Arch Linux

fiercefinn

Member

From: Hellsinki

Registered: 2006-11-08

Posts: 5

Luks encrypted root and system speed

I am considering encrypting my root and home partition. I would be interested in hearing comments about how much this would affect system speed (encryption overhead when writing and reading files) ? The processor would be a dual core Athlon 64.
Also how does the encryption work regarding to system failures. For example if I loose power while the system is writing a file, will I loose just that file or is the whole partition messed up and unreadable after that ?

G_Syme

Member

Registered: 2007-01-04

Posts: 83

Re: Luks encrypted root and system speed

I am considering encrypting my root and home partition. I would be interested in hearing comments about how much this would affect system speed (encryption overhead when writing and reading files) ? The processor would be a dual core Athlon 64.

You won't notice any differences in most cases. I've even used an AMD Duron 900MHz with 2 disks for about a year, everything encrypted with AES and 128 bit keys, and it was impossible for me to notice any difference compared to unencrypted disks on that machine. The speed problem fist occurs if you transfer large files either between machines, or even more from one encrypted disk to the other, because it hast to decrypt the source and encrypt the target. This can be really slow.
At the moment I'm using an AMD Turion X2 TL52 (2x1600MHz) with Serpent 256 bit encryption, and even transfers of large files are reasonably fast.

Also how does the encryption work regarding to system failures. For example if I loose power while the system is writing a file, will I loose just that file or is the whole partition messed up and unreadable after that ?

I've very often had a frozen system on my laptop which I had to hard shutdown (aka power off), and I've had a few times no more battery power left. I've never had a problem after a reboot. After you open your encrypted partition it's a normal partition like every other one. The only difference is that you have to do one more step to read or write to the partition, but apart from that it's practically as safe as any other partition.

---

The courageous enter dark caves alone.
The clever send in the courageous first.
The cleverest wait behind the clever.

fiercefinn

Member

From: Hellsinki

Registered: 2006-11-08

Posts: 5

Re: Luks encrypted root and system speed

Sounds good, thanks for info. That clears up the points I was a little afraid of before trying it for real (I tried it under a virtual system just to see how luks etc. works).

ataraxia

Member

From: Pittsburgh

Registered: 2007-05-06

Posts: 1,553

Re: Luks encrypted root and system speed

You can identify how much CPU it uses by watching the kernel thread "kcryptd" in top. It's generally minimal, until you start doing really heavy I/O.

brain0

Developer

From: Aachen - Germany

Registered: 2005-01-03

Posts: 1,382

Re: Luks encrypted root and system speed

Also how does the encryption work regarding to system failures. For example if I loose power while the system is writing a file, will I loose just that file or is the whole partition messed up and unreadable after that ?

I've very often had a frozen system on my laptop which I had to hard shutdown (aka power off), and I've had a few times no more battery power left. I've never had a problem after a reboot. After you open your encrypted partition it's a normal partition like every other one. The only difference is that you have to do one more step to read or write to the partition, but apart from that it's practically as safe as any other partition.

That highly depends on the filesystem you use. I never had any problems with ext3, but if you use xfs, you should avoid any power failures. Basically, the filesystem is the problem here, not the encryption.

There is one serious problem though: If you loose your LUKS header (first few kilobytes of the partition), your passphrases are worthless and all data is lost forever.

And never loose your passphrase(s), LUKS has an anti-forensic design which makes it impossible recover any data in the next few thousand years if you do.