[Discuss] NAS: encryption

[tmetro+blu at gmail.com (Tom Metro)]

Edward Ned Harvey (blu) wrote:
>>Tom Metro wrote:
>> I imagine it would be challenging to pull off encryption well with 
>> appliance hardware. The first problem is getting the software to do
>> it. (Plus all the automation you've previously discussed to set up
>> the keys on boot.) The second challenge is having the horsepower to
>> perform the encryption. Not impossible if they chose their embedded
>> CPU well, but unlikely to be optimized for that.
> 
> You seem to think there's an obstacle which isn't really real -
> Encryption is very cheap computationally, so cheap indeed it can be
> done by the disks themselves.

Yes, disk that have hardware acceleration for that purpose.

While we are certainly heading in the direction where the CPU overhead
for encryption can be ignored, even in low-end embedded devices, we are
not there yet.

As a point of reference, the SoC in the Raspberry Pi is similar to what
is used in some of the NAS appliances. Here are some benchmarks showing
how the Raspberry Pi SoC, which lacks AES hardware acceleration, handles
encryption:

https://inkofpark.wordpress.com/2013/03/30/raspberry-pi-truecrypt-benchmark/
http://www.finnie.org/2015/02/21/raspberry-pi-2-ubuntu-raspbian-benchmarks/
http://stackoverflow.com/questions/31306425/ridiculous-performance-with-openssl-aes-gcm-on-raspberry-pi-2


Doing AES-256 CBC 1024, the Pi is about 10x slower than an i5 per the
2nd link. 30 times slower than a Macbook per the 3rd link. And achieved
2.1 MB/s using TrueCrypt with AES per the (updated) benchmarks linked
from the first posting. (Unfortunately the author didn't include the raw
disk I/O rate for comparison.)

 -Tom

-- 
Tom Metro
The Perl Shop, Newton, MA, USA
"Predictable On-demand Perl Consulting."
http://www.theperlshop.com/