Harddisk Encryption

Andreas Jellinghaus aj at ciphirelabs.com
Sun Nov 26 15:17:49 GMT 2006

Ivan Krstić wrote:
> Andreas Jellinghaus wrote:
>> encrypting root by default would be a bad idea, as the encryption takes
>> away a lot of performance and usability
> This is common wisdom that's been out of date for some time now. While
> encrypting the root drive might cause noticeable latency for slower
> machines, it can be done with negligible performance impact on a
> standard workstation.

try it yourself for a month, and you will see that current laptop 
computer are significantly worse to use if root and swap (i.e. 
everything) is encrypted. see dm-crypt mailing list for a recent
discussion of the issues.

> You will want to read Niels Ferguson's paper

a paper won't fix the problems in the dm-crypt code.
note: it is not the algorithm that is the problem, but the design as 
whole. the decrypt routing can't allocate memory with the current design 
and thus the blocks from storage have to be passed to some workerthread
that will later decrypt them. thus adding latency.

 > the drive encryption system in Vista

how does that fix dm-crypt in linux?

Regards, Andreas

More information about the ubuntu-devel mailing list