Why is encryption at rest preferable to LUKS?

FAQ - Why is encryption at rest preferable to LUKS?

Detail

Why is encryption at rest preferable to LUKS (Linux Unified Key Setup)?

What is the performance impact when using LUKS?

Answer

LUKS provides a standard on-disk-format for hard disk encryption. LUKS has no awareness of data storage formats, so it does the encryption block-by-block, this results in worse performance as compared to Aerospike’s own encryption. This is particularly noticeable with record reads, where LUKS-encrypted volumes must read whole LUKS blocks and decrypt them, instead of reading single records.

Aerospike’s encryption at rest feature encrypts records on storage devices using symmetric AES-128 or AES-256 encryption and does not require reading of large blocks. It is, therefore, a more efficient encryption method for use with Aerospike. Read more about Aerospike’s encryption at rest feature on the Encryption at Rest documentation.

Keywords

ENCRYPTION REST LUKS

Timestamp

July 2021

© 2021 Copyright Aerospike, Inc. | All rights reserved. Creators of the Aerospike Database.