## Revised Raspberry Pi TrueCrypt Benchmark

Revised March 31, 2013 with updated benchmarking approach that uses actual access to the mounted volume. New results show no appreciable sensitivity to hash, which is as expected. The numbers are for encryption only (write). I have not pursued read.

 Hash Algorithm Encryption Algorithm Rate (MB/s) SHA-512 Twofish 2.8 Whirlpool Twofish 2.8 RIPEMD-160 Twofish 2.8 SHA-512 Serpent 2.6 Whirlpool Serpent 2.6 RIPEMD-160 Serpent 2.6 Whirlpool AES 2.1 RIPEMD-160 AES 2.1 SHA-512 AES 2.1 SHA-512 Twofish-Serpent 2.0 Whirlpool Twofish-Serpent 2.0 RIPEMD-160 Twofish-Serpent 1.9 SHA-512 AES-Twofish 1.6 RIPEMD-160 AES-Twofish 1.6 Whirlpool AES-Twofish 1.6 Whirlpool Serpent-AES 1.6 SHA-512 Serpent-AES 1.6 RIPEMD-160 Serpent-AES 1.6 Whirlpool AES-Twofish-Serpent 1.3 Whirlpool Serpent-Twofish-AES 1.3 SHA-512 Serpent-Twofish-AES 1.3 SHA-512 AES-Twofish-Serpent 1.3 RIPEMD-160 Serpent-Twofish-AES 1.3 RIPEMD-160 AES-Twofish-Serpent 1.3

## Shell Script for Timing


#!/bin/bash

# Create a file of random elements, needs to be at least 300 bytes
dd if=/dev/random of=random bs=512 count=1

# Iterate over the hash hash funnctions
for HASH in RIPEMD-160 SHA-512 Whirlpool
do
# Iterate over the available encryption algorithms
for ENCALG in AES Serpent Twofish AES-Twofish AES-Twofish-Serpent Serpent-AES Serpent-Twofish-AES Twofish-Serpent
do
# Write the algorithms to the log
echo &quot;Algorithms: $HASH$ENCALG&quot; &gt;&gt; log
# TrueCrypt will report the performance in the output
truecrypt -c /home/pi/test.tc --filesystem=fat --size=10485760
--encryption=$ENCALG -p ppp --random-source=random --hash=$HASH --volume-type=normal --non-interactive
# Mount the partition
truecrypt --non-interactive -p ppp -m nokernelcrypto test.tc /home/pi/tcvol
(time  ./timeit) 2&gt;&gt; log
truecrypt -d /home/pi/tcvol
# Erase the created file
rm test.tc
done
done



## Timed Routine


dd if=/dev/zero of=tcvol/test bs=5242880 count=1 &amp;&gt; /dev/null

sync



## Python Reprocessor


import sys
fid = open( sys.argv[1], 'r')
fid.close()

tsecs = None
while len( lines) &gt; 0:
line = lines.pop(0)
lls = line.strip()

if lls.startswith( 'Algo'):
# If we already have a tsecs, then print
# the last elements
toks = lls.split()
if tsecs == None: # first record
algo = &quot;,&quot;.join( toks[1:3])
else:
print algo,&quot;,&quot;,tsecs
algo = &quot;,&quot;.join( toks[1:3])
elif lls.startswith( 'real'):
toks = lls.split()
toks = toks[-1].split('m')
tsecs = float( toks[0])*60 + float( toks[1].replace('s', ''))

print algo,&quot;,&quot;,tsecs



## Raspberry Pi TrueCrypt Benchmark

### Note: The results in this post have been improved with more accurate values at Revised Raspberry Pi TrueCrypt Benchmark.

I recently acquired a Raspberry Pi model B 512 MB from the excellent people at Adafruit. I am interested in it as a small computer for basic text processing, and am curious about its performance in consumer crypto. One part of the security of the Pi, or any modern computer, is disk encryption.

My disk encryption of choice is TrueCrypt, mainly because it is cross-platform. That it is also free and open source is a nice benefit, though the TrueCrypt3 license may not rise to Stallman’s standard. I found several posts from persons who compiled TrueCrypt on the RasPi, and it is relatively trouble free. At the bottom of the post are my notes on how I did the install and a script that performs the benchmarking.

While I don’t understand the relationship between the hashing function and the encryption function, I expected that speed would be unrelated to the hash algorithm. This was not what I experienced, as shown in the data below.

Performance, in MB seconds, as TrueCrypt reports for initializing a 10,000,000 byte file.

 Hash Encryption Speed (MB/s) RIPEMD-160 Twofish 3.4 RIPEMD-160 Serpent 3 RIPEMD-160 AES 2.5 SHA-512 Twofish 2.5 RIPEMD-160 Twofish-Serpent 2.3 SHA-512 Serpent 2.2 SHA-512 AES 2 RIPEMD-160 AES-Twofish 2 RIPEMD-160 Serpent-AES 1.9 SHA-512 Twofish-Serpent 1.8 SHA-512 AES-Twofish 1.6 Whirlpool Twofish 1.6 RIPEMD-160 AES-Twofish-Serpent 1.5 Whirlpool Serpent 1.5 SHA-512 Serpent-AES 1.5 RIPEMD-160 Serpent-Twofish-AES 1.5 Whirlpool AES 1.4 SHA-512 AES-Twofish-Serpent 1.3 SHA-512 Serpent-Twofish-AES 1.3 Whirlpool Twofish-Serpent 1.3 Whirlpool AES-Twofish 1.2 Whirlpool Serpent-AES 1.2 Whirlpool Serpent-Twofish-AES 1 Whirlpool AES-Twofish-Serpent 0.934

The upshot is that all of these are pretty slow, and all of them would be essentially unnoticeable for basic text file (or RTF) work. I wouldn’t want to do image or audio processing with this encryption, but then I wouldn’t want to do that on a Pi anyway.

## Method of Speed Assessment

I wanted a non-interactive way to perform the test, so I wrote this script. I am relying on the data reported by the TrueCrypt volume creation process. Because TrueCrypt writes a status to the terminal it produces output that is dreadful to process, so I wrote the little python script to produce a CSV from the log.

The test was performed with an ARMv6 compatible processor rev 7 (v61) at 464.48 BogoMIPS. The OS is Debian GNU/Linux 7.0 (Wheezy), which was installed as the 2013-02-09-wheezy-raspbian image. I built TrueCrypt from source for 7.1a along with wxWidgets 2.8.12 (also built from source) and pkcs version 11.2.

### Shell Script

#!/bin/bash

# Create a file of random elements, needs to be at least 300 bytes
dd if=/dev/random of=random bs=512 count=1

# Iterate over the hash hash funnctions
for HASH in RIPEMD-160 SHA-512 Whirlpool
do
# Iterate over the available encryption algorithms
for ENCALG in AES Serpent Twofish AES-Twofish AES-Twofish-Serpent Serpent-AES Serpent-Twofish-AES Twofish-Serpent
do
# Write the algorithms to the log
echo “Algorithms: $HASH$ENCALG” >> log
# TrueCrypt will report the performance in the output
truecrypt -c /home/pi/test.tc –filesystem=fat –size=10485760
–encryption=$ENCALG -p ppp –random-source=random –hash=$HASH –volume-type=normal –non-interactive >> log
# Erase the created file
rm test.tc
done
done

### Python Reprocessor

import sys
fid = open( sys.argv[1], ‘r’)
fid.close()

speed = None
while len( lines) > 0:
line = lines.pop(0)
lls = line.strip()

if lls.startswith( ‘Algo’):
# If we already have a speed, then print
# the last elements
toks = lls.split()
if speed == None: # first record
algo = “,”.join( toks[1:3])
else:
print algo,”,”,speed
algo = “,”.join( toks[1:3])
elif lls.startswith( ‘Done’):
toks = lls.split()
speed = “,”.join(toks[-5:-3])
print algo,”,”,speed

## Bespoke Monitor Stand

I’m using two reams of paper to hold my monitor at the right height. These reams are totally functional. However, I’m trying to learn to make passable hand-cut dovetail joints and I had material from an old keyboard tray that does not fit with my office’s new furniture.

As a tangent, before starting this project I rebuilt the woodworking bench my grandfather gave me before he died. I think he would agree it was an expedient bench, and not an excellent bench. I’m glad to improve it. He made the bench top from unsanded 2×12 inch pine planks, with only moderate knots but with pretty awful warping.

I made my new bench top from his old one. I reground, honed, and lapped the blades, and squared the soles of the two jack planes I inherited. Then I planed out the cup, twist, and bow from the top surface. I planed the bottom surface to a lesser degree, but enough for the bench top to sit true.

I epoxied the handle back together on my inherited Bailey No. 7 jointer plane, reground the blade, honed the blade, and reground the chip breaker. Then I clamped the boards face-to-face, and squared the edges. I glued and clamped the top together, making it effectively a single solid piece of wood that was flatter and stiffer than it even had been.

It was connecting to use the hand planes I inherited, sharpened, lapped, and repaired the handles. More connection to square a benchtop I also inherited. I feel good that somewhere in the roughly 40 gallons of wood shavings (no exaggeration), are dents and oil stains my father made as a boy. And now my daughter and son are leaving dings in the new surface, and I feel good about that too.

I made bench dogs using oak dowel and springy stainless I repurposed from an old windshield wiper blade. The work great and cost about 25 cents a piece. Funny that I seriously considered buying brass ones at over \$10 each until I learned how easy these are to make.

This post, though, is not really about the bench. The working bench was a nice foundation on which to build…a bespoke dovetail monitor stand.

Hand cut dovetails are not intellectually challenging. You can learn the concepts of how to do it with a few hours browsing tutorials. You need a good saw, but I made do with a mediocre one. You need to have a set of chisels and they need to be sharp. So, in a few hours you know how to make handcut dovetails. Trouble is, you can lean how to play piano the same way.

The guys who cut these in four seconds flat while whistling are like Rachmaninoff, only they’re dustier than he was when he did his work. I’m working up to Peanuts’ Schroeder.

It is made from an oak veneer birch plywood, but not multiply. The dovetails are cut at 14 degrees, as clearly indicated by Veritas’s sales literature for dovetail marking guides. The effect of the dovetails with sheet goods is rather cool. It makes the wood look hinged on the ends. It is pretty strong too, though I wouldn’t want a child to stand on the top.

The better fitting parts, like the example above, are really pretty good. Over the length of the joint there are places that gap a little. The thin oak veneer flaked off at the joints in some cases, and so the structural gaps are actually smaller than the surface gaps.