I'm about to install Xubuntu 16.04.2 LTS on a Dell Latitude D630 laptop and I'm trying to figure out if full disk encryption is a good idea. I would really like to have encryption, though it's not an absolute necessity. I've seen competing claims as to impact on performance, so trying to gauge what the impact will be on this system (Intel Core 2 Duo T7100 / 1.8 GHz processor, 5400 rpm HDD, 2 GB RAM? (it's listed as 2, or 2 x 1 GB). I mostly just use the computer for writing, general internet access, pretty basic tasks. Will I see a major drop in performance? Less from just home folder encryption? More specifically, are there particular levels of processor/RAM/etc that one should have to make FDE work efficiently?
Asked
Active
Viewed 7,016 times
8
-
also, does using FDE interfere with backing up files and accessing them on other systems? – J. Eck Mar 08 '17 at 01:49
-
Possibly related to How will 12.10 disk encryption affect performance?, Does the system suffer in performance because of full-disk encryption?, Will performance be worse if I encrypt the entire Hard Drive / SDD?, as well as others that can be found by searching for "encryption performance" – Nick Weinberg Mar 08 '17 at 03:27
1 Answers
5
Performance
Disk encryption will lead to a small yet measurable performance decrease since the computer needs to perform an additional step during disk access. However, the bottle neck on a system with specs like yours will almost always be the disk itself and not the processing power required for encryption or decryption.
If you encrypt less data (e. g. only the home directory instead of the whole system) the performance difference will be smaller for obvious reasons. This only applies if you use the same encryption scheme in both instances! The home directory encryption offered by Ubuntu will use eCryptfs as opposed to dm-crypt for full disk encryption. The former is known to be slower than the latter but offers more flexibility (i. e. encrypting only a subset of files on a file system and with different keys, e. g. for different users).
Major problems
You'll lose all encrypted files if you lose the key or password (e. g. due to forgetfulness, a partial disk failure, or a mistake during repartitioning). Therefore it's very important to back up the key file and keep a note with the password in one or (better yet) more safe places. The key file is not the same as the password and neither can substitute the other. (In fact, the password is used to decrypt the key which is needed to decrypt the data.)
David Foerster
- 36,264
- 56
- 94
- 147
-
This doesn't necessarily measure out how you'd think. Phoronix found that eCryptfs (used for home directory encryption) was noticeably slower than LUKS (used for full disk encryption) accessing the same files. The differences are significant enough that full-disk encryption may actually run faster (and be more secure) on many systems. – Lewis Goddard Jan 29 '18 at 22:45
-
@LewisGoddard: Of course. That's perfectly in line with my answer. See the last sentence of the 2nd paragraph. – David Foerster Jan 30 '18 at 01:49
-
@DavidFoerster I have a netbook with Intel Atom N550 processor (1.50Ghz) and 2GB RAM acting as network storage server. I have encrypted the /home partition encrypted using dm-crypt. I notice very slow transfer speeds. Is there issue due to the processor? The netbook as a SSHD and transfer occurs over Ethernet, so I doubt these are limiting the speed. – Zythyr Nov 12 '18 at 08:25
-
2@Zythyr: Could you please open a new question if you have a new or follow-up question? The comment section is not suitable or meant for new questions or extended discussion. You’re welcome to send me a comment with a notification to draw my attention to it. Thanks. – David Foerster Nov 13 '18 at 20:52