Note: The results in this post have been improved with more accurate values at Revised Raspberry Pi TrueCrypt Benchmark.
I recently acquired a Raspberry Pi model B 512 MB from the excellent people at Adafruit. I am interested in it as a small computer for basic text processing, and am curious about its performance in consumer crypto. One part of the security of the Pi, or any modern computer, is disk encryption.
My disk encryption of choice is TrueCrypt, mainly because it is cross-platform. That it is also free and open source is a nice benefit, though the TrueCrypt3 license may not rise to Stallman’s standard. I found several posts from persons who compiled TrueCrypt on the RasPi, and it is relatively trouble free. At the bottom of the post are my notes on how I did the install and a script that performs the benchmarking.
While I don’t understand the relationship between the hashing function and the encryption function, I expected that speed would be unrelated to the hash algorithm. This was not what I experienced, as shown in the data below.
Performance, in MB seconds, as TrueCrypt reports for initializing a 10,000,000 byte file.
Hash | Encryption | Speed (MB/s) |
RIPEMD-160 | Twofish | 3.4 |
RIPEMD-160 | Serpent | 3 |
RIPEMD-160 | AES | 2.5 |
SHA-512 | Twofish | 2.5 |
RIPEMD-160 | Twofish-Serpent | 2.3 |
SHA-512 | Serpent | 2.2 |
SHA-512 | AES | 2 |
RIPEMD-160 | AES-Twofish | 2 |
RIPEMD-160 | Serpent-AES | 1.9 |
SHA-512 | Twofish-Serpent | 1.8 |
SHA-512 | AES-Twofish | 1.6 |
Whirlpool | Twofish | 1.6 |
RIPEMD-160 | AES-Twofish-Serpent | 1.5 |
Whirlpool | Serpent | 1.5 |
SHA-512 | Serpent-AES | 1.5 |
RIPEMD-160 | Serpent-Twofish-AES | 1.5 |
Whirlpool | AES | 1.4 |
SHA-512 | AES-Twofish-Serpent | 1.3 |
SHA-512 | Serpent-Twofish-AES | 1.3 |
Whirlpool | Twofish-Serpent | 1.3 |
Whirlpool | AES-Twofish | 1.2 |
Whirlpool | Serpent-AES | 1.2 |
Whirlpool | Serpent-Twofish-AES | 1 |
Whirlpool | AES-Twofish-Serpent | 0.934 |
The upshot is that all of these are pretty slow, and all of them would be essentially unnoticeable for basic text file (or RTF) work. I wouldn’t want to do image or audio processing with this encryption, but then I wouldn’t want to do that on a Pi anyway.
Method of Speed Assessment
I wanted a non-interactive way to perform the test, so I wrote this script. I am relying on the data reported by the TrueCrypt volume creation process. Because TrueCrypt writes a status to the terminal it produces output that is dreadful to process, so I wrote the little python script to produce a CSV from the log.
The test was performed with an ARMv6 compatible processor rev 7 (v61) at 464.48 BogoMIPS. The OS is Debian GNU/Linux 7.0 (Wheezy), which was installed as the 2013-02-09-wheezy-raspbian image. I built TrueCrypt from source for 7.1a along with wxWidgets 2.8.12 (also built from source) and pkcs version 11.2.
Shell Script
#!/bin/bash
# Create a file of random elements, needs to be at least 300 bytes
dd if=/dev/random of=random bs=512 count=1
# Iterate over the hash hash funnctions
for HASH in RIPEMD-160 SHA-512 Whirlpool
do
# Iterate over the available encryption algorithms
for ENCALG in AES Serpent Twofish AES-Twofish AES-Twofish-Serpent Serpent-AES Serpent-Twofish-AES Twofish-Serpent
do
# Write the algorithms to the log
echo “Algorithms: $HASH $ENCALG” >> log
# TrueCrypt will report the performance in the output
truecrypt -c /home/pi/test.tc –filesystem=fat –size=10485760
–encryption=$ENCALG -p ppp –random-source=random
–hash=$HASH –volume-type=normal –non-interactive >> log
# Erase the created file
rm test.tc
done
done
Python Reprocessor
import sys
fid = open( sys.argv[1], ‘r’)
lines = fid.readlines()
fid.close()
speed = None
while len( lines) > 0:
line = lines.pop(0)
lls = line.strip()
if lls.startswith( ‘Algo’):
# If we already have a speed, then print
# the last elements
toks = lls.split()
if speed == None: # first record
algo = “,”.join( toks[1:3])
else:
print algo,”,”,speed
algo = “,”.join( toks[1:3])
elif lls.startswith( ‘Done’):
toks = lls.split()
speed = “,”.join(toks[-5:-3])
print algo,”,”,speed
Comments
2 responses to “Raspberry Pi TrueCrypt Benchmark”
Was this to a USB disk or to the SD card?
Sorry for the slow reply. It was to the SD card, which if I recall correctly was a Sandisk class 10 (rated to 30 MB/s. Because the results show sensitivity to algorithm, I suspect this is processor limited.
Note that there is an update post that improves the methodology–I really wouldn’t use the original post’s numbers. http://inkofpark.wordpress.com/2013/03/31/revised-raspberry-pi-truecrypt-benchmark/