Running cryptsetup test utility shows that on RAM using 256 instead of 512 (both sha and key size) increases performance.
Not relevant and necro-bumping, closing.
]]>The target laptop has plenty of horsepower - an i7 and 8GB RAM. The drive is a Kingston HyperX Savage USB 3.1 (HXS3/128GB) with advertised throughput of 350MB/s R, 250MB/s W.
/dev/sdX1 - 100M unencrypted ext4 for /boot
/dev/sdX2 - 100G dm-crypt/LUKS ext4 for /
I formatted the luks container with the options
--verbose --verify-passphrase --cipher=aes-xts-plain64 --key-size=512 --hash=sha512 --iter-time=10000 --use-random
I wonder if there are any I/O optimizations I can make, given this configuration? Lower latency on small file read/write is more important than sustained sequential throughput (my workload is primarily web browsing and ruby development, not say gaming or video streaming/editing). With the i7, I can yield some CPU time to optimize disk ops if that's a decision point.
Maybe there are more/different luks parameters I could have used? Some dm-crypt flags I should set in the bootloader? Perhaps tweaking some kernel settings (such as filesystem caching pressure or flushing parameters)? I don't know what I don't know, so these are only vague guesses.
]]>