Raspberry Pi TrueCrypt Benchmark

Note: The results in this post have been improved with more accurate values at Revised Raspberry Pi TrueCrypt Benchmark.

I recently acquired a Raspberry Pi model B 512 MB from the excellent people at Adafruit. I am interested in it as a small computer for basic text processing, and am curious about its performance in consumer crypto. One part of the security of the Pi, or any modern computer, is disk encryption.

My disk encryption of choice is TrueCrypt, mainly because it is cross-platform. That it is also free and open source is a nice benefit, though the TrueCrypt3 license may not rise to Stallman’s standard. I found several posts from persons who compiled TrueCrypt on the RasPi, and it is relatively trouble free. At the bottom of the post are my notes on how I did the install and a script that performs the benchmarking.

While I don’t understand the relationship between the hashing function and the encryption function, I expected that speed would be unrelated to the hash algorithm. This was not what I experienced, as shown in the data below.

Performance, in MB seconds, as TrueCrypt reports for initializing a 10,000,000 byte file.

 Hash Encryption Speed (MB/s) RIPEMD-160 Twofish 3.4 RIPEMD-160 Serpent 3 RIPEMD-160 AES 2.5 SHA-512 Twofish 2.5 RIPEMD-160 Twofish-Serpent 2.3 SHA-512 Serpent 2.2 SHA-512 AES 2 RIPEMD-160 AES-Twofish 2 RIPEMD-160 Serpent-AES 1.9 SHA-512 Twofish-Serpent 1.8 SHA-512 AES-Twofish 1.6 Whirlpool Twofish 1.6 RIPEMD-160 AES-Twofish-Serpent 1.5 Whirlpool Serpent 1.5 SHA-512 Serpent-AES 1.5 RIPEMD-160 Serpent-Twofish-AES 1.5 Whirlpool AES 1.4 SHA-512 AES-Twofish-Serpent 1.3 SHA-512 Serpent-Twofish-AES 1.3 Whirlpool Twofish-Serpent 1.3 Whirlpool AES-Twofish 1.2 Whirlpool Serpent-AES 1.2 Whirlpool Serpent-Twofish-AES 1 Whirlpool AES-Twofish-Serpent 0.934

The upshot is that all of these are pretty slow, and all of them would be essentially unnoticeable for basic text file (or RTF) work. I wouldn’t want to do image or audio processing with this encryption, but then I wouldn’t want to do that on a Pi anyway.

Method of Speed Assessment

I wanted a non-interactive way to perform the test, so I wrote this script. I am relying on the data reported by the TrueCrypt volume creation process. Because TrueCrypt writes a status to the terminal it produces output that is dreadful to process, so I wrote the little python script to produce a CSV from the log.

The test was performed with an ARMv6 compatible processor rev 7 (v61) at 464.48 BogoMIPS. The OS is Debian GNU/Linux 7.0 (Wheezy), which was installed as the 2013-02-09-wheezy-raspbian image. I built TrueCrypt from source for 7.1a along with wxWidgets 2.8.12 (also built from source) and pkcs version 11.2.

Shell Script

#!/bin/bash

# Create a file of random elements, needs to be at least 300 bytes
dd if=/dev/random of=random bs=512 count=1

# Iterate over the hash hash funnctions
for HASH in RIPEMD-160 SHA-512 Whirlpool
do
# Iterate over the available encryption algorithms
for ENCALG in AES Serpent Twofish AES-Twofish AES-Twofish-Serpent Serpent-AES Serpent-Twofish-AES Twofish-Serpent
do
# Write the algorithms to the log
echo “Algorithms: $HASH$ENCALG” >> log
# TrueCrypt will report the performance in the output
truecrypt -c /home/pi/test.tc –filesystem=fat –size=10485760
–encryption=$ENCALG -p ppp –random-source=random –hash=$HASH –volume-type=normal –non-interactive >> log
# Erase the created file
rm test.tc
done
done

Python Reprocessor

import sys
fid = open( sys.argv[1], ‘r’)
fid.close()

speed = None
while len( lines) > 0:
line = lines.pop(0)
lls = line.strip()

if lls.startswith( ‘Algo’):
# If we already have a speed, then print
# the last elements
toks = lls.split()
if speed == None: # first record
algo = “,”.join( toks[1:3])
else:
print algo,”,”,speed
algo = “,”.join( toks[1:3])
elif lls.startswith( ‘Done’):
toks = lls.split()
speed = “,”.join(toks[-5:-3])
print algo,”,”,speed