some food for thought on hardware acceleration and encryption http://www.truecrypt.org/docs/?s=hardware-acceleration On Tue, Apr 2, 2013 at 10:40 AM, Nathan England wrote: > > What about using solid state drives with AES chips built in? would that > remove the performance hit of a highly used server? > > Would a server with several SSD's providing enough storage for the needs > sufficiently handle the encryption and raid without a performance hit? Or > is that not what the AES chips in the newer SSD's handle? > > > On 4/2/2013 9:48 AM, Paul Mooring wrote: > >> You could run some tests yourself, but due to the nature of encryption I >> strongly suspect that the overhead added by LVM is negligible. Encryption >> is supposed to be CPU intensive, like everything else involve security >> it's a tradeoff. The most important thing to keep in mind is that you >> don't need to care about CPU overhead, if it's lightly used getting your >> files 0.25 seconds later and averaging 60% CPU rather than 40% just >> doesn't matter. >> >> Stepping on my soapbox for a minute here, network/server security is far >> less magical than many make it out to be. It's really up to you to >> determine how much risk is involved in something and what the costs are to >> mitigate that risk. In your case if the server isn't heavily used so the >> CPU overhead isn't a problem, the only cost is having to put in a password >> to mount the encrypted drive. The risk of having sensitive files makes it >> a no brainer to set this up. Contrast that to a file server being used >> for just public files (say free exes and isos from the internet) that's >> heavily used by an office of people. In that case setting up encryption >> is definitely more secure and also a very bad idea because the costs are >> greater than the risk. >> >> All that to say, don't pay too much attention to those numbers. Setting >> this up is pretty straightforward and moving data off the encrypted drive >> is also pretty easy, so just set it up and if it works for you don't worry >> about trying to squeeze that last drop of performance out until you need >> to. >> > > ------------------------------**--------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.**org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/**mailman/listinfo/plug-discuss > -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen