On Tue, 2008-03-25 at 09:32 -0700, Grant wrote:
> > > > On a notebook, there isn't an OS in existence that is immune to a
> > > > LiveCD.
> > >
> > > Linux is. In the sense that you can't get at the data if the disc is
> > > encrypted, even not with a LiveCD. You can only destroy/overwrite it.
> >
> > Yes, I realised that when typing the original, but left it as is - too
> > many IF conditionals would be needed to be accurate and English is
> > almost useless at getting IFs to parse correctly :-)
> >
> > Passwords come from a time when users had terminals that log onto
> > machines that are somewhere else and the user can't lay a finger on
> > them. Things have indeed changed since 1978
>
> Would the type of filesystem encryption you guys are talking about be
> unsuitable for a high-traffic server because of performance
> considerations?
>
> - Grant

I did some benchmarks recently, posted them on gentoo-security. Long
story short: Even my 64bit single-core Celeron can do 256bit AES, 320bit
Anubis or 256bit Twofish faster than writing data to the disk (37MB/s).
Blowfish, CAST and Serpent are too slow.

128bit AES (which I deem good enough for the near future) causes around
40% CPU-utilization.

Whether it is suitable for your server depends on its usage patterns.