VeraCrypt CLI Benchmark Script

I was setting up VeraCrypt on a Raspberry Pi 2 the other day so I could use it as a backup target for my main server and was curious how fast, hahaha just kidding, I mean how slow VeraCrypt would be.

To my disappointment VeraCrypt does not provide a method for running the benchmark built into the GUI via the CLI.

This is the nice benchmark you can run from the GUI:

veracryptBenchmark

So I took some time this weekend and wrote a simple BASH script you can use to benchmark the CLI version of VeraCrypt.

I only tested it with VeraCrupt 1.18a. Chances are if you run it with a previous version you’ll get some really fast times for the new Encryption/Hashes they added in 1.18 because the test won’t actually run.

The benchmark I wrote simply outputs how long it takes to create and encrypt a container of a specific size. It’s not quite as good as the GUI version which outputs the actual speed but it’s at least something. I think this will work on any version of Linux. I tried to use only build-in system utilities and since I wrote it on CentOS 6 means I probably used some of the oldest GNU utilities still commonly used.

During my testing I found that having a container size to small would result in all times being nearly the same with the exception of ripemd160 and streebog. To get better results I recommend using at least a 1GB test file size on modern hardware. Even at 1GB you can see the sample from my main server has each encryption and hash type only varying by 2-45 seconds.

Here is a sample of what the script outputs:

I will admit I don’t fully understand these results. I would have expected much more variety in timing between the different types of encryption under a single hash type. Especially on the Raspberry Pi 2.

The script does a simply container creation benchmark in it’s default state. However if you add  <USERNAME RUNNING BENCHMARK> ALL=NOPASSWD: <PATH TO bin/veracrypt>  to your sudo file and change  FILLCONTAINER=0  to  FILLCONTAINER=1  it will perform file write speed benchmark.

and here is the script itself:

I’m not super confident in the output. Some of the numbers leave me scratching my head. It’s completely possible I’ve got something totally wrong with this script. Please feel free to post comments/revisions.

4 thoughts on “VeraCrypt CLI Benchmark Script

  1. Nice work on the bash script.

    Did you check the speed at which your system generates /dev/urandom data? On a slow system that would set an upper threshold for filling up the container.

  2. This is nice work indeed!  I’ve made some changes, but this is really a great script.  My changes are nit-picky.

    First, altering the command line to fit VC v1.23 (most command line switches need = now).

    Secondly:

    FILLSTARTTIME=`date +%s.%N`
    FILLENDTIME=`date +%s.%N`

    change those lines and that’s all you need to give nanosecond resolution to the start and end times, which will give you much more accurate results on smaller fill sizes.  The calculator you’re using already supports floating point.

    Also, I changed /dev/urandom for /dev/zero, since Mark is correct that we really don’t care about the speed of the Linux PRNG.  Finally, since I don’t care about the mounting times, and because the benchmark is glacially slow otherwise, I did –pim=1.  I would suggest putting the PKCS mounting times, if you want to benchmark them, in a separate section at the end where you benchmark each hash.

    Also, since we also want to benchmark the algorithms more than the disk speed, when I run this benchmark, I do it on a ramfs ramdisk.  This still tests the entire throughput mechanism, but it eliminates disk speed as the limiting factor.   A 210MB ramdisk won’t sink most machines, and with the nanosecond resolution is more than enough space to give good results.

    Thanks again for this great script.  I hope you find the suggestions even a fraction as useful as I found the script.

    • Wow! Thanks for the feedback and suggestions.

      I will one day go back through my blog and convert all these scripts that are posts into Git Repos and then look into implementing your suggestions.

      If you’d care to share your script I’ll add it here as an update to the post credited to you.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.