Skip to content

Commit a61c37d

Browse files
committed
Clarify why AES-GCM matters in README performance section
1 parent c2bc6e6 commit a61c37d

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -207,7 +207,7 @@ Files are stored canonically by camera, with date-based symlinks for browsing by
207207

208208
The backup process has negligible impact on the Protect device. We profiled a CloudKey Gen2+ while backups ran every minute and the device sat at 70-90% CPU idle throughout. The database query finishes so fast it doesn't even register at 10-second sampling intervals, and the SCP file transfer (the heaviest part) briefly uses one core for SSH encryption before dropping back to baseline. Memory, swap, and PostgreSQL activity are unchanged during backups.
209209

210-
The project defaults to AES-128-GCM for SSH encryption, which takes advantage of hardware AES extensions present on CloudKey Gen2+, UCG-Fiber, and likely all current UniFi Protect devices. This reduces total CPU-time per transfer by ~27% compared to the default ChaCha20-Poly1305 cipher.
210+
The project defaults to AES-128-GCM for SSH encryption, which takes advantage of hardware AES extensions present on CloudKey Gen2+, UCG-Fiber, and likely all current UniFi Protect devices. Peak CPU during transfers is about the same either way (one core doing cipher work), but AES-GCM finishes ~27% faster - so the device spends less total time under load per backup cycle.
211211

212212
See [docs/performance.md](docs/performance.md) for the full profiling data, cipher benchmarks, and methodology.
213213

0 commit comments

Comments
 (0)