LINUX.ORG.RU

История изменений

Исправление Umberto, (текущая версия) :

xts-essiv:sha256

Тут я забыл и ошибся, лучше ctr-essiv:sha256, ctr параллелится.

Есть ещё такой скрипт.

#!/bin/bash

## This script benchmarks write and read performance of given block ciphers.
## Edit the list of 'cryptsetup' options at the end of this file.
## 
## Results are written in MiB/s (2^20 bytes per second) in a CSV file and stdout.
##
## You must have a writable block device of at least 1.05 GiB of size.
## WARNING: The contents of the block device will be overwritten.
##
## You can create a temporary loopback device on a ram-disk as follows: 
##    mkdir /mnt/ramdisk
##    mount -t tmpfs none /mnt/ramdisk -o size=1200m
##    dd if=/dev/zero of=bigsecret bs=1048576 count=1024
##    losetup /dev/loop0 bigsecret
##
## A key must be put in $KEYFILE. It can be anything.
##
## Author: Heikki Salokanto <heikki.salokanto@gmail.com>


OUT=/tmp/results.csv
KEYFILE=/tmp/keyfile
BLOCKDEV=/dev/loop0

if [ $UID != 0 ]; then echo "Must be root"; exit 1; fi

printf "%-35s%9s%9s\n" "Options" "Write" "Read" | tee $OUT

cd /mnt
[ -d cr ] || mkdir cr  

while read opts; do

	printf "%-35s" "$opts" | tee -a $OUT

	cryptsetup -q $opts luksFormat $BLOCKDEV $KEYFILE
	cryptsetup --key-file $KEYFILE luksOpen $BLOCKDEV crypt

	mkfs.ext4 -m 0 -q /dev/mapper/crypt
	mount /dev/mapper/crypt cr

	( time -p { dd if=/dev/zero of=cr/file bs=1048576 count=1024; sync; } ) 2>&1 \
	  | perl -ne 'printf "%9.2f", 1024/$1 if /real (.+)$/' | tee -a $OUT

	echo 3 >/proc/sys/vm/drop_caches

	( time -p dd if=cr/file of=/dev/null bs=1048576 ) 2>&1 \
 	  | perl -ne 'printf "%9.2f\n", 1024/$1 if /real (.+)$/' | tee -a $OUT

	umount cr
	cryptsetup luksClose crypt

done <<EOF
-c aes-xts-plain -s 256
-c aes-cbc-essiv:sha256 -s 128
-c aes-xts-plain -s 384
-c aes-cbc-essiv:sha256 -s 192
-c aes-xts-plain -s 512
-c aes-cbc-essiv:sha256 -s 256

-c twofish-ctr-plain64:sha256 -s 128
-c twofish-ctr-essiv:sha256 -s 128

-c twofish-ctr-plain64:sha256 -s 256
-c twofish-ctr-essiv:sha256 -s 256
EOF

Исходная версия Umberto, :

Есть ещё такой скрипт.

#!/bin/bash

## This script benchmarks write and read performance of given block ciphers.
## Edit the list of 'cryptsetup' options at the end of this file.
## 
## Results are written in MiB/s (2^20 bytes per second) in a CSV file and stdout.
##
## You must have a writable block device of at least 1.05 GiB of size.
## WARNING: The contents of the block device will be overwritten.
##
## You can create a temporary loopback device on a ram-disk as follows: 
##    mkdir /mnt/ramdisk
##    mount -t tmpfs none /mnt/ramdisk -o size=1200m
##    dd if=/dev/zero of=bigsecret bs=1048576 count=1024
##    losetup /dev/loop0 bigsecret
##
## A key must be put in $KEYFILE. It can be anything.
##
## Author: Heikki Salokanto <heikki.salokanto@gmail.com>


OUT=/tmp/results.csv
KEYFILE=/tmp/keyfile
BLOCKDEV=/dev/loop0

if [ $UID != 0 ]; then echo "Must be root"; exit 1; fi

printf "%-35s%9s%9s\n" "Options" "Write" "Read" | tee $OUT

cd /mnt
[ -d cr ] || mkdir cr  

while read opts; do

	printf "%-35s" "$opts" | tee -a $OUT

	cryptsetup -q $opts luksFormat $BLOCKDEV $KEYFILE
	cryptsetup --key-file $KEYFILE luksOpen $BLOCKDEV crypt

	mkfs.ext4 -m 0 -q /dev/mapper/crypt
	mount /dev/mapper/crypt cr

	( time -p { dd if=/dev/zero of=cr/file bs=1048576 count=1024; sync; } ) 2>&1 \
	  | perl -ne 'printf "%9.2f", 1024/$1 if /real (.+)$/' | tee -a $OUT

	echo 3 >/proc/sys/vm/drop_caches

	( time -p dd if=cr/file of=/dev/null bs=1048576 ) 2>&1 \
 	  | perl -ne 'printf "%9.2f\n", 1024/$1 if /real (.+)$/' | tee -a $OUT

	umount cr
	cryptsetup luksClose crypt

done <<EOF
-c aes-xts-plain -s 256
-c aes-cbc-essiv:sha256 -s 128
-c aes-xts-plain -s 384
-c aes-cbc-essiv:sha256 -s 192
-c aes-xts-plain -s 512
-c aes-cbc-essiv:sha256 -s 256
EOF