it is more secure then luks and way faster.
The speed with encryption (loopaes) is about 90-95% the speed without encryption at
my setup.
Best regards,
Felix
On 30. December 2011 - 14:49, Billy Crook wrote:
> Date: Fri, 30 Dec 2011 14:49:06 -0600
> From: Billy Crook <billycrook@gmail.com>
> To: Sandra Schlichting <littlesandra88@gmail.com>
> Cc: linux-btrfs@vger.kernel.org
> Subject: Re: Encryption implementation like ZFS?
>
> On Fri, Dec 30, 2011 at 14:12, Sandra Schlichting
> <littlesandra88@gmail.com> wrote:
> >> How is this advantageous over dmcrypt-LUKS?
> >
> > TRIM pass-through for SSD's. With dmcrypt on an SSD write performance
> > is very slow.
>
> Good point. I'm actually very close to moving from magnetic to SSD
> storage for my btrfs volumes. Would my luks layer offset the majority
> of any advantage I might otherwise see from SSD? I'd be happy just to
> eliminate seektime.
>
> > cryptsetup-1.4.0-1 have --enable-discards option to allow
> > discards/TRIM, but it is not recommended for theoretical security
> > reasons.
> >
> > From my understanding some btrfs features wouldn't work with dmcrypt,
> > like "online volume growth and shrinking"?
>
> I've been using btrfs on luks now for 6 months and online grow works
> fine -- if you online grow the luks container first. (cryptsetup
> resize <name>) It does make it a more manual process, I suppose, but
> for me it's worth knowing that no part of the filesystem, will ever be
> available should a disk be stolen.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
---end quoted text---
next prev parent reply other threads:[~2011-12-31 9:53 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-30 18:32 Encryption implementation like ZFS? Sandra Schlichting
2011-12-30 19:27 ` Billy Crook
2011-12-30 20:12 ` Sandra Schlichting
2011-12-30 20:49 ` Billy Crook
2011-12-30 21:12 ` Sandra Schlichting
2011-12-31 9:53 ` Felix Blanke [this message]
2011-12-31 14:12 ` Sandra Schlichting
2011-12-31 9:53 ` Fajar A. Nugraha
2011-12-31 14:00 ` Sandra Schlichting
2011-12-31 17:12 ` Niels de Carpentier
2011-12-31 23:04 ` Fajar A. Nugraha
2012-01-01 15:22 ` Niels de Carpentier
2011-12-31 16:01 ` Edward Ned Harvey
2011-12-30 22:10 ` Tomasz Torcz
2011-12-31 3:36 ` Niels de Carpentier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111231095331.GA2829@scooter \
--to=felixblanke@gmail.com \
--cc=billycrook@gmail.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=littlesandra88@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).