Hacker News new | past | comments | ask | show | jobs | submit login

To me the issue with RPis storage is the lack of hardware encryption. No matter how much you increase its I/O capabilities it won't be able to use disk encryption without having to rely on CPU cycles.



I'm still surprised that they did not include a crypto accelerator on the Pi4. It seems like a very low cost peripheral, with a high performance impact for many use cases (drive encryption, network encryption, etc...). I ran some benchmarks between a Pi4 and a Nanopi M4 and it wasn't even close.


Did you try different ciphers? Whilst there's no AES acceleration there are other ciphers that can leverage the hardware better. i.e. ChaCha20


Not really, I mostly cared about AES which was around 25x faster. Here's what a NanoPi M4 does:

  Cryptsetup
  #     Algorithm |       Key |      Encryption |      Decryption
          aes-cbc        128b       465.5 MiB/s       654.0 MiB/s
  
  OpenSSL Speed for ChaCha
  type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
  chacha20-poly1305    85242.48k   144024.55k   265936.64k   309418.33k   317977.94k   317658.45k

vs Pi4

  Cryptsetup
  #     Algorithm |       Key |      Encryption |      Decryption
          aes-cbc        128b        18.9 MiB/s        31.9 MiB/s
  
  OpenSSL Speed for ChaCha
  type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
  chacha20-poly1305    24833.53k    55555.22k    90574.34k    99022.17k   102659.41k   100592.30k


Could always try AES-Adiantum for storage encryption. https://www.raspberrypi.org/forums/viewtopic.php?t=275542




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: