4

The only information I found about the difference of performance between dm-crypt (LUKS mode) and ecryptfs is that given that ecryptfs operates at filesystem-level, it may be slower when doing operations on a lot of small files.

Given that they both seem to use AES as cipher, in what situation can dm-crypt be faster than ecryptfs?

Anders
  • 64,406
  • 24
  • 178
  • 215
Hey
  • 1,905
  • 1
  • 16
  • 23
  • 1
    When comparing io performance, you need to specify the workload. Sequentially writing single 1TB file is very different from compiling chromium. – Z.T. Aug 16 '15 at 18:37
  • Not sure why this question is downvoted as its seems a reasonable question to me. Can downvoters explain why? – lepe Aug 17 '15 at 00:47
  • @lepe I was wondering too :/ Maybe the question is too broad ? – Hey Aug 17 '15 at 14:55
  • @YdobEmos: Maybe, but I still feel that the question is pretty straight forward. Anyway, if you are concerned about using one over the other, I would recommend you to make yourself a benchmark for your specific case. – lepe Aug 18 '15 at 00:37
  • I'm not an expert, but my experience with ecryptfs was dismal for small files with fast reads and writes on desktop grade hardware. It may be enlightening to check out: https://lwn.net/Articles/639427/ about ext4 encryption, which talks about the layered effects of ecryptfs. – Phil Sep 30 '15 at 17:43

2 Answers2

0

In my experience ecryptfs has been much slower than dm-crypt but better in read operations than dm-crypt. Not sure why though. I did benchmarks using iozone.

Ram Gupta
  • 1
  • 2
    Could you post your benchmark results and explain how you obtained them? That would make for a very good answer. – grochmal Sep 12 '16 at 20:05
0

I don't have a source at the moment, but looking at the speed gap, dm-crypt seems to use the AES-NI hardware acceleration, where ecryptfs doesn't. That could explain the huge difference.

Hey
  • 1,905
  • 1
  • 16
  • 23