Using LUKS instead of ext4 format

If I am going to use LUKS over ext4 format for my PC, how much slower is my harddisk going to be?


first, you can’t “use LUKS instead of EXT4 format”.

Think of LUKS as a sort of container. To store and read data in this container you would have to assign some sort of filesystem, ext4 for example.
So it’s more like ext4 in a LUKS partition or container. To make things more complicated this container itself could be stored on a btrfs filesystem for example.

Secondly, there will of course be a measurable performance impact if you use encryption. There are tons of benchmarks out there. With old cpu’s and slow hdd’s the impact could be up to 30%. With a modern cpu and fast ssd the performance impact would probably be a low single digit.
BUT, I personally bet you won’t notice this doing “normal” stuff on your pc, that is if you don’t move around Terabytes of data everyday.
I always use encryption and recommend everybody use it too.

1 Like

What about in comparison to Windows using NTFS, Which one would be faster, ext4 (LUKS) or running Windows with NTFS format?

Sorry, but I don’t quite understand your question. You’re comparing apples with oranges and seem to mix up the concept of encryption and filesystems.

If you compare an unencrypted Windows with NTFS to an encrypted Linux system, well of course Windows would score better.

One could for example use the same encryption (e. g. VeraCrypt container) on a ntfs formatted drive with windows, just as on an ext4 formatted partition under linux.
Then you would basically be comparing ntfs to ext4; but there would still be the problem of “which Windows” (8.1, 10, …) compared to “which Linux distribution”. There’s just no end to the questions that arise with these types of comparisons.

As I recommended before, just go with full disk encryption (VeraCrypt or Bitlocker on Windows, LUKS on Linux) and forget about the performance impact. You WILL NOT NOTICE it in real life.

I’d recommend getting basic knowledge and information on

  • Filesystems: e. g. NTFS, EXT4, btrfs, …
  • Full Disk Encryption vs. “Container”-Encryption
  • Different encryption “software”: e. g. dm-crypt (LUKS), EncFS, VeraCrypt, …

If you then have decided for a specific file system I will happily point you to encryption tutorials if the basic encryption the calamares installer provides should not suffice.

1 Like

GNU/Linux is a lot faster than WIndows in terms of drive use. So I wanted to know if encrypted Linux filesystem is still faster than Windows’ unecrptyed file system.

Even if I am using a HDD?

I will take a look at it, thanks

Well, Windows with FAT32 would be faster than LUKS encrypted ext4, but as @2000 already said , this would be comparing completely different things.

I still have two PCs with encrypted ext4 on LUKS LVM HDDs. I did never measure the difference but my personal impression is that there is no difference between encrypted and non encrypted HDDs.

1 Like

afaik, full disk encryption is avaiable via calamares, which got me curious to ask about this scenario:

how to handle/keep an encrypted /home on a clean install (with calamares in the back of one’s mind)?

simply proceed as before while using the old password?

I think that is how it would work. Cause if you are going to mount that particular partiion as your /home during the installation process then I pretty sure it will require the same password to decrypt.

1 Like

When using the standard way calamares sets up an encrypted system this will not work!
By this I mean installing with either “Replace a partition” or “Erase disk” and checking the “Encrypt system” checkbox.
Calamares will then set up one encrypted EXT4onLUKS partition containing root and /home. You wouldn’t be able to keep /home when reinstalling the same way.

For this to work you would have to choose the “Manual partitioning” option and set up a system with a separate encrypted /home partition on your initial install. You could then try to mount your existing encrypted /home partition when reinstalling.
But AFAIK this does not work with the current calamares (installation fails; at least on my last test)!

Short answer: don’t rely on the current calamares for this. So far, my tests have all failed.

Now, while this can always be done with the help of the command line and maybe some temporary storage I personally think it isn’t worth the hassle.
Just set up a new encrypted empty system and restore your /home backup; which you certainly have :wink:.

1 Like

that is really good to know, thanks for testing. very appreciated.

Ah I see, I am used to doing manual partitioning so I was thinking he was going to use manual partitioning.

Oh that sucks, I use LUKS so i guess with LUKS this would work?

in fact, i am using manual partitioning. sorry for not making it clear enough.

from my understanding, re-using luks on an existing encrypted /home partition should theoretically work, as all information to decrypt is stored in (each) partition, right? of course that does not automatically imply you are good to go with calamares, hence my question.

All good.

That is what I believe.

What is calamares by the way? And how does it differ to LUKS?

Calamares is the (offline and network) INSTALLER EndeavourOs and a bunch of other distributions use. The current version can only handle the most basic encryption (dm-crypt with LUKS) schemes and fails when it gets more complicated.

1 Like