LUKS: Difference between revisions
Line 65: | Line 65: | ||
# Close the decrypted drive | # Close the decrypted drive | ||
cryptsetup close <name> | cryptsetup close <name> | ||
</pre> | |||
==Benchmark== | |||
<pre> | |||
cryptsetup benchmark | |||
</pre> | |||
{{ hidden | Example Output | | |||
<pre> | |||
# Tests are approximate using memory only (no storage IO). | |||
PBKDF2-sha1 1213629 iterations per second for 256-bit key | |||
PBKDF2-sha256 1524093 iterations per second for 256-bit key | |||
PBKDF2-sha512 1082121 iterations per second for 256-bit key | |||
PBKDF2-ripemd160 648069 iterations per second for 256-bit key | |||
PBKDF2-whirlpool 421453 iterations per second for 256-bit key | |||
argon2i 4 iterations, 875179 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) | |||
argon2id 4 iterations, 889195 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) | |||
# Algorithm | Key | Encryption | Decryption | |||
aes-cbc 128b 542.7 MiB/s 2192.7 MiB/s | |||
serpent-cbc 128b 67.3 MiB/s 459.9 MiB/s | |||
twofish-cbc 128b 140.6 MiB/s 285.8 MiB/s | |||
aes-cbc 256b 405.3 MiB/s 1701.8 MiB/s | |||
serpent-cbc 256b 71.6 MiB/s 459.5 MiB/s | |||
twofish-cbc 256b 146.6 MiB/s 287.1 MiB/s | |||
aes-xts 256b 1421.6 MiB/s 1449.2 MiB/s | |||
serpent-xts 256b 455.9 MiB/s 444.0 MiB/s | |||
twofish-xts 256b 284.2 MiB/s 286.3 MiB/s | |||
aes-xts 512b 1187.2 MiB/s 1177.9 MiB/s | |||
serpent-xts 512b 454.7 MiB/s 446.1 MiB/s | |||
twofish-xts 512b 284.9 MiB/s 286.5 MiB/s | |||
</pre> | |||
}} | |||
==Adiantum== | |||
If you're running a device which does not support AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>. | |||
Adiantum | |||
;Creation | |||
<pre> | |||
cryptsetup -v --type luks2 --cipher xchacha12,aes-adiantum --sector-size 4096 \ | |||
--key-size 256 --hash sha512 --iter-time 5000 --use-urandom \ | |||
--verify-passphrase luksFormat <device> | |||
</pre> | |||
;Benchmark<ref>[https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/ https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/]</ref> | |||
<pre> | |||
cryptsetup benchmark -c xchacha12,aes-adiantum -s 512 | |||
</pre> | </pre> | ||