Depends on your hardware of course. Most important performance enhancement is using a CPU with AES-NI capabilities, provided by most of the recent Core i5/i7 processors and a kernel supporting it (most recent versions do). It's similar to video acceleration, but then for AES calculations.
Do a grep aes /proc/cpuinfo to see if your CPU is capable. If so, it will then be able to en/decrypt hundreds of megabytes a second without too much load; more than enough for most systems or a root filesystem. Provided your encryption software uses this (kernel interface). Using dm-crypt (Luks) does this for sure. This Arch Wiki article claims you should be able to do roughly 570 MB/s on a first-generation i7 CPU.
I haven't done real benchmarking, but I find almost no slowdown in doing a read-only benchmark using 'palimpsest' (Gnome Disk Utility) on my Intel 310 series 80GB SSD using dm-crypt (full disk) encryption enabled. A steady ~ 250 MB/s sequential reading all the way on an LVM LV (on top of dm-crypt).
See this Phoronix article for serious benchmarks of AES-NI and dm-crypt. An excerpt from that article:
While the Ubuntu home directory encryption feature with eCryptfs may
not be beneficial at this point with Intel AES-NI, full-disk
encryption with Intel AES-NI using dmcrypt is noticeably better.
Several of the benchmarks produced dramatically better results with
AES-NI while at the same time delivering lower CPU usage. AES-NI
appears to be a huge win if planning to encrypt your entire disk using
this feature found in Ubuntu's alternate installer.
This is a bit outdated now, and eCryptfs might not be suffering these slowdowns anymore.
Depends on your hardware of course. Most important performance enhancement is using a CPU with AES-NI capabilities, provided by most of the recent Core i5/i7 processors and a kernel supporting it (most recent versions do). It's similar to video acceleration, but then for AES calculations.
Do a
grep aes /proc/cpuinfo
to see if your CPU is capable. If so, it will then be able to en/decrypt hundreds of megabytes a second without too much load; more than enough for most systems or a root filesystem. Provided your encryption software uses this (kernel interface). Usingdm-crypt
(Luks) does this for sure. This Arch Wiki article claims you should be able to do roughly 570 MB/s on a first-generation i7 CPU.I haven't done real benchmarking, but I find almost no slowdown in doing a read-only benchmark using 'palimpsest' (Gnome Disk Utility) on my Intel 310 series 80GB SSD using dm-crypt (full disk) encryption enabled. A steady ~ 250 MB/s sequential reading all the way on an LVM LV (on top of dm-crypt).
See this Phoronix article for serious benchmarks of AES-NI and dm-crypt. An excerpt from that article:
This is a bit outdated now, and eCryptfs might not be suffering these slowdowns anymore.