Tip for Truecrypt users

[Neglacio]

I've seen several people using Truecrypt and Primocache together on their system drive. While Primocache can compensate for the loss of sequential speed and IOPS due to Truecrypt's encryption, there might be something worth noting: the limitation of your CPU. If your CPU is only able to encrypt and decrypt 100MB/s, you won't be able to get any higher speeds from your drive, even if your RAM is able to deliver at 6GBps
Because of this limitation, Truecrypt has provided us with its own benchmark, located under Tools >> Benchmark. According to my benchmarks, I should be able to encrypt at 2.6GBps with AES, but at much lower speeds while using other kinds of encryption.

But how accurate is Truecrypts benchmark? And if those numbers are the sequential reads and writes, then what about the impact on small, random reads, like you would have if you've got an encrypted system drive, with and without Primocache?
Let's put that to the test!

Setup:
2x 10GB Truecrypt containers, NTFS, 64kB clustersize, one encrypted with just AES (R:), the other one is encrypted with AES-Twofish (T:). AES-Twofish is the fastest cascaded encryption according to my benchmarks.
1x 2TB Seagate Barracuda (D:), 64kB clustersize, used as the hostdrive for the Truecrypt containers.
1x 1GB L1 Primocache (v0.99), 64kB blocksize, read & write caching, write-defer of 10s. Similar to how many caches for system drives are configured.

Benchmarks were made with CrystalDiskMark. First test with the cache enabled was run with a 5x 500MB size. This simulates a cache hit rate of 80-100%. Second run was done with 5x 2GB size. This worst-case scenario could happen when you have a cache hit rate between zero and 20%.
RAM: 2x8GB Geil Dragon DDR3-1600, CPU: i5 3470 @ 3.20GHz, MB: Asrock Z77.

Results:



(From left to right: Host-drive, AES-encrypted container, AES-Twofish-encrypted container. From top to bottom: No cache, cache + 500mb benchmark, cache + 2GB benchmark)

As you can see, the rates increased dramatically with the cache enabled at a simulated high hit rate. However, due to the encryption, reads and writes never got higher than the benchmark Truecrypt provided.
The AES encrypted container only got up to 1.6GBps, 1GBps less than was promised. The AES-Twofish prediction was fairly accurate.

While doing this test, I noticed something peculiar: sequential reads and writes on the Truecrypt container were HIGHER than those on the unencrypted drive, without Primocache enabled. I don't know if this has to do with some caching Truecrypt performs or another kind of speed trick, but I was intrigued
Another interesting fact is that when you're running at low cache hit rates, the overhead of the cache actually slows down your rates. Sometimes you might want to delete a cache that has a 20% hit rate, and assign that memory to a drive that has high hit rates. Or play around with the settings, disabling write cache might be a good start since a write-cache seems to have no real-world benefit.

So whatever you're doing with Truecrypt, bear in mind that the encryption has its limits set on your bandwidth. If you like to encrypt your system drive, choose the right encryption method according to the built-in benchmark.
If you encrypted your system with AES-Twofish-Serpent cascade, blame yourself for the zero performance gain you'd get from Primocache

[Neglacio]

I took the liberty to run some other tests, which will give a better insight in the combination of Truecrypt and Primocache.

(From left to right: Hostdrive, 50GB AES-encrypted container, 50GB AES-Twofish-encrypted container. From top to bottom: no cache, 2GB L1 cache with read/write & write-defer 10s, 2GB L1 cache with only read strategy, 8GB L1 cache with only read strategy)

PCMark Vantage 8 runs traces from different applications and plays them back on your hard disk. The faster a system works, the faster it will complete a trace.
Keep in mind that the test doesn't include repeated use of one application trough several hours, but just intensive starts en fast editing, loading, saving, ... Most gamers play for several hours, not a few minutes.
However, it does 3 passes on the test, with a large enough cache, more hits will be accumulated and you work faster.

Some interesting results appear.
1) Write-defer doesn't always seem to have a performance benefit. The only situation where a write-defer will help, will be with an SSD (which needs to rewrite a complete page for only one block, writing to several blocks in the same page skips this overhead).
2) At a large enough cache, it seems like bandwidth isn't the bottleneck for this storage test anymore. The three of them had the same duration of their tests, maxing out at ~1h20min.
3) Encryption does slow down your system, but the difference is marginal in many cases. (I might do another round with AES-Twofish-Serpent )
4) World of Warcraft loves AES-Twofish and 2GB L1

[InquiringMind]

...While doing this test, I noticed something peculiar: sequential reads and writes on the Truecrypt container were HIGHER than those on the unencrypted drive, without Primocache enabled. I don't know if this has to do with some caching Truecrypt performs or another kind of speed trick, but I was intrigued ...

Truecrypt's pipelining seems to be acting as a small RAM cache. Another oddity (with SSDs generally) is write outpacing read on the random tests thanks to wear-leveling transforming random writes to sequential writes.

Aside from that, an interesting set of results - thanks for taking the time to post them.

[Neglacio]

I saw too many people saying Truecrypt isn't a good combo with Primocache. Well, I just showed that isn't true, Primocache goes hand in hand with Truecrypt, boosting it performance in the same way it would for an unencrypted drive. You have to deal with a bit less performance, but for those who just have enough RAM and like Truecrypt, this is a perfect setup.

[InquiringMind]

...for those who just have enough RAM and like Truecrypt, this is a perfect setup.

I wouldn't go that far - the consequences of even a few bytes data loss could leave much (or even all) of an encrypted drive/container unreadable so I wouldn't recommend Write Defer. And for the paranoid, there is the possibility of PrimoCache weakening Truecrypt's security by retaining a copy of unencrypted data in RAM.

The performance gains are there, but given how modest they are I'd be inclined to give it a miss.

[Neglacio]

Primocache doesn't save unencrypted date in RAM, it works on a lower level than Truecrypt does. It rather saves the most accessed encrypted sectors, and Primocache handled it well.
Those paranoids should never use RAM Almost everything you do with a decrypted container gets stuck in RAM for some time.

Write-defer is a little critter I'm still trying to wrap my head around. Caching write-data pollutes the cache, and pushes valuable read data away.
At first I could clearly see the benefit for an SSD: By writing as much as possible at once to the SSD, you get much faster speeds. Trimmed blocks that were still in the write queue, don't get written at all. But as the benchmarks showed, write-defer in real world applications with an HDD doesn't give that much of a benefit.
As for my SSD, a Samsung 840EVO: It already holds a 3GB write-defer with SLC(-configured) chips. This already boosts the sequential speed up to the SATAIII limit. Trademarked Turbowrite. And for an SSD to wear out completely by consumer-grade disk operations.. By that time, there are already 2TB SSD's on sale

And I wouldn't say modest: The PCMark8 test ran for almost 1h50min without any cache. On the best cache-setup, it got cut by half an hour. That's just impressive! They'd give a raise to the politicians in my country who would cut my traffic time by that amount!