[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Encrypting drive

On Monday 09 July 2007 22:23, Anders Breindahl <skrewz@skrewz.dk> wrote:
> > Where "reasonably fast" means faster than a 3GHz P4.  A 3GHz P4 system I
> > was working on recently appeared to be limited to 4MB/s, if it wasn't for
> > the fact that the machine is about to be decommissioned then I would
> > probably investigate this further as the performance is lower than
> > expected.
> Funny. I get 4 MB/s of AES256 on an 850MHz P3. And >11MB/s on a 3500+
> AMD Sempron. And well above that when using VIA Padlock on another
> system.  Are you certain that you're not bottlenecked by some other
> problem?

Not certain, and the machine was being used for some processes other than the 
disk copy.  I may do some further tests after completely decommissioning it.

> > > However, if you should choose to encrypt only, say /home, you'd need to
> > > make sure that data won't ``sieve'' onto the unencrypted parts of the
> > > system, such as /tmp or swap space.
> >
> > True.  But the advantage to encrypting only some partitions is that you
> > can get better performance for non-secret data.
> If you're stuck with 4MB/s as transfer speed, you could consider
> security trade-offs for performance. But in a faster scenario, I
> wouldn't opt for it.

I don't think that it's a security trade-off to have a file-system for ISOs of 
Linux distributions that is unencrypted (as an example of one of my 
machines) - unless the threat model includes an attacker sneaking in, 
modifying things, and then leaving without detection - a much harder problem 
to solve.

http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

Reply to: