On the server described below I did some testing.

I have a 21GB directory that has 95000 files of which most are small
but a few are very large.  Using AES-256 it took 21 minutes (write
time) to backup this directory, using Blowfish it took 16 minutes
(write time).  While backing up the large file portion of this dir,
the reported speeds were 22-23MB/sec (AES256) and 29-30MB/sec (BF).  
My tape drive (HP LTO2) cannot write faster than 30MB/sec.   Plus
BlowFish used roughly 10-15% of the CPU and AES-256 used ~23%
(bpfilter process only).

My conclusion:  Blowfish is significantly faster than AES-256.

Austin

---------- Forwarded message ----------
From: Austin Murphy <austin.murphy AT gmail DOT com>
Date: Feb 13, 2006 1:52 PM
Subject: Re: [Veritas-bu] Real world overhead of Encryption
To: "Horn, Brian" <BrianHorn AT creighton DOT edu>


We are currently using AES-256 and it is a major performance hit.

Our SAN media server with 2x 3.6GHz Xeon (w/HT) works best with 6
streams, each running at about 6-7MB/sec. This is reading data off the
2Gb FC SAN and writing it directly to tape (also on the SAN).  The
processors do nothing else and are less than 10% idle.

AES-256 is overkill and I would recommend BlowFish or AES-128.  I've
been trying to justify using faster encryption and I found a link from
the NSA ...
http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf
... that says that AES-128 is "sufficient" for all classified
documents except those classified as "Top Secret."  AES-192 is
sufficient for "Top Secret."

wikipedia has some great articles on encryption algorithms.

I am planning on doing some rough benchmarking to see if BlowFish will
speed up our backups.   I expect a big difference.

Austin




On 2/10/06, Horn, Brian <BrianHorn AT creighton DOT edu> wrote:
>
>
>
> Does anyone have any estimates of real world overhead due to turning on
> encryption?    That is, if I turn on encryption across the board, how much
> extra time/resources will be needed?
>