Performance impact of full disk encryption?

[blueshiftoverwatch]

How much would using full disk encryption of varying types effect the performance of a hard drive? IE, the time it takes to read/write data and to load programs.

What about CPU usage?

[iponeverything]

I can't give you any benchmarks or anything, but from using it it seems quite responsive with a good disk, but it did have an issue of going out to lunch for about 5 seconds or more every now again. I found this a bit annoying, but nothing I couldn't live with.

I keep a second drive with full disk encryption that I rsync when I go on the road. It does provide some peace of mind.

[blueshiftoverwatch]

I've heard from two friends that it's barely noticeable. but have read on various websites that it's very noticeable.

Does it have any effect (besides generally being quicker) if you use it with RAID0?

[tubbygweilo]

blueshiftoverwatch,
If full disk encryption is a must have then any question of a performance hit is not relevant but if the full disk encryption is a nice to have then performance might be an issue. If you do not need all the benefits offered by full disk encryption then encrypting just the data you consider sensitive might give you the best of both worlds.

[rookcifer]

It depends on which cipher is being used. The default is AES-256, which is pretty fast since it was written in assembler. Serpent will be a little slower.

The benchmarks I have seen (Phoronix, etc.) say that AES-256 gives about a 5% performance hit. Not bad at all.

[blueshiftoverwatch]

The benchmarks I have seen (Phoronix, etc.) say that AES-256 gives about a 5% performance hit. Not bad at all.

That doesn't sound too bad.

What encryption application would you recommend using? A friend who's really into security said that he's using Fedora over Ubuntu because it gives you the option to encrypt your entire disk by default. Because when you have to set it up after the OS is already installed it's a huge pain.

[michaelzap]

That doesn't sound too bad.

What encryption application would you recommend using? A friend who's really into security said that he's using Fedora over Ubuntu because it gives you the option to encrypt your entire disk by default. But when you have to set it up after the OS is already installed it's a huge pain.

Full-disk encryption is easy with Ubuntu if you use the Alternate CD installer. I just did it this afternoon and it takes maybe 60 seconds longer than a regular installation. I've never noticed any performance hit with LUKS full-disk encryption on any relatively new computer, and personally I think it's a bit more stable than home directory (+swap) encryption.

[HermanAB]

Howdy,

The performance hit is negligible. While compiling a kernel I have measured it to be about 3% slower with full encryption. So if you want to recover that little penalty, simply change from Ext3 to JFS or XFS.

[blueshiftoverwatch]

The performance hit is negligible. While compiling a kernel I have measured it to be about 3% slower with full encryption. So if you want to recover that little penalty, simply change from Ext3 to JFS or XFS.

Or Ext4 if I wanted to live dangerously. From what I've read Ext3 and 4 are designed as good general purpose FS's while JFS and XFS are specifically designed for handling large files quickly, at the expensive of handling smaller files quickly.

[scorp123]

Or Ext4 if I wanted to live dangerously.

Ext4 is stable now. And fast as hell. I use it on my fully encrypted disks and if I wouldn't know that the disks are encrypted I wouldn't be able to notice anything.

JFS and XFS are specifically designed for handling large files quickly

Yes. But XFS can have ugly side effects, e.g. on certain systems and with certain disks it doesn't take sudden power failures lightly. On a bad day when and if XFS crashes (e.g. sudden power failure) whatever file happened to be open at that time may end up being overwritten with binary 0's ... result: empty files.

Imagine this: You're watching a movie. These days that would be a ~700 MB *.avi file of some sorts. And suddenly there's a power failure ... bammmm, everything turns dark. The lights come back on, you boot your computer again with the intent to continue the movie ... only to find an empty file now.

This has happened to me. And to others, e.g. here:

"XFS Destroys Files"
http://ubuntuforums.org/showthread.php?t=1025412

I used to have XFS on my servers ... but since Ext4 is out I've been switching my systems over to Ext4. So far it has survived all crashes, e.g. we intentionally unplugged a running server from power just to see if Ext4 would lose any data ... So far everything seems OK. The nice thing about Ext4 seems to be that it is reliable as Ext3 but performs as well and fast as XFS.

I personally would not recommend to use XFS on a system that has no UPS. If sudden power failures are an issue then you risk losing files with XFS. And with full-disk encryption this only gets worse.

So if you want known reliability: Use Ext3. If you trust the kernel developers and their promises that Ext4 is stable now: Use Ext4. As I said: It's really really fast and I have not experienced any weird issues with Ext4 so far.

Also the support forums seem to be silent regarding Ext4 troubles? I'd assume that if there were any obvious problems we'd see far more postings and complaints in the support sections ... ?