BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] NAS: encryption
- Subject: [Discuss] NAS: encryption
- From: tmetro+blu at gmail.com (Tom Metro)
- Date: Sat, 11 Jul 2015 18:05:38 -0400
- In-reply-to: <BY1PR0401MB1641117906253C39D8075681DC940@BY1PR0401MB1641.namprd04.prod.outlook.com>
- References: <5596D8DA.2000201@gmail.com> <55980A9F.4020007@gmail.com> <BY1PR0401MB1641117906253C39D8075681DC940@BY1PR0401MB1641.namprd04.prod.outlook.com>
Edward Ned Harvey (blu) wrote: >>Tom Metro wrote: >> I imagine it would be challenging to pull off encryption well with >> appliance hardware. The first problem is getting the software to do >> it. (Plus all the automation you've previously discussed to set up >> the keys on boot.) The second challenge is having the horsepower to >> perform the encryption. Not impossible if they chose their embedded >> CPU well, but unlikely to be optimized for that. > > You seem to think there's an obstacle which isn't really real - > Encryption is very cheap computationally, so cheap indeed it can be > done by the disks themselves. Yes, disk that have hardware acceleration for that purpose. While we are certainly heading in the direction where the CPU overhead for encryption can be ignored, even in low-end embedded devices, we are not there yet. As a point of reference, the SoC in the Raspberry Pi is similar to what is used in some of the NAS appliances. Here are some benchmarks showing how the Raspberry Pi SoC, which lacks AES hardware acceleration, handles encryption: https://inkofpark.wordpress.com/2013/03/30/raspberry-pi-truecrypt-benchmark/ http://www.finnie.org/2015/02/21/raspberry-pi-2-ubuntu-raspbian-benchmarks/ http://stackoverflow.com/questions/31306425/ridiculous-performance-with-openssl-aes-gcm-on-raspberry-pi-2 Doing AES-256 CBC 1024, the Pi is about 10x slower than an i5 per the 2nd link. 30 times slower than a Macbook per the 3rd link. And achieved 2.1 MB/s using TrueCrypt with AES per the (updated) benchmarks linked from the first posting. (Unfortunately the author didn't include the raw disk I/O rate for comparison.) -Tom -- Tom Metro The Perl Shop, Newton, MA, USA "Predictable On-demand Perl Consulting." http://www.theperlshop.com/
- Follow-Ups:
- [Discuss] NAS: encryption
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] NAS: encryption
- References:
- [Discuss] NAS: buy vs. build
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] NAS: encryption
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] NAS: encryption
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] NAS: buy vs. build
- Prev by Date: [Discuss] NAS: lots of bays vs. lots of boxes
- Next by Date: [Discuss] NAS: encryption
- Previous by thread: [Discuss] NAS: encryption
- Next by thread: [Discuss] NAS: encryption
- Index(es):