[LINK] Stolen Laptop [was Re: Consumer computer security]

Rick Welykochy rick at praxis.com.au
Mon Jan 29 11:02:21 AEDT 2007 

Howard Lowndes wrote:

>>> On 29/01/07, Rick Welykochy <rick at praxis.com.au> wrote:
>>>> Heh? AES encryption and decryption cost CPU cycles. Copying data 
>>>> from one
>>>> AES encrypted file to another will be measureably slower than the 
>>>> equivalent
>>>> non-enrypted copy. Microsoft would know this already. We Mac and Linux
>>>> users know this. Even if the AES functions are performed on the chip,
>>>> DMA to/from the chip will take extra time. Why the spin?

> OK, it's not Bitlocker, it's encfs, but I have just run a test to create 
>  a 1M and a 1G file, directly to an ext3 filesystem  and to encfs under 
> ext3.  Here are the results, plain files first:
> 
> 1048576 bytes (1.0 MB) copied, 0.402128 seconds, 2.6 MB/s
> 1073741824 bytes (1.1 GB) copied, 421.027 seconds, 2.6 MB/s
> 1048576 bytes (1.0 MB) copied, 0.562334 seconds, 1.9 MB/s
> 1073741824 bytes (1.1 GB) copied, 587.126 seconds, 1.8 MB/s

Thanks for the stats, Howard. I've done similar on Mac OS X, and
include the duplication of a 1 GB file, both unencrypted and
encrypted. I think that file duplication is the best real-world
test, since that is the kind of real world data transfer that
will occur, i.e. detach an email attachment, copy photos nd
video, fiddle with MP3 files and iTunes, etc.etc. I notice the
speed penalities all the time, so much so that I have moved my
multimedia files on the Mac to an non-encrypted volume. The encrypted
stuff is mainly for business and banking :)

Hera are my results, which belies Mickeysoft's statements about
little or no impact to your running system ...

create 1 MB file, unencrypted     0.315017 secs 3328633 bytes/sec
create 1 MB file, encrypted       0.307997 secs 3404501 bytes/sec

create 1 GB file, unencrypted     354 secs 3029981 bytes/sec
create 1 GB file, encrypted       404 secs 2655760 bytes/sec

duplicate 1 GB file, unenc->unenc 120 secs 8947848 bytes/sec
duplicate 1 GB file, enc->enc     249 secs 4312216 bytes/sec

There is the kicker, in the last result. Note that Johann did not
notice the AES encryption with normal usage, and the above results
back that up. The encryption overhead for short copies is overshadowed
by normal kernel overheads. But when you start doing some Real Work
on the machine, it can bog down to 1/2 or less of normal throughput.
That is my consistent finding.


> I suggest that you should subscribe to his monthly newsheet.

I read it religiously every month and sometimes Link gets a dishing
of it :)


cheers
rickw



-- 
_________________________________
Rick Welykochy || Praxis Services

People who enjoy eating sausage and obey the law should not watch either being made.
      -- Otto von Bismarck

More information about the Link mailing list