I recently purchased an external USB hard drive to backup my data. I want to encrypt some of the data I put and I decided to use encfs for this. It’s a very easy way to set up an encrypted file system, a 5 minutes setup under Ubuntu Feisty. Compared to a loopback encrypted file system, it doesn’t require to specify the size ahead of time, it grows as needed.

However when backing up on a encrypted directory on my USB drive I experienced very bad performance. I found a way to improve it several times by changing the Filesystem Block Size used by encfs. By default it uses 512 bytes blocks. Increasing it to 4096 bits made it several times faster.

In fact backing up 77 MB of data was over 5 times faster. It’s still much slower than not encrypting at all however.

• 4096 block size: 1 min 43 secs (size 78856 KB)
• 512 block size: 9 mins 21 secs (size 78860 KB)
• Non encrypted: 19 secs (size 78824 KB)

The Filesystem Block Size can only be set when creating the file system. When starting encfs for the first time, choose the expert mode. Then you can choose the same options as for the standard mode (as described in the encfs man page: Blowfish algorithm, 160 bits key size, block encoding and everything else as default choices) except for the block size where you should choose 4096. You may also choose the AES algorithm with a 256 bits key. In my tests it was even slightly faster than the less secure Blowfish algorithm (1 min 41 secs).

Update: I ended up not using encfs at all on my USB drive, as I found out that TrueCrypt was much faster, in fact there is no penalty for the encryption. One has to choose the size of the file system before, but that is a small price to pay for speed. It is easy to install under Ubuntu and is also supported under Windows.

This entry was posted on Tuesday, August 7th, 2007 at 11:49 am and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Linking Blogs