Filesystem Performance for LUKS Encrypted Volumes?

Will asked:

As you can format a LUKS volume with any filesystem you want, are certain filesystems better-suited to IO performance against an encrypted filesystem? Specifically, I’m wondering about a loop device with a file sitting on an ext4 partition. As all data written to the filesystem is encrypted, do certain filesystems write less metadata or write it more efficiently? Would zfs or ext2 / ext3 perform better than ext4 on an encrypted loopback filesystem?

My answer:

I’ve been running LUKS encrypted filesystems for over a decade, with ext2/3/4, XFS, ZFS and maybe some other filesystems I’ve forgotten about. While I don’t have any benchmarks handy, I do have a few notes to share:

The only real performance issue you have with LUKS is the encryption and decryption itself. This introduces some latency to the process and has the potential to make disk I/O CPU-bound. On older systems without hardware AES acceleration on-chip, this was a significant issue. Today, as long as you have AES-NI in your processor and a kernel from this decade, it’s almost unnoticeable for moderate workloads. Better still if you have a recent (3.x+?) kernel which can do crypto in multiple kernel threads.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.