Our laptops and portable drives must be LUKS encrypted. LUKS doesn't really seem to cause much performance loss on normal laptop hard drives (7200RPM) for us. With the crazy data rates you get with SSDs, is that still true?
I searched around a little, but I didn't see any actual comparisons between LUKS vs. non-LUKS on SSDs.
I'm currently seeing 150MB/s performance with my SSD and LUKS. That is a 50% loss since without LUKS my SSD will get 300MB/s read performance.
I'm using Fedora 17 with Linux kernel 3.4.
Yes the CPU usage of the encryption will go up, however unless the machine is otherwise CPU bound I'd expect IO to still be the bottlenect as most current machines should be able to exceed 250MB/sec of AES (that being the SATA-3g bandwidth)
AES-NI with SSD tests are in a link below check this: http://dentarg.it64.com/content/luks-and-intel-aes-ni-performance-part-2
What about processors that has no hardware acceleration on encryption... or not using AES... etc.
Speed can go down to 15MiB/s (cascade algorithms like Serpenter and Twofish)... while two SSD in Linux Software Raid 0 can get more than 950MiB/s.
Speed loose is 'huge', very 'huge'.... on my test from 993MiB/s to 13.8MiB/s.
It is a Laptop where i put two Samsumng SSD 740 EVO, one in normal 2.5 slot, the other on a caddy where the dvd was... 8GIB ram and a processor quite old without AES and only 3GHz with Dual core.
I agree with Anonymous, i had done a test on a 64GiB RAM Ryzen 7 2700x (16 threads on 8 cores) and when Rendering (CPU is max used) the I/O on the LUKs SSD drops down a lot.
Most if using not AES, using cascade (LUKS over LUKS) with algorithms that must run on the CPU while no CPU is free to be used since it is been used on Rendering.
Identical situation for fast transcoding MPEG2 (DVD VOBs) to MP4, cpu is maxed out so there is no CPU free for LUKS.
Just a tip: If we would talk about fast NVMe (3000MiB/s write) the drop down is the same, you get a few megabytes per second writes when CPU is being used intensibly.
And that tested on a 4.35GHz Ryzen 7 2700X (8 cores / 16 threads) with 64GiB RAM 3200MHz.
Another Tip: AES is broken and has back-doors, worst if it is the hardware builtin "Intel" processors AES (or also worst disk drive internal AES), to be safe do not use AES for LUKS, neither use hard disk drives (HDD and/or SSD) with built-in hardware encryption, if you do not use ATA-passwords on them any one malicious can launch a fast command (in less than 0.1s) to it and activate a ATA-password change (from empty to non empty) and on next power down your data is hijacked, you can not access that disk without that ATA-password.
Software encryption is against speed, hardware encription is not even safe.