# [SOLVED]Encrypted swap obscenely slow! (rtorrent start hash)

## jagomai

Hi,

I've encrypted my swap-partition with dm-crypt (no LUKS, whatever that is) using the guide on the dm-crypt site.

In fstab, I have: 

```

# Swap is encrypted.

#/dev/hda2              none            swap            sw                      0 0

/dev/mapper/crypt-swap  none            swap            sw                      0 0

```

and in /etc/conf.d/dmcrypt, I have:

```

swap=crypt-swap

options='-c twofish -h sha1 -d /dev/urandom'

source='/dev/hda2'

```

and everything seems to work..

However, when I do anything that requires the swapfile and things get written to it - it bogs down the entire system.

According to conky, "kswap0" seems to be the culprit.

For example, I want to do a hash-check in rtorrent.. Well, I can do move my mouse around and watch conky update every 10 seconds - nothing else until the hash-check is complete.

Then all is normal.

EDIT: Er.. I just noticed that only when allocating space does the computer hog down - not when simply hash-checking. I have anti-defrag features within rtorrent enabled.. But that still shouldn't hog down the machine.. /EDIT

EDIT2: Well, I've done some tests, and it seems like it takes 95 minutes to allocated 16GB. That's roughly 3 mb/s. That's incredibly slow. I use twofish in dmcrypt for my swapfile, and Truecrypt does 13mb/s with the same algorithm... Am I doing something wrong? /EDIT2

I also use truecrypt for my various drives (where the hash-checking is taking place) but tc is not the problem. I didn't experience this problem before I tried to encrypt my swap-file.

Would it help to change the swap-file priority (or dm-crypt priority, I guess), and how can I do it?Last edited by jagomai on Sat Jan 26, 2008 4:50 pm; edited 3 times in total

----------

## Simba7

What are the specs of this system?

..and why so much encryption?

----------

## jagomai

Specs are 1.7Ghz, 1GB RDRAM, Asus s423 board, highpoint diskcard, geforce4.

But I don't think that matters... I don't care about slow, I just want the machine to be usable while it works. That's the whole point of multi-tasking.

I think my problem would be solved if I found a way to deprioritize dmcrypt.. 

Er.. I just noticed that only when allocating space does the computer hog down - not when simply hash-checking. I have anti-defrag features within rtorrent enabled.. But that still shouldn't hog down the machine..

----------

## jagomai

Ok, well, I timed it.

I started a big file (16GB~) and I found out that the allocation went at roughly 2.8 mb/s.. That's REALLY slow. I use Twofish for my swap, and Truecrypt does 13mb/s with the same algorithm!

*sigh*

I'm confused.

Anybody know anything about this?

----------

## madisonicus

My laptop hard disk is encrypted at the root level with 256bit AES via luks, and I use an encrypted swap.  I was very worried about a performance hit when I first set this up, but honestly I cannot tell the difference.  My laptop is an intel core solo running at 1Ghz.  So, it's not a major powerhouse.  Therefore, I would be surprised if the encryption is the problem.  For that matter, you do the same level of encryption when using ssl on the net.

Have you checked to be sure that you have dma enabled on the drive?  What do running "hdparm -tT" and "hdparm -I" on your drive show?

-m

[edit]Incidentally, these are my results for hdparm -tT:

```
 Timing cached reads:   1590 MB in  2.30 seconds = 689.83 MB/sec

 Timing buffered disk reads:  102 MB in  3.04 seconds =  33.53 MB/sec
```

----------

## jagomai

Yeah, I'm surprised, too. Maybe it's because I don't use luks? I don't know.

I have a truecrypt volume on the same disk that the swap is on, and that works fine.. Here are the hdparm commands though:

(I ran them with an emerge running in the background)

 *Quote:*   

> 
> 
> # hdparm -tT /dev/hda
> 
> /dev/hda:
> ...

 

 *Quote:*   

> 
> 
> # hdparm -I /dev/hda
> 
> /dev/hda:
> ...

 

----------

## MostAwesomeDude

Have you tried a faster algorithm, like Blowfish or Serpent?

----------

## jagomai

I haven't tried Blowfish, but AFAIK Twofish is simply an improvement (security-wise) of Blowfish. Serpent is supposed to be the slowest.

I use Twofish in Truecrypt, and it works fine. Even IF Twofish were somehow "slower" it *really* doesn't warrant a speed of 3mb/s when Truecrypt can do 13mb/s on the same disk. I doubt Blowfish would suddenly become 4 times faster than Twofish.

----------

## MostAwesomeDude

 *jagomai wrote:*   

> I haven't tried Blowfish, but AFAIK Twofish is simply an improvement (security-wise) of Blowfish. Serpent is supposed to be the slowest.

 

I was mostly just curious as to what you've tried. FYI, the slowest AES candidate is almost always Rijndael, which ironically was the winner of the AES contest.

----------

## jagomai

Since this problem only occured with rtorrent (for me), I will now mark this problem as solved.

I had the "safe_sync" option enabled in rtorrent. When I removed it, these problems disappeared. Rtorrent is still slow when starting new torrents and while allocating space, but it doesn't hog down my X.

----------

