From owner-freebsd-questions@FreeBSD.ORG Wed Jan 14 22:55:43 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C4E9C106567A for ; Wed, 14 Jan 2009 22:55:43 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ew0-f21.google.com (mail-ew0-f21.google.com [209.85.219.21]) by mx1.freebsd.org (Postfix) with ESMTP id 300348FC18 for ; Wed, 14 Jan 2009 22:55:42 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by ewy14 with SMTP id 14so1221763ewy.19 for ; Wed, 14 Jan 2009 14:55:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=q6phAqjtv6aYS/BidEkeTC97yM8Th+0Z9UroYUzsuvI=; b=Hbn1yg8H90AsZZ1qTMqMfTAXatkXKIQVZNQxgPd5TPWipo7N0Pjwoc+bumc7aL2rqP YFcKtUv4l2UbNClNbjbFSItUYHMPCKBcQXQgUzZjqa7k7BcD6OuXhqN9SQ22oTUclO0T beo3tfKEEgaeT8vzGp9bunNScTk/A8AkK/HX4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=GJ4wJc4TMT8xAKQaHtZju0UUKpCkMICkAaygrVp9N9qbylLW60PlI/e7BMV59eQLye jsxBHWxkfHuYECj/GRGjTcaD/3vRuRQT020GEzzLsNoExaCLPtY0oIqqDjtfoczhJjWp HRvXPoTSyenCsFVMy3FG2ugxgjmd9BJFbM4Z8= Received: by 10.210.38.5 with SMTP id l5mr802463ebl.112.1231973742289; Wed, 14 Jan 2009 14:55:42 -0800 (PST) Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk [87.81.140.128]) by mx.google.com with ESMTPS id b36sm375349ika.7.2009.01.14.14.55.40 (version=SSLv3 cipher=RC4-MD5); Wed, 14 Jan 2009 14:55:41 -0800 (PST) Date: Wed, 14 Jan 2009 22:55:38 +0000 From: RW To: freebsd-questions@freebsd.org Message-ID: <20090114225538.66e001de@gumby.homeunix.com> In-Reply-To: <20090114175954.GC97086@slackbox.xs4all.nl> References: <20090114175954.GC97086@slackbox.xs4all.nl> X-Mailer: Claws Mail 3.5.0 (GTK+ 2.12.11; i386-portbld-freebsd7.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: freebsd encrypted hard disk? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2009 22:55:44 -0000 On Wed, 14 Jan 2009 18:59:54 +0100 Roland Smith wrote: > Geli is > convenient and seems to work well. On modern machines the performance > penalty is slight. It supports well-regarded encryption algorithms > like AES and Blowfish. It depends on what you mean by modern, and slight, on my single-core amd64 2.8G the performance penalty of geli is substantial. Not just in reduced transfer rates, but also in terms of CPU cycles used - a sustained geli to geli file copy makes things really slow for me. I think most people find that filling a disk from /dev/random is slower than from /dev/null, or it at least has an impact on overall performance. And the /dev/random generator stage is AES encryption of a counter so the performance hit against /dev/null should be similar to writing to geli (and in my experience it is). And the faster your disks are, the more cpu speed you need to avoid cpu-limiting.