The Aerospike Knowledge Base has moved to https://support.aerospike.com. Content on https://discuss.aerospike.com is being migrated to either https://support.aerospike.com or https://docs.aerospike.com. Maintenance on articles stored in this repository ceased on December 31st 2022 and this article may be stale. If you have any questions, please do not hesitate to raise a case via https://support.aerospike.com.
FAQ - Why is encryption at rest preferable to LUKS?
Detail
Why is encryption at rest preferable to LUKS (Linux Unified Key Setup)?
What is the performance impact when using LUKS?
Answer
LUKS provides a standard on-disk-format for hard disk encryption. LUKS has no awareness of data storage formats, so it does the encryption block-by-block, this results in worse performance as compared to Aerospike’s own encryption. This is particularly noticeable with record reads, where LUKS-encrypted volumes must read whole LUKS blocks and decrypt them, instead of reading single records.
Aerospike’s encryption at rest feature encrypts records on storage devices using symmetric AES-128 or AES-256 encryption and does not require reading of large blocks. It is, therefore, a more efficient encryption method for use with Aerospike. Read more about Aerospike’s encryption at rest feature on the Encryption at Rest documentation.
Keywords
ENCRYPTION REST LUKS
Timestamp
July 2021