Re: Encrypting drive

On Monday 09 July 2007 22:23, Anders Breindahl <skrewz@skrewz.dk> wrote:
> > Where "reasonably fast" means faster than a 3GHz P4. A 3GHz P4 system I
> > was working on recently appeared to be limited to 4MB/s, if it wasn't for
> > the fact that the machine is about to be decommissioned then I would
> > probably investigate this further as the performance is lower than
> > expected.
>
> Funny. I get 4 MB/s of AES256 on an 850MHz P3. And >11MB/s on a 3500+
> AMD Sempron. And well above that when using VIA Padlock on another
> system. Are you certain that you're not bottlenecked by some other
> problem?

Not certain, and the machine was being used for some processes other than the disk copy. I may do some further tests after completely decommissioning it.

> > > However, if you should choose to encrypt only, say /home, you'd need to
> > > make sure that data won't ``sieve'' onto the unencrypted parts of the
> > > system, such as /tmp or swap space.
> >
> > True. But the advantage to encrypting only some partitions is that you
> > can get better performance for non-secret data.
>
> If you're stuck with 4MB/s as transfer speed, you could consider
> security trade-offs for performance. But in a faster scenario, I
> wouldn't opt for it.

I don't think that it's a security trade-off to have a file-system for ISOs of Linux distributions that is unencrypted (as an example of one of my machines) - unless the threat model includes an attacker sneaking in, modifying things, and then leaving without detection - a much harder problem to solve.

-- 
russell@coker.com.au
http://etbe.coker.com.au/          My Blog
http://www.coker.com.au/sponsorship.html Sponsoring Free Software development


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org