Westmere accelerates new TrueCrypt release

TrueCrypt is about as good as free encryption software gets. I’ve yet to see a better alternative for those looking to secure the contents of a thumb drive or hide sensitive data on their own systems. And now, with its latest 7.0 release, TrueCrypt has become even better by adding hardware acceleration via Intel’s nifty new AES-NI instructions.

AES-NI instructions were introduced with Intel’s 32-nano Westmere silicon, which can be found in the dual-core Core i5 family, six-core Core i7s, and a slew of mobile duallies. There are six instructions in total; four are dedicated to AES encryption and decryption, while two are related to AES key expansion. TrueCrypt only appears to take advantage of the former, so you’ll still be stuck with spastic mousing to come up with a key. Users can, however, look forward to a 4-8X increase in encryption performance thanks to hardware acceleration.

Interestingly, TrueCrypt’s AES-NI mojo appears to deviate from the software’s open-source roots. In its hardware acceleration notes, TrueCrypt’s developers suggest disabling hardware acceleration for those who wish to use a "fully open-source implementation of AES." Thanks to LifeHacker for the tip.

Comments closed
    • robo47
    • 9 years ago

    I used system encryption with truecrypt on Windows and with dmcrypt/cryptsetup on ubuntu and debian for some years on my mobile p4 1.73 notebook, peak what the cpu is able to deliver is about 44mb/s under 100% cpu.
    Thats really limiting even when working, because the harddisk was capable of more.

    When copying data from the harddisk to another encrypted device that meant to be at about 20mb/s peak and no way to work while transfering files, looking in the taskmanager truecrypt / kcryptd where consuming above 90%.

    With fast (core 2 duo, i5/i7) dualcores or quadcores you get between 80 and 120mb/s per core (not using aes-ni), which on a desktop-system with more than one fast sata-harddisk can get you already to more than 70% cpu only copying files from one disk to another, not even thinking about a fast single ssd or even copying from one to another, the limit is always the cpu.

    With my new dualcore i7 620M thanks to aes-ni on linux with dmcrypt it gets about 570mb/s with one core (dmcrypt is limited to 1 thread per “device”) and truecrypt is capable of 1600-1700mb/s, that would even be enough to satisfy 2 fast ssds and have more than 50% of the systems power for working.

    Truecrypt 7.0 benchmarks with AES-Ni:
    §[<http://www.robo47.net/blog/200-Truecrypt-7.0-Linux-AES-NI-Benchmark-with-i7-620M-on-Dell-Latitude-E6510<]§ dmcrypt-benchmark with AES-NI: §[<http://www.robo47.net/blog/198-Intel-AES-NI-dmcrypt-benchmark-with-i7-620M-on-Debian-Squeeze<]§

      • nightprowler
      • 9 years ago

      Informative, thanks.

      But does AES-NI alleviate the performance issues of dm-crypt? I’ve tried dm-crypt a few times, but it causes major lag when a process is writing heavily to the disk. It’s not the maximum throughput that’s the issue, it’s just the way the system becomes so unresponsive under particular loads.

      The good thing about Windows/TrueCrypt is that it really is unnoticeable.

    • Prototyped
    • 9 years ago

    q[

      • yuriylsh
      • 9 years ago

      reply fail…

    • maroon1
    • 9 years ago

    Even though Pentium G6950 and Core i3 are based on Westmere architecture they don’t support AES-NI, it only supported by i5 dual core and i7 six core

    • UberGerbil
    • 9 years ago

    I imagine they shortened their development time by using the Intel crypto libraries, which wouldn’t be GPL’d, hence the comment about open source.

    • willmore
    • 9 years ago

    Note that ‘AES key expansion’ has nothing to do with the random number generation process of the encrpytion key generation. ‘Spastic mousing’ will still be necessary regardless of TC using the new key expansion instructions.

    Basically, each block gets a unique key, that key has to be converted into a format useable by the core of the AES code–the part that does the actual ‘heavy lifting’–that process is called ‘key expansion’ and produces a ‘key schedule’.

    Since each block encrypted by TC gets a unique key, there’s a whole key expansion step to do for each block, so there may be some more performance to be had if/when these instructions get used. Especially since the time to do the actual ecryption has gone down so much.

    The process mainly consists of doing a bunch of byte lookups in a 256 entry table(which can be calculated fairly simple, too). IIRC, MMX/SSE already have some instructions like this.

      • tam1138
      • 9 years ago

      Ah, I did not realize TC used a different key for each block. So then accelerating key expansion might indeed be a win.

        • willmore
        • 9 years ago

        Yeah, the XTS mode it uses generates a new key per block–actaually, most methods genearate a new key per block. XTS just differes a bit in how it does it. Hmm…. §[<http://www.truecrypt.org/docs/modes-of-operation<]§ looks good.

    • tam1138
    • 9 years ago

    FYI, “key expansion” is not related to key *generation*. It’s the process during encryption and decryption of taking the key (128 bits, 192 bits, 256 bits, whatever) and expanding it to round_size * block_size bits for the actual internal AES operations. This only happens once per cryption, so not using that functionality in Westmere is almost certainly an infinitessimal lose.

    • Spotpuff
    • 9 years ago

    Lynnfield chips lack AES-NI 🙁

      • UberGerbil
      • 9 years ago

      Yes, because they’re not part of the 32nm shrink. The 32nm quads don’t arrive until Sandy Bridge.

        • yuhong
        • 9 years ago

        Yep, I have written before about Intel got us into a situation where with LGA1156, at the same price range, you can either get a 45nm quad core Core i5-750 without AES-NI, PCLMULQDQ-NI, VT-d, TXT, or a 32nm Core i5 with these features but only dual-core with integrated graphics. In fact, last time I checked, most hardware review sites were recommending the former!

          • UberGerbil
          • 9 years ago

          Which is the right advice if you need more cores. The new instructions are negligible, and the improvements from the shrink are minor. On the other hand, if fewer faster cores are a better match (as they often are for things like gaming) you’re probably better off with Clarkdale. Assuming you’re looking only at Intel, of course. I know there are people who are embarrassed for their manhood if they don’t have the very latest tech, and therefore wrap themselves in a frazzled little ball because they can’t get a 32nm quad (and can’t afford a hexacore) but… well, I just shake my head and move on.

    • Majiir Paktu
    • 9 years ago

    TrueCrypt is already fast enough for most desktops to run without noticing it’s even there. I wonder if this will allow low-performance notebooks or even high-performance servers to begin using TrueCrypt?

      • A_Pickle
      • 9 years ago

      I ran TrueCrypt on my old Toshiba notebook with 4 GB of RAM and a Core 2 Duo T5550 (1.83 GHz). I didn’t notice one bit.

    • indeego
    • 9 years ago

    Not OSI approved.
    Origin of the software is somewhat shady (see wikipedia).

    But otherwise it’s “probably” OKg{<.<}g §[<http://www.freeotfe.org/<]§ is another alternativeg{<...<}g

    • yuriylsh
    • 9 years ago

    Currently waiting on HP to build and ship my laptop with i5 that supports these instrucions. Not sure I’m going to use TrueCrypt or BitLocker though, can’t figure out why I would need them. Looks like it can speed up https traffic and also some communication-related tasks where AES is used. Tom’s hardware did some testing of these instructions here: §[<http://www.tomshardware.co.uk/clarkdale-aes-ni-encryption,review-31801.html<]§ Does anybody know where else it is used?

      • Majiir Paktu
      • 9 years ago

      The symmetric AES encryption used by HTTPS connections isn’t really that computationally expensive. It’s really the certificate verification and key exchange that take the most time and resources.

        • yuriylsh
        • 9 years ago

        You are probably right, I just tried to come up with use cases where those instructions could be useful. Looks like not that much except if you use TrueCrypt/BitLocker/etc. all the time. But then I would imagine it mostly happens in business environment…

          • UberGerbil
          • 9 years ago

          Folks who want to get at their flash drive pr0n cache want it /[

            • NeelyCam
            • 9 years ago

            /[

      • Thorburn
      • 9 years ago

      Just as an aside, AES-NI support on mobile i5’s is only on the i5-5xx parts, i5-4xx ones DO NOT support it.

        • yuriylsh
        • 9 years ago

        Yeah, I know this, but thanks anyway. Mine is i5-540m

Pin It on Pinterest

Share This