[kwlug-disc] Encrypted disk vs Encrypted Home

Hubert Chathi hubert at uhoreg.ca
Thu Apr 23 22:16:47 EDT 2020 

CloudFlare had an interesting blog post about some of the work they're
doing to improve performance of hard drive encryption:
https://blog.cloudflare.com/speeding-up-linux-disk-encryption/

One of the results of their investigation is that the kernel may not be
using hardware-accelerated encryption, even if it's available.

They're working on upstreaming their changes, but I don't know how much
(if any) is in yet.  But it may be worth trying a newer kernel if
possible.

On Thu, 23 Apr 2020 21:33:14 -0400, Benjamin Tompkins <bjtompkins at gmail.com> said:

> Ok.  So you are using AES as the cipher, so it should be using the CPU
> hardware capability already.

> I am not sure if you are going to be able get any more efficiency and
> a cooler CPU.



> On Thu, Apr 23, 2020 at 9:27 PM Ron Singh <ronsingh149 at gmail.com> wrote:

>> I get this --
>> 
>> sudo cryptsetup luksDump /dev/sda5 LUKS header information for
>> /dev/sda5
>> 
>> Version: 1 Cipher name: aes Cipher mode: xts-plain64 Hash spec:
>> sha256 Payload offset: 4096 MK bits: 512
>> 
>> Thanks,
>> 
>> Ron S.
>> 
>> 
>> 
>> On Thu, Apr 23, 2020 at 9:18 PM Benjamin Tompkins
>> <bjtompkins at gmail.com>
>> wrote:
>> 
>>> What cipher though?
>>> 
>>> 
>>> https://unix.stackexchange.com/questions/260533/how-do-can-i-tell-what-encryption-is-being-used-with-signed-in-luks
>>> 
>>> There are a couple of commands here that can help determine that.
>>> 
>>> 
>>> 
>>> On Thu, Apr 23, 2020 at 9:16 PM Ron Singh <ronsingh149 at gmail.com> wrote:
>>> 
>>>> dm-crypt and LUKS, and I have the Intel i7-2640M SandyBridge CPU
>>>> with AES built-in, but I have no idea(yet) if dm-crypt uses any
>>>> sort of built-in CPU encryption schemes.
>>>> 
>>>> *Perhaps I should keep a piece of balsa wood(nice and light) in my
>>>> knapsack as a lap platform and be done with it.*
>>>> 
>>>> Thanks,
>>>> 
>>>> Ron S.
>>>> 
>>>> 
>>>> 
>>>> On Thu, Apr 23, 2020 at 8:17 PM Benjamin Tompkins
>>>> <bjtompkins at gmail.com>
>>>> wrote:
>>>> 
>>>>> Do you know what cipher is being used, and is that cipher built
>>>>> into the CPU?
>>>>> 
>>>>> You may need to back up the data and re-encrypt the drive with a
>>>>> cipher that the CPU can do in hardware and not rely on it
>>>>> performing the calculations in software.
>>>>> 
>>>>> On Thu, Apr 23, 2020 at 7:16 PM Ron Singh <ronsingh149 at gmail.com>
>>>>> wrote:
>>>>> 
>>>>>> I use laptops exclusively, I use Linux Mint all day long for my
>>>>>> various jobs. I have a fleet of older Thinkpads I use for each
>>>>>> biz/client.
>>>>>> 
>>>>>> I grow more fearful of having my laptop du jour stolen.
>>>>>> 
>>>>>> I have 3 identical laptops set up with Mint 18.2(based on Ubu
>>>>>> 16.04 LTS) with the same power profile(using TLP).  One has no
>>>>>> encryption, 1 has encryption only on Home, the last has the
>>>>>> entire SSD encrypted.  - No encryption, idle temp is 39-40C (no
>>>>>> issues on lap) - Encrypted Home, idle temp is 42-45C (warm on lap
>>>>>> but not uncomfortable) - Encrypted Disk, idle temp is 46-50C
>>>>>> (uncomfortable as hell on lap)
>>>>>> 
>>>>>> Any ideas on how to get that Encryted Disk temps down? I have the
>>>>>> CPU locked down at 1.2Ghz max(from 2.6Ghz), unused ports go to
>>>>>> sleep, running an SSD, fan is set for aggressive blowing to
>>>>>> reduce internal chassis temp.
>>>>>> 
>>>>>> Thanks,
>>>>>> 
>>>>>> Ron S.
>>>>>> 
>>>>>> _______________________________________________ kwlug-disc
>>>>>> mailing list kwlug-disc at kwlug.org
>>>>>> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>>>>> 
>>>>> _______________________________________________ kwlug-disc mailing
>>>>> list kwlug-disc at kwlug.org
>>>>> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>>>> 
>>>> _______________________________________________ kwlug-disc mailing
>>>> list kwlug-disc at kwlug.org
>>>> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>>> 
>>> _______________________________________________ kwlug-disc mailing
>>> list kwlug-disc at kwlug.org
>>> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>> 
>> _______________________________________________ kwlug-disc mailing
>> list kwlug-disc at kwlug.org
>> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>> 
> _______________________________________________ kwlug-disc mailing
> list kwlug-disc at kwlug.org
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org

More information about the kwlug-disc mailing list