# GELI Benchmarks (AES/BLOWFISH/CAMELLIA/3DES)



## eyebone (Apr 4, 2010)

hej guys'n'girls,

i wanted to test how the IO performance changes using geli in correlation with and without integrity checking. i know that an important factor of such tests are at least:

* the cpu
* kind of hardware(hdd, used controller)
* testmethod itself

the testsystem was:

* Intel Core 2 Duo E8400@ 3.00Ghz
* 4096 DDR2 RAM
* ICH7 SATA300 Controller
* Intel SSDSA2M160G2GC (intel ssd 160gb) connected only SATA150(need to check this, should be SATA300)

used platform:

* freebsd 8.0 install dvd, in fixit modus

testtools:

* geli
* dd

1. i created a geli encrypted device
2. attached it
3. wrote with dd for some seconds on the device
4. calculated and compared the output

used commands:


```
geli init -i -b -l 128/192/256 -e aes/camillea/blowfish/3des -a HMAC/MD5 HMAC/SHA1 HMAC/SHA256 HMAC/512 /dev/ad6
geli attach /dev/ad6.eli
dd if=/dev/zero of=/dev/ad6.eli bs=4096
geli detach /dev/ad6.eli
```
results:

no crypto
=========

no crypto = 69.61 == 70mb

aes tests
=========

Sector Size 1024

aes 128 + no integrity = 32.1036 == 32mb
aes 128 + hmac/md5 = 20.71 == 21mb

Sector Size 2048

aes 128 + no integrity = 32.9644 == 33mb
aes 128 + hmac/md5 = 23.212 == 23mb

Sector Size 4096

aes 128 + no integrity = 32,96 == 33mb
aes 128 + hmac/md5 = 23.977 == 24mb
aes 128 + hmac/sha1 = 17.5959 == 18mb
aes 128 + hmac/sha256 = 17.1567 == 17mb
aes 128 + hmac/sha512 = 10.162 == 10mb

aes 256 + no integrity = 28,966 == 29mb
aes 256 + hmac/md5 = 21,85 write == 22mb

blowfish tests
==============

blowfish 128 + no integrity = 28.363 == 28mb
blowfish 128 + hmac/md5 = 21.69030 = 22mb
blowfish 128 + hmac/sha1 = 17.4688 = 17mb
blowfish 128 + hmac/sha256 = 16.016 == 16mb
blowfish 128 + hmac/sha512 = 9,761 = 10mb

blowfish 256 + no integrity = 28.5764 == 28mb
blowfish 256 + hmac/md5 = 21.715 == 22mb

camellia tests
==============

camellia 128 + no integrity == 30.65496 == 31mb
camellia 128 + hmac/md5 == 22.727 == 23mb

camellia 256 + no integrity == 27.0552 == 27mb
camellia 256 + hmac/md5 == 20,657 == 21mb

3DES tests
==========

3des 192 + no integrity == 8.8512 == 9mb
3des 192 + hmac/md5 == 8.0693 == 8mb


i know that the io performance changes from system to system, however, i assume that the overall loss of performance and differences in performance will stay compareable even to different configured systems. i have to add here that i wonder about crypto card support like vpn1411 or such which can be bought as pci model as well.

i made those basicly to help myself to decide what kind of crypto and/or integrity checking i should use. i hope someone else will find it useful, if i made mistakes in my calculations or u have additional tests to add please let me know.

regards,


----------

