I was always searching for a benchmark of encryption algorithms every time I was going to encrypt a hard drive. Every time!
I was not able to remember my favorite cipher selection and in case I didn’t have a already encrypted hard drive by hand where I could check I was always Googling. At some point I realized that I end up on the same site again and again. So I will show the summary here since it is not that natty there. I am trusting the benchmark they made (just saying).
- Celeron 2.93GHz CPU with Seagate Barracuda 7200.11 SATA 3Gb/s 1.5-TB ST31500341AS – RAW Speed: 105 MB/s
- Intel Atom 330 with loopback device on RAM
- Atom D525 (dual core 1.8 GHz) NAS box. It is running Ubuntu 11.04, Linux 2.6.38-8. There’s 4 GB of RAM, of which I used ~1 GB to create a ramdisk for the tests
- CentOS 6 (2.6.32-71.29.1.el6.x86_64) with 16GB RAM (RAM-disk 11GB, file 10GB) – VM (only single) on ESXi5, 2 x Xeon E5530 48GB RAM
- Virtual Maschine
| Cipher | Key [bits] | Config 1 [MB/s] | Config 2 [MB/s] | Config 3 [MB/s] | Config 4 [MB/s] | Config 5 [MB/s] | ||||||
| Algorithm | Mode | IV | write | write | read | write | read | write | read | write | read | |
| AES | ECB | 128 | 67.50 | 121.56 | 151.59 | 43.48 | 58.82 | |||||
| null | 71.50 | |||||||||||
| plain | 71.00 | |||||||||||
| benbi | 71.20 | |||||||||||
| 256 | 55.90 | 96.98 | 112.92 | 40.00 | 55.56 | |||||||
| null | 59.50 | |||||||||||
| plain | 60.30 | |||||||||||
| benbi | 58.80 | |||||||||||
| CBC | null | 128 | 67.10 | 100.85 | 139.72 | 43.48 | 55.56 | |||||
| plain | 66.80 | 100.97 | 139.70 | 17.24 | 18.87 | |||||||
| benbi | 67.40 | 100.71 | 139.66 | 58.82 | 62.50 | |||||||
| essiv:sha256 | 29.20 | 31.70 | 44.89 | 45.33 | 98.02 | 134.77 | 41.67 | 62.50 | ||||
| essiv:sha256 | 196 | 28.10 | 32.30 | 33.56 | 39.07 | |||||||
| null | 256 | 57.00 | 84.46 | 105.69 | 35.71 | 55.56 | ||||||
| plain | 56.40 | 84.22 | 105.70 | 43.48 | 52.63 | |||||||
| plain64 | 80.44 | 105.73 | 37.04 | 52.63 | ||||||||
| benbi | 56.70 | 81.42 | 105.47 | 28.57 | 45.45 | |||||||
| essiv:sha256 | 23.20 | 25.10 | 31.01 | 36.13 | 78.61 | 102.98 | 52.63 | 58.82 | ||||
| CRT | plain | 128 | 67.00 | 111.94 | 137.34 | 40.00 | 58.82 | |||||
| null | 256 | 86.65 | 103.91 | 11.11 | 27.03 | |||||||
| plain | 86.33 | 103.99 | 23.26 | 40.00 | ||||||||
| plain64 | 88.17 | 104.15 | 30.30 | 37.04 | ||||||||
| benbi | 85.65 | 103.93 | 14.08 | 31.25 | ||||||||
| essiv:sha256 | 87.09 | 101.47 | 2.48 | 26.32 | ||||||||
| XTS | plain | 128 | 28.30 | 31.70 | ||||||||
| plain | 196 | 28.60 | 31.90 | |||||||||
| null | 256 | 112.00 | 137.21 | 40.00 | 58.82 | |||||||
| plain | 61.60 | 31.20 | 33.90 | 45.53 | 43.89 | 111.06 | 137.08 | 50.00 | 62.50 | |||
| plain64 | 109.64 | 136.95 | 34.48 | 66.67 | ||||||||
| benbi | 113.97 | 137.12 | 47.62 | 62.50 | ||||||||
| essiv:sha256 | 104.28 | 132.15 | 43.48 | 66.67 | ||||||||
| plain | 384 | 46.55 | 38.61 | 58.82 | 52.63 | |||||||
| null | 512 | 85.78 | 104.07 | 62.50 | 58.82 | |||||||
| plain | 41.11 | 36.15 | 88.78 | 103.80 | 66.67 | 58.82 | ||||||
| plain64 | 87.89 | 103.86 | 62.50 | 58.82 | ||||||||
| benbi | 90.01 | 103.76 | 43.48 | 62.50 | ||||||||
| essiv:sha256 | 85.81 | 101.25 | 13.51 | 55.56 | ||||||||
| Blowfish | 57.20 | 33.33 | 43.48 | |||||||||
| ECB | plain | 61.40 | 72.29 | 92.52 | 40.00 | 45.45 | ||||||
| CBC | plain | 62.40 | 85.50 | 32.26 | 43.48 | |||||||
| essiv:sha256 | 128 | 22.80 | 27.50 | |||||||||
| essiv:sha256 | 196 | 22.80 | 27.60 | |||||||||
| essiv:sha256 | 256 | 23.40 | 27.60 | 63.32 | 84.16 | 21.74 | 23.81 | |||||
| XTS | plain | 128 | 23.10 | 27.10 | ||||||||
| plain | 196 | 23.00 | 27.20 | |||||||||
| plain | 256 | 22.70 | 27.40 | |||||||||
| Twofish | 34.20 | 12.82 | 19.61 | |||||||||
| CBC | plain | 88.63 | 116.51 | |||||||||
| essiv:sha256 | 128 | 22.90 | 26.20 | |||||||||
| essiv:sha256 | 196 | 23.60 | 26.50 | |||||||||
| essiv:sha256 | 256 | 23.50 | 26.60 | 86.34 | 113.89 | 34.48 | 45.45 | |||||
| XTS | plain | 128 | 23.20 | 26.20 | ||||||||
| plain | 196 | 23.30 | 26.40 | |||||||||
| plain | 256 | 24.70 | 27.10 | |||||||||
| essiv:sha256 | 88.70 | 111.03 | 40.00 | 58.82 | ||||||||
| essiv:sha256 | 512 | 91.41 | 111.04 | 55.56 | 52.63 | |||||||
| Serpent | 20.40 | |||||||||||
| CBC | essiv:sha256 | 128 | 22.30 | 25.20 | ||||||||
| essiv:sha256 | 196 | 23.50 | 26.20 | |||||||||
| essiv:sha256 | 256 | 22.90 | 24.50 | |||||||||
| XTS | plain | 128 | 23.00 | 25.60 | ||||||||
| plain | 196 | 24.30 | 26.20 | |||||||||
| plain | 256 | 23.90 | 26.10 | |||||||||
How to choose an Encryption Mode
- Electronic CodeBook (ECB) – message is divided into blocks and each block is encrypted separately => ECB should not be used if encrypting more than one block of data with the same key!
- Cipher-Block Chaining (CBC), Output Feedback (OFB) and Cipher feedback (CFB) are similar – converts block cipher into a stream cipher, each block of plaintext is XORed with the previous ciphertext block before being encrypted
- Counter Mode (CTR/CM) also known as Integer Counter Mode (ICM) and Segmented Integer Counter (SIC) mode – converts block cipher into a stream cipher, is used if you want good parallelization (ie. speed), instead of CBC/OFB/CFB but is also considered less secure since the speed is bought out with a weakness coming with the fact of using a simple deterministic input function.
- [MYCHOICE] XOR-Encrypt-XOR (XEX)-based Tweaked-Codebook mode with Ciphertext Stealing (XTS) – for encoding of block data (like a hard disk or RAM)
- Offset Codebook Mode (OCB) – for encoding of block data (like a hard disk or RAM) – both authentication and privacy, for encoding of block data (like a hard disk or RAM). Patents in USA.
UPDATE: Nice comparsion was posted by Shecky.