Revised Raspberry Pi TrueCrypt Benchmark

Revised March 31, 2013 with updated benchmarking approach that uses actual access to the mounted volume. New results show no appreciable sensitivity to hash, which is as expected. The numbers are for encryption only (write). I have not pursued read.

Hash
Algorithm
Encryption
Algorithm
Rate
(MB/s)
SHA-512 Twofish 2.8
Whirlpool Twofish 2.8
RIPEMD-160 Twofish 2.8
SHA-512 Serpent 2.6
Whirlpool Serpent 2.6
RIPEMD-160 Serpent 2.6
Whirlpool AES 2.1
RIPEMD-160 AES 2.1
SHA-512 AES 2.1
SHA-512 Twofish-Serpent 2.0
Whirlpool Twofish-Serpent 2.0
RIPEMD-160 Twofish-Serpent 1.9
SHA-512 AES-Twofish 1.6
RIPEMD-160 AES-Twofish 1.6
Whirlpool AES-Twofish 1.6
Whirlpool Serpent-AES 1.6
SHA-512 Serpent-AES 1.6
RIPEMD-160 Serpent-AES 1.6
Whirlpool AES-Twofish-Serpent 1.3
Whirlpool Serpent-Twofish-AES 1.3
SHA-512 Serpent-Twofish-AES 1.3
SHA-512 AES-Twofish-Serpent 1.3
RIPEMD-160 Serpent-Twofish-AES 1.3
RIPEMD-160 AES-Twofish-Serpent 1.3

Shell Script for Timing


#!/bin/bash

# Create a file of random elements, needs to be at least 300 bytes
 dd if=/dev/random of=random bs=512 count=1

# Iterate over the hash hash funnctions
 for HASH in RIPEMD-160 SHA-512 Whirlpool
 do
 # Iterate over the available encryption algorithms
 for ENCALG in AES Serpent Twofish AES-Twofish AES-Twofish-Serpent Serpent-AES Serpent-Twofish-AES Twofish-Serpent
 do
 # Write the algorithms to the log
 echo "Algorithms: $HASH $ENCALG" >> log
 # TrueCrypt will report the performance in the output
 truecrypt -c /home/pi/test.tc --filesystem=fat --size=10485760\
 --encryption=$ENCALG -p ppp --random-source=random \
 --hash=$HASH --volume-type=normal --non-interactive
 # Mount the partition
 truecrypt --non-interactive -p ppp -m nokernelcrypto test.tc /home/pi/tcvol
 (time  ./timeit) 2>> log
 truecrypt -d /home/pi/tcvol
 # Erase the created file
 rm test.tc
 done
 done

Timed Routine


dd if=/dev/zero of=tcvol/test bs=5242880 count=1 &> /dev/null

sync

Python Reprocessor


import sys
 fid = open( sys.argv[1], 'r')
 lines = fid.readlines()
 fid.close()

tsecs = None
 while len( lines) > 0:
 line = lines.pop(0)
 lls = line.strip()

if lls.startswith( 'Algo'):
 # If we already have a tsecs, then print
 # the last elements
 toks = lls.split()
 if tsecs == None: # first record
 algo = ",".join( toks[1:3])
 else:
 print algo,",",tsecs
 algo = ",".join( toks[1:3])
 elif lls.startswith( 'real'):
 toks = lls.split()
 toks = toks[-1].split('m')
 tsecs = float( toks[0])*60 + float( toks[1].replace('s', ''))

print algo,",",tsecs

Raspberry Pi TrueCrypt Benchmark

Note: The results in this post have been improved with more accurate values at Revised Raspberry Pi TrueCrypt Benchmark.

I recently acquired a Raspberry Pi model B 512 MB from the excellent people at Adafruit. I am interested in it as a small computer for basic text processing, and am curious about its performance in consumer crypto. One part of the security of the Pi, or any modern computer, is disk encryption.

My disk encryption of choice is TrueCrypt, mainly because it is cross-platform. That it is also free and open source is a nice benefit, though the TrueCrypt3 license may not rise to Stallman’s standard. I found several posts from persons who compiled TrueCrypt on the RasPi, and it is relatively trouble free. At the bottom of the post are my notes on how I did the install and a script that performs the benchmarking.

While I don’t understand the relationship between the hashing function and the encryption function, I expected that speed would be unrelated to the hash algorithm. This was not what I experienced, as shown in the data below.

Performance, in MB seconds, as TrueCrypt reports for initializing a 10,000,000 byte file.

Hash Encryption Speed
(MB/s)
RIPEMD-160 Twofish 3.4
RIPEMD-160 Serpent 3
RIPEMD-160 AES 2.5
SHA-512 Twofish 2.5
RIPEMD-160 Twofish-Serpent 2.3
SHA-512 Serpent 2.2
SHA-512 AES 2
RIPEMD-160 AES-Twofish 2
RIPEMD-160 Serpent-AES 1.9
SHA-512 Twofish-Serpent 1.8
SHA-512 AES-Twofish 1.6
Whirlpool Twofish 1.6
RIPEMD-160 AES-Twofish-Serpent 1.5
Whirlpool Serpent 1.5
SHA-512 Serpent-AES 1.5
RIPEMD-160 Serpent-Twofish-AES 1.5
Whirlpool AES 1.4
SHA-512 AES-Twofish-Serpent 1.3
SHA-512 Serpent-Twofish-AES 1.3
Whirlpool Twofish-Serpent 1.3
Whirlpool AES-Twofish 1.2
Whirlpool Serpent-AES 1.2
Whirlpool Serpent-Twofish-AES 1
Whirlpool AES-Twofish-Serpent 0.934

The upshot is that all of these are pretty slow, and all of them would be essentially unnoticeable for basic text file (or RTF) work. I wouldn’t want to do image or audio processing with this encryption, but then I wouldn’t want to do that on a Pi anyway.

Method of Speed Assessment

I wanted a non-interactive way to perform the test, so I wrote this script. I am relying on the data reported by the TrueCrypt volume creation process. Because TrueCrypt writes a status to the terminal it produces output that is dreadful to process, so I wrote the little python script to produce a CSV from the log.

The test was performed with an ARMv6 compatible processor rev 7 (v61) at 464.48 BogoMIPS. The OS is Debian GNU/Linux 7.0 (Wheezy), which was installed as the 2013-02-09-wheezy-raspbian image. I built TrueCrypt from source for 7.1a along with wxWidgets 2.8.12 (also built from source) and pkcs version 11.2.

Shell Script

#!/bin/bash

# Create a file of random elements, needs to be at least 300 bytes
dd if=/dev/random of=random bs=512 count=1

# Iterate over the hash hash funnctions
for HASH in RIPEMD-160 SHA-512 Whirlpool
do
# Iterate over the available encryption algorithms
for ENCALG in AES Serpent Twofish AES-Twofish AES-Twofish-Serpent Serpent-AES Serpent-Twofish-AES Twofish-Serpent
do
# Write the algorithms to the log
echo “Algorithms: $HASH $ENCALG” >> log
# TrueCrypt will report the performance in the output
truecrypt -c /home/pi/test.tc –filesystem=fat –size=10485760\
–encryption=$ENCALG -p ppp –random-source=random \
–hash=$HASH –volume-type=normal –non-interactive >> log
# Erase the created file
rm test.tc
done
done

Python Reprocessor

import sys
fid = open( sys.argv[1], ‘r’)
lines = fid.readlines()
fid.close()

speed = None
while len( lines) > 0:
line = lines.pop(0)
lls = line.strip()

if lls.startswith( ‘Algo’):
# If we already have a speed, then print
# the last elements
toks = lls.split()
if speed == None: # first record
algo = “,”.join( toks[1:3])
else:
print algo,”,”,speed
algo = “,”.join( toks[1:3])
elif lls.startswith( ‘Done’):
toks = lls.split()
speed = “,”.join(toks[-5:-3])
print algo,”,”,speed