# Encrypted volume read/write too fast...

## creaker

Hi!

I encrypted one of the partitions following this wiki page: http://wiki.gentoo.org/wiki/Dm-crypt

Once got device mounted, I decided to test read/write performance. I copied a 4Gb file and paste it into container. Unexpectedly file was copied too fast: operation took 45 secs. It's a 91Mb/sec. Afaik, it shouldn't be so fast. The read/write speed for encrypted partition should be 20-70 Mb/sec according to this benchmark: http://blog.wpkg.org/2009/04/23/cipher-benchmark-for-dm-crypt-luks/

Encrypted partition status:

```
localhost ~ # cryptsetup status cv

/dev/mapper/cv is active and is in use.

  type:    LUKS1

  cipher:  aes-xts-plain64

  keysize: 256 bits

  device:  /dev/sdb2

  offset:  4096 sectors

  size:    447426560 sectors

  mode:    read/write
```

It even faster than copy to plain (non-encrypted) partition.

Assuming something wrong with my setup. Either data encryption compromised or not encrypted at all.

Any thoughts?

----------

## Hu

I think you are using a 5+ year old benchmark to analyze the performance of hardware you did not describe.  If you have a much faster system, good hardware offload, or used more caching than was used in the benchmark, then comparing your results to theirs is meaningless.  I see that the blog post was edited a year after its posting to note that DM-Crypt became SMP aware, which could affect performance.

----------

## HeissFuss

Are you measuring the time it takes to copy and sync to disk, or just copy?  When the copy completes, that just means it's in RAM disk buffer, prior to encryption/disk write.

Also, AES with any modern Intel processes does AES-NI CPU offload of AES, which is very fast.  You can benchmark the actual CPU throughput (minus disk) with 'cryptsetup benchmark'

----------

## creaker

@ Hu

I saw that the date is 2009. The HDD used for linked above benchmark even faster than mine: 105Mb/s vs 100Mb/s.

Though, you are right, multithreading might be enabled by default since 2009. I wasn't aware of it.

----------

## creaker

 *HeissFuss wrote:*   

> 
> 
> Also, AES with any modern Intel processes does AES-NI CPU offload of AES, which is very fast.  You can benchmark the actual CPU throughput (minus disk) with 'cryptsetup benchmark'

 

```
localhost ~ # cryptsetup benchmark

# Tests are approximate using memory only (no storage IO).

PBKDF2-sha1       485451 iterations per second

PBKDF2-sha256     249660 iterations per second

PBKDF2-sha512     163227 iterations per second

PBKDF2-ripemd160  376643 iterations per second

PBKDF2-whirlpool  204161 iterations per second

#  Algorithm | Key |  Encryption |  Decryption

     aes-cbc   128b   151,2 MiB/s   208,3 MiB/s

 serpent-cbc   128b           N/A           N/A

 twofish-cbc   128b           N/A           N/A

     aes-cbc   256b   122,0 MiB/s   155,9 MiB/s

 serpent-cbc   256b           N/A           N/A

 twofish-cbc   256b           N/A           N/A

     aes-xts   256b   209,7 MiB/s   210,4 MiB/s

 serpent-xts   256b           N/A           N/A

 twofish-xts   256b           N/A           N/A

     aes-xts   512b   156,1 MiB/s   157,5 MiB/s

 serpent-xts   512b           N/A           N/A

 twofish-xts   512b           N/A           N/A
```

Yes, seems this benchmark proves that 91Mb/s is real transfer speed.

Thanks.

----------

