Open Stack

Concerning the performances of encryption by dm-crypt and the selected algorithm, has this (old) blog post already been posted here ?

http://blog.wpkg.org/2009/04/23/cipher-benchmark-for-dm-crypt-luks/
http://www.phoronix.com/scan.php?page=article&item=intel_aesni_dmcrypt&num=2


Your current implementation uses cryptsetup in the nova compute nodes doesn't it? What is the impact of the ciphering on CPU performances ?

----- Original Message -----
From: Benjamin, Bruce P.
Sent: 02/15/13 08:58 PM
To: OpenStack Development Mailing List
Subject: [openstack-dev] Volume Encryption

On 2/12/2013, Caitlin Bestler wrote: >> I'd recommend that OpenStack just use the technology that is available, and specifically avoid endorsing any of the options. To address this issue and provide flexibility for the default encryption options for the proposed volume encryption feature, the implementation now exposes the dm-crypt options via Nova's configuration file. All relevant options and default values are configurable through this file, with present settings as follows: cryptsetup_default_cipher: aes-xts-plain64, cryptsetup_default_key_size: 256, and cryptsetup_default_hash: None. Note that any parameter specified by the value 'None' will revert to the default values compiled into cryptsetup (and I just heard that these differ depending on the Linux distribution.) BTW, though the volume encryption feature didn't make it into Grizzly due to the late submission, our group will continue this work with solid plans to submit this and other related code for Havana. _______________________________________________ OpenStack-dev mailing list OpenStack-dev at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130221/4806b2b2/attachment.html>