On Wed, 14 Jan 2009 18:59:54 +0100
Roland Smith <firstname.lastname@example.org> wrote:
> Geli is
> convenient and seems to work well. On modern machines the performance
> penalty is slight. It supports well-regarded encryption algorithms
> like AES and Blowfish.
It depends on what you mean by modern, and slight, on my single-core
amd64 2.8G the performance penalty of geli is substantial. Not just in
reduced transfer rates, but also in terms of CPU cycles used - a
sustained geli to geli file copy makes things really slow for me.
I think most people find that filling a disk from /dev/random is slower
than from /dev/null, or it at least has an impact on overall
performance. And the /dev/random generator stage is AES encryption of
a counter so the performance hit against /dev/null should be similar to
writing to geli (and in my experience it is). And the faster your disks
are, the more cpu speed you need to avoid cpu-limiting.