<div dir="ltr">some food for thought on hardware acceleration and encryption<div><br></div><div><a href="http://www.truecrypt.org/docs/?s=hardware-acceleration">http://www.truecrypt.org/docs/?s=hardware-acceleration</a><br>
</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 2, 2013 at 10:40 AM, Nathan England <span dir="ltr"><<a href="mailto:nathan@nmecs.com" target="_blank">nathan@nmecs.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
What about using solid state drives with AES chips built in? would that remove the performance hit of a highly used server?<br>
<br>
Would a server with several SSD's providing enough storage for the needs sufficiently handle the encryption and raid without a performance hit? Or is that not what the AES chips in the newer SSD's handle?<br>
<br>
<br>
On 4/2/2013 9:48 AM, Paul Mooring wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
You could run some tests yourself, but due to the nature of encryption I<br>
strongly suspect that the overhead added by LVM is negligible. Encryption<br>
is supposed to be CPU intensive, like everything else involve security<br>
it's a tradeoff. The most important thing to keep in mind is that you<br>
don't need to care about CPU overhead, if it's lightly used getting your<br>
files 0.25 seconds later and averaging 60% CPU rather than 40% just<br>
doesn't matter.<br>
<br>
Stepping on my soapbox for a minute here, network/server security is far<br>
less magical than many make it out to be. It's really up to you to<br>
determine how much risk is involved in something and what the costs are to<br>
mitigate that risk. In your case if the server isn't heavily used so the<br>
CPU overhead isn't a problem, the only cost is having to put in a password<br>
to mount the encrypted drive. The risk of having sensitive files makes it<br>
a no brainer to set this up. Contrast that to a file server being used<br>
for just public files (say free exes and isos from the internet) that's<br>
heavily used by an office of people. In that case setting up encryption<br>
is definitely more secure and also a very bad idea because the costs are<br>
greater than the risk.<br>
<br>
All that to say, don't pay too much attention to those numbers. Setting<br>
this up is pretty straightforward and moving data off the encrypted drive<br>
is also pretty easy, so just set it up and if it works for you don't worry<br>
about trying to squeeze that last drop of performance out until you need<br>
to.<br>
</blockquote>
<br>
------------------------------<u></u>---------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.<u></u>org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/<u></u>mailman/listinfo/plug-discuss</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.<br><br>Stephen
</div>