[kwlug-disc] Encrypted disk vs Encrypted Home

Ron Singh ronsingh149 at gmail.com
Sat Apr 25 12:22:21 EDT 2020 

Wow, that article was quite something! A bit past my pay grade, but I was
able to get the gist of it. Thanks for the link.
I will play with the kernel, still on 4.4.x, but will have at go at 5.4 and
work my way back as it is dead easy to do wit hthe kernel loading tool in
Mint.

Thanks,

Ron S.



On Thu, Apr 23, 2020 at 10:17 PM Hubert Chathi <hubert at uhoreg.ca> wrote:

> CloudFlare had an interesting blog post about some of the work they're
> doing to improve performance of hard drive encryption:
> https://blog.cloudflare.com/speeding-up-linux-disk-encryption/
>
> One of the results of their investigation is that the kernel may not be
> using hardware-accelerated encryption, even if it's available.
>
> They're working on upstreaming their changes, but I don't know how much
> (if any) is in yet.  But it may be worth trying a newer kernel if
> possible.
>
> On Thu, 23 Apr 2020 21:33:14 -0400, Benjamin Tompkins <
> bjtompkins at gmail.com> said:
>
> > Ok.  So you are using AES as the cipher, so it should be using the CPU
> > hardware capability already.
>
> > I am not sure if you are going to be able get any more efficiency and
> > a cooler CPU.
>
>
>
> > On Thu, Apr 23, 2020 at 9:27 PM Ron Singh <ronsingh149 at gmail.com> wrote:
>
> >> I get this --
> >>
> >> sudo cryptsetup luksDump /dev/sda5 LUKS header information for
> >> /dev/sda5
> >>
> >> Version: 1 Cipher name: aes Cipher mode: xts-plain64 Hash spec:
> >> sha256 Payload offset: 4096 MK bits: 512
> >>
> >> Thanks,
> >>
> >> Ron S.
> >>
> >>
> >>
> >> On Thu, Apr 23, 2020 at 9:18 PM Benjamin Tompkins
> >> <bjtompkins at gmail.com>
> >> wrote:
> >>
> >>> What cipher though?
> >>>
> >>>
> >>>
> https://unix.stackexchange.com/questions/260533/how-do-can-i-tell-what-encryption-is-being-used-with-signed-in-luks
> >>>
> >>> There are a couple of commands here that can help determine that.
> >>>
> >>>
> >>>
> >>> On Thu, Apr 23, 2020 at 9:16 PM Ron Singh <ronsingh149 at gmail.com>
> wrote:
> >>>
> >>>> dm-crypt and LUKS, and I have the Intel i7-2640M SandyBridge CPU
> >>>> with AES built-in, but I have no idea(yet) if dm-crypt uses any
> >>>> sort of built-in CPU encryption schemes.
> >>>>
> >>>> *Perhaps I should keep a piece of balsa wood(nice and light) in my
> >>>> knapsack as a lap platform and be done with it.*
> >>>>
> >>>> Thanks,
> >>>>
> >>>> Ron S.
> >>>>
> >>>>
> >>>>
> >>>> On Thu, Apr 23, 2020 at 8:17 PM Benjamin Tompkins
> >>>> <bjtompkins at gmail.com>
> >>>> wrote:
> >>>>
> >>>>> Do you know what cipher is being used, and is that cipher built
> >>>>> into the CPU?
> >>>>>
> >>>>> You may need to back up the data and re-encrypt the drive with a
> >>>>> cipher that the CPU can do in hardware and not rely on it
> >>>>> performing the calculations in software.
> >>>>>
> >>>>> On Thu, Apr 23, 2020 at 7:16 PM Ron Singh <ronsingh149 at gmail.com>
> >>>>> wrote:
> >>>>>
> >>>>>> I use laptops exclusively, I use Linux Mint all day long for my
> >>>>>> various jobs. I have a fleet of older Thinkpads I use for each
> >>>>>> biz/client.
> >>>>>>
> >>>>>> I grow more fearful of having my laptop du jour stolen.
> >>>>>>
> >>>>>> I have 3 identical laptops set up with Mint 18.2(based on Ubu
> >>>>>> 16.04 LTS) with the same power profile(using TLP).  One has no
> >>>>>> encryption, 1 has encryption only on Home, the last has the
> >>>>>> entire SSD encrypted.  - No encryption, idle temp is 39-40C (no
> >>>>>> issues on lap) - Encrypted Home, idle temp is 42-45C (warm on lap
> >>>>>> but not uncomfortable) - Encrypted Disk, idle temp is 46-50C
> >>>>>> (uncomfortable as hell on lap)
> >>>>>>
> >>>>>> Any ideas on how to get that Encryted Disk temps down? I have the
> >>>>>> CPU locked down at 1.2Ghz max(from 2.6Ghz), unused ports go to
> >>>>>> sleep, running an SSD, fan is set for aggressive blowing to
> >>>>>> reduce internal chassis temp.
> >>>>>>
> >>>>>> Thanks,
> >>>>>>
> >>>>>> Ron S.
> >>>>>>
> >>>>>> _______________________________________________ kwlug-disc
> >>>>>> mailing list kwlug-disc at kwlug.org
> >>>>>> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >>>>>>
> >>>>> _______________________________________________ kwlug-disc mailing
> >>>>> list kwlug-disc at kwlug.org
> >>>>> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >>>>>
> >>>> _______________________________________________ kwlug-disc mailing
> >>>> list kwlug-disc at kwlug.org
> >>>> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >>>>
> >>> _______________________________________________ kwlug-disc mailing
> >>> list kwlug-disc at kwlug.org
> >>> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >>>
> >> _______________________________________________ kwlug-disc mailing
> >> list kwlug-disc at kwlug.org
> >> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >>
> > _______________________________________________ kwlug-disc mailing
> > list kwlug-disc at kwlug.org
> > https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20200425/e19d3566/attachment.htm>

More information about the kwlug-disc mailing list