Linux-Voice-Issue-001
Linux-Voice-Issue-001
Linux-Voice-Issue-001
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
GROUP TEST ENCRYPTION<br />
Performance<br />
Do they add much overhead?<br />
Mounting volumes<br />
Working with the encrypted containers.<br />
AES is the fastest cipher, with Blowfish just behind. Twofish is<br />
relatively slower, and Serpent is the slowest.<br />
TrueCrypt supports parallelised encryption for multicore<br />
systems. This means that it can use all the cores in a<br />
multicore processor in parallel to encrypt and decrypt the<br />
data. Furthermore, header key derivation is also parallelised, which<br />
means TrueCrypt can also mount volumes faster. However, one<br />
performance enhancing feature in TrueCrypt, pipelined read/write<br />
operations, is only available on the Windows version of the tool.<br />
The Quad-Core AMD A8 processor on one of our test machines<br />
supports hardware-accelerated encryption, and thanks to this<br />
instruction set, which makes the encryption/decryption several<br />
times faster than when performed on a purely software<br />
implementation. TrueCrypt isn’t the only app to take advantage of<br />
hardware acceleration. So too can eCryptfs and BestCrypt.<br />
However, we couldn’t find the option to control the state of the AES<br />
hardware acceleration, either in the graphical front-end or the CLI<br />
version. There’s no information on whether zuluCrypt uses<br />
hardware acceleration but cryptsetup does support it.<br />
FUSE boost<br />
Since EncFS ties in to the Filesystem in User-Space kernel (FUSE)<br />
module, you should expect some drop in performance when using<br />
it. For the same reasons the authors of eCryptFS claim their tool is<br />
faster than EncFS because there is no overhead caused by context<br />
switching between the kernel and userspace. Many tools have a<br />
benchmarking tool built into them to help you compare the<br />
performance of the various ciphers for your setup. Some tools,<br />
such as BestCrypt, measure performance by averaging the time it<br />
takes to encrypt small amounts of data several times, while others<br />
let you specify the size of the buffer you wish to encrypt.<br />
In our tests, TrueCrypt was the fastest, writing over a gigabyte of<br />
files in under a minute. eCryptfs was marginally slower while<br />
BestCrypt took over three minutes and was the slowest of the lot.<br />
EncFS, despite its userspace disadvantage, repeatedly edged out<br />
zuluCrypt sometimes by as much as 20 seconds.<br />
VERDICT<br />
TrueCrypt<br />
BestCrypt<br />
zuluCrypt<br />
eCryptfs<br />
EncFS<br />
eCryptfs bundles a script that can use cryptsetup to encrypt the swap<br />
partition, as well as the more usual dasa partitions, such as /home.<br />
To mount an encrypted volume you provide the correct<br />
password and/or keyfile. Once mounted, an encrypted<br />
volume behaves like any other disk. You can even play or<br />
record multimedia content, like a video from a mounted encrypted<br />
volume – the app will load bits of the video and decrypt it in RAM.<br />
The biggest advantage with both eCryptfs and EncFS is that<br />
they can be used to protect existing filesystems without block<br />
device access, such as Samba shares or cloud storage folders.<br />
They also allow offline file-based backups of encrypted files.<br />
eCryptfs has its own set of scripts to mount and unmount<br />
encrypted directories. eCryptfs also has utilities that can mount<br />
the encrypted directories from an Ubuntu live CD to help you<br />
recover data.<br />
EncFS also has its own CLI tool to mount encrypted folders. Like<br />
eCryptfs it also needs two directories -- one to hold encrypted data<br />
and the other to hold unencrypted data.<br />
You can mount BestCrypt and TrueCrypt encrypted volumes<br />
from the graphical interface as well as the CLI. The graphical<br />
interfaces of both tools enable the user to mount the volumes as<br />
read-only. BestCrypt additionally lets you specify a mount point for<br />
the container.<br />
More Zulu excellence<br />
But both are topped by zuluCrypt, which includes the zuluMount<br />
tool. This is a general-purpose mounting tool that can mount all<br />
encrypted volumes supported by zuluCrypt, including LUKS and<br />
TrueCrypt volumes. You can also mount volumes from the main<br />
zuluCrypt app, but zuluMount has a simpler interface and is<br />
designed with the sole purpose of mounting and unmounting<br />
filesystems. In fact zuluMount can mount and unmount<br />
unencrypted volumes as well and can even manage plugged-in<br />
devices. Like zuluCrypt, the zuluMount tool has a CLI interface as<br />
well. zuluMount also lets you make a mount point public and share<br />
it with other users.<br />
VERDICT<br />
TrueCrypt<br />
BestCrypt<br />
zuluCrypt<br />
eCryptfs<br />
EncFS<br />
34<br />
www.linuxvoice.com