Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AES-cbc vs AES-xts performance on the RPi #42

Open
xmijo opened this issue Feb 20, 2021 · 2 comments
Open

AES-cbc vs AES-xts performance on the RPi #42

xmijo opened this issue Feb 20, 2021 · 2 comments

Comments

@xmijo
Copy link

xmijo commented Feb 20, 2021

Hi,
Regarding the cryptsetup encryption ciphers, is there a good reason why "aes-cbc-essiv:sha256" is the default in the example files when "aes-xts-plain64" appears to have better performance on Raspberry Pis? I know the cipher can be changed in the example files, of course, but just interested in hearing if there's any reason why it is used as default.

cryptsetup benchmark shows:

Algorithm | Key | Encryption | Decryption

    aes-cbc        128b        23.8 MiB/s        77.7 MiB/s
serpent-cbc        128b               N/A               N/A
twofish-cbc        128b        55.8 MiB/s        56.2 MiB/s
    aes-cbc        256b        17.4 MiB/s        58.9 MiB/s
serpent-cbc        256b               N/A               N/A
twofish-cbc        256b        55.8 MiB/s        56.1 MiB/s
    aes-xts        256b        85.0 MiB/s        74.9 MiB/s
serpent-xts        256b               N/A               N/A
twofish-xts        256b        61.1 MiB/s        60.4 MiB/s
    aes-xts        512b        65.4 MiB/s        57.4 MiB/s
serpent-xts        512b               N/A               N/A
twofish-xts        512b        61.3 MiB/s        60.3 MiB/s
@unixabg
Copy link
Owner

unixabg commented Feb 20, 2021

Greetings,
First thank you for the information. As to the reason why "aes-cbc-essiv:sha256" is used, it was used in the example I build the scripts to automate: https://www.kali.org/docs/arm/raspberry-pi-full-encryption/ . I do believe "aes-cbc-essiv:sha256" provides sufficient security, but it would appear not best in performance. I could make a note in the example configs of other options and potential performance improvements OR just leave as is and know if users encounter performance issues they could dig deep enough to find this issue and information.

@thomas725
Copy link

thomas725 commented Oct 13, 2022
edited
Loading

From https://rr-developer.github.io/LUKS-on-Raspberry-Pi/ I've learned that xchacha20,aes-adiantum-plain64 has a much better performance still, but it seems for that we'd need to copy additional kernel modules into initramfs.

root@pios-encrypted-basic-dropbear-arm64:~# cryptsetup benchmark -c xchacha20,aes-adiantum-plain64
# Tests are approximate using memory only (no storage IO).
#            Algorithm |       Key |      Encryption |      Decryption
xchacha20,aes-adiantum        256b       136.7 MiB/s       140.8 MiB/s

And if I'm reading this correctly, xchacha20 is also more secure than AES.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@unixabg @xmijo @thomas725