Can't create CryFS encrypted volume due to high memory usage #23

New Issue

nasakoto · 2023-09-28T09:14:40+02:00

nasakoto commented

2023-09-28 09:14:40 +02:00

I can't create CryFS encrypted volume, neither ordinary or hidden. I tried all possible locations (DroidFS internal, phone, SD card). The error I got is "The volume creation has failed".
GocryptFS works fine.

DroidFS versions tried: 2.1.0 and 2.1.2 (both installed via F-droid)
Android version: 8.1.0

I can't create CryFS encrypted volume, neither ordinary or hidden. I tried all possible locations (DroidFS internal, phone, SD card). The error I got is "The volume creation has failed". GocryptFS works fine. DroidFS versions tried: 2.1.0 and 2.1.2 (both installed via F-droid) Android version: 8.1.0

hardcoresushi commented

2023-09-28 12:47:35 +02:00

Unfortunatly I cannot reproduce. It would be very helpful if you could show the logcat.

How long the message "Creating volume..." is displayed before showing the error?
Can you reproduce the issue with the APKs provided here?

Unfortunatly I cannot reproduce. It would be very helpful if you could show the logcat. How long the message "Creating volume..." is displayed before showing the error? Can you reproduce the issue with the APKs provided here?

nasakoto commented

2023-09-28 15:11:06 +02:00

I tried the "universal" APK - still the same result. Unfortunately, I'm not a programmer, and I can't provide the logcat.

_ How long the message "Creating volume..." is displayed before showing the error?_

In the majority of cases this time is a fraction of a second, with one or two exceptions (for instance: the first time I tried to use aes-256, the "Creating volume..." message was displayed for about two seconds, followed by error, and on the second try (immediately after the first one), this time was considerably shorter.

Here are some screenshots:

https://i.postimg.cc/tC3vb2cf/Screenshot-20230928-080847.png

https://i.postimg.cc/RCnbsMLv/Screenshot-20230928-080851.png

https://i.postimg.cc/CLTr9Wck/Screenshot-20230928-080911.png

https://i.postimg.cc/XYx2GX4k/Screenshot-20230928-094857.png

I'm standing by for further assistance.

I tried the "universal" APK - still the same result. Unfortunately, I'm not a programmer, and I can't provide the logcat. > _ How long the message "Creating volume..." is displayed before showing the error?_ In the majority of cases this time is a fraction of a second, with one or two exceptions (for instance: the first time I tried to use aes-256, the "Creating volume..." message was displayed for about two seconds, followed by error, and on the second try (immediately after the first one), this time was considerably shorter. Here are some screenshots: https://i.postimg.cc/tC3vb2cf/Screenshot-20230928-080847.png https://i.postimg.cc/RCnbsMLv/Screenshot-20230928-080851.png https://i.postimg.cc/CLTr9Wck/Screenshot-20230928-080911.png https://i.postimg.cc/XYx2GX4k/Screenshot-20230928-094857.png I'm standing by for further assistance.

hardcoresushi commented

2023-09-28 19:45:23 +02:00

OK, that's hard to tell what's the problem without seeing the logcat. Can't you use adb or LogFox?

Do you have the same issue with different ciphers and different passwords (including empty)?

OK, that's hard to tell what's the problem without seeing the logcat. Can't you use `adb` or [LogFox](https://f-droid.org/en/packages/com.f0x1d.logfox)? Do you have the same issue with different ciphers and different passwords (including empty)?

nasakoto commented

2023-09-29 17:24:14 +02:00

Sorry for the slow response, in the attached file is what I got.

The package is DroidFS-v2.1.2-universal.apk, directly downloaded from here.

(Just tried DroidFS-v2.1.3-universal.apk - same behaviour.)

Do you have the same issue with different ciphers and different passwords (including empty)?

Yes, all the ciphers and password lenghts (empty password, 1,3,8, 10 character) I tried failed.

Sorry for the slow response, in the attached file is what I got. The package is DroidFS-v2.1.2-universal.apk, directly downloaded from here. (Just tried DroidFS-v2.1.3-universal.apk - same behaviour.) > Do you have the same issue with different ciphers and different passwords (including empty)? Yes, all the ciphers and password lenghts (empty password, 1,3,8, 10 character) I tried failed.

29-09_18-05-54.txt

18 KiB

hardcoresushi commented

2023-09-29 17:49:13 +02:00

Thank you very much. The only relevant line I spot in the provided logs is the following:

[libcryfs] [error] Crashed: std::bad_alloc

I think cryfs is failing to allocate enough memory for the scrypt derivation of the password.

How much memory does your device have? Are you using memory-hungry applications at the same time as DroidFS?

Are you using any special memory features from your ROM or other applications (such as memory usage constraints)?

Thank you very much. The only relevant line I spot in the provided logs is the following: ``` [libcryfs] [error] Crashed: std::bad_alloc ``` I think cryfs is failing to allocate enough memory for the scrypt derivation of the password. How much memory does your device have? Are you using memory-hungry applications at the same time as DroidFS? Are you using any special memory features from your ROM or other applications (such as memory usage constraints)?

nasakoto commented

2023-09-29 18:08:31 +02:00

At the moment of writing: 3 Gb total memory, 1.7 Gb used.

Are you using any special memory features from your ROM or other applications (such as memory usage constraints)?

What did you say? ;-)
Smartphone related: I'm an ordinary, dumb user and I don't do anything unusual. Usually there are browser (Vivaldi), messenger (Threema), non-root firewall and e-mail client napping in the background.

At the moment of writing: 3 Gb total memory, 1.7 Gb used. > Are you using any special memory features from your ROM or other applications (such as memory usage constraints)? What did you say? ;-) Smartphone related: I'm an ordinary, dumb user and I don't do anything unusual. Usually there are browser (Vivaldi), messenger (Threema), non-root firewall and e-mail client napping in the background.

hardcoresushi commented

2023-09-29 20:09:32 +02:00

How many processor cores does your device have?

Can you try to close all running applications (force close if necessary), then try again to create a cryfs volume?

On my 8-core device, DroidFS memory usage increases to around 600 MB during CryFS password derivation. You can run top in a terminal on your device (or over adb) to see how much memory DroidFS is using (check the RES column).

How many processor cores does your device have? Can you try to close all running applications (force close if necessary), then try again to create a cryfs volume? On my 8-core device, DroidFS memory usage increases to around 600 MB during CryFS password derivation. You can run `top` in a terminal on your device (or over `adb`) to see how much memory DroidFS is using (check the `RES` column).

nasakoto commented

2023-09-29 21:34:38 +02:00

I managed to free about 100 Mb of RAM killing whatever I saw - nothing changed. Memory used by the droidFS process never exceeds 130 Mb, as long as I can see it in top. I'm attaching a screenshot. My device has 4 processor cores.

I managed to free about 100 Mb of RAM killing whatever I saw - nothing changed. Memory used by the droidFS process never exceeds 130 Mb, as long as I can see it in `top`. I'm attaching a [screenshot](https://i.postimg.cc/6QNX8qR1/droidfs-top-2-c1.png). My device has 4 processor cores.

hardcoresushi commented

2023-10-11 13:22:12 +02:00

Does this also happen when opening an existing cryfs volume? (For example, creating a volume with the original cryfs program on the desktop, then trying to open it with DroidFS).

Can you try to reproduce the bug with gocryptfs, by editing the scrypt parameters in the gocryptfs.conf file? The default parameters used by cryfs are:

"scryptobject": {
	"n": 1048576,
	"r": 4,
	"p": 8,
}

However, gocryptfs doesn't allow r to be less than 8. Maybe you could try with:

"scryptobject": {
	"n": 1048576,
	"r": 8,
	"p": 8,
}

Does this also happen when opening an existing cryfs volume? (For example, creating a volume with the original cryfs program on the desktop, then trying to open it with DroidFS). Can you try to reproduce the bug with gocryptfs, by editing the scrypt parameters in the `gocryptfs.conf` file? The default parameters used by cryfs are: ```json "scryptobject": { "n": 1048576, "r": 4, "p": 8, } ``` However, gocryptfs doesn't allow `r` to be less than 8. Maybe you could try with: ```json "scryptobject": { "n": 1048576, "r": 8, "p": 8, } ```

nasakoto commented

2023-11-01 19:40:26 +01:00

Please excuse my extreme delay!

Does this also happen when opening an existing cryfs volume? (For example, creating a volume with the original cryfs program on the desktop, then trying to open it with DroidFS).

Yes, but the error is different: "Open failed. Unknown error code: 0"
This particular volume was created on fairly modern phone, 8 cores/8 gigs RAM, using the DroidFS itself. I'm attaching the log captured (01-11_20-12-55.log)

Can you try to reproduce the bug with gocryptfs.....

I tried using the second set of parameters (those with "r": 8), and I got a DroidFS crash - all the three log files I obtained are attached too. I hope they can provide some information.

I'm standing by for any further assistance.

Please excuse my extreme delay! > Does this also happen when opening an existing cryfs volume? (For example, creating a volume with the original cryfs program on the desktop, then trying to open it with DroidFS). Yes, but the error is different: "Open failed. Unknown error code: 0" This particular volume was created on fairly modern phone, 8 cores/8 gigs RAM, using the DroidFS itself. I'm attaching the log captured (01-11_20-12-55.log) > Can you try to reproduce the bug with gocryptfs..... I tried using the second set of parameters (those with "r": 8), and I got a DroidFS crash - all the three log files I obtained are attached too. I hope they can provide some information. I'm standing by for any further assistance.

01-11_20-12-55.log

5.9 KiB

crash_crash.log

819 B

crash_device.txt

191 B

crash_dump.log

11 KiB

hardcoresushi commented

2023-11-02 12:30:17 +01:00

Interesting. The logcat when opening a volume shows the same error:

1698862389.068 10166  4786  4801 E spdlog  : [2023-11-01 20:13:09.067] [libcryfs] [error] Crashed: std::bad_alloc

If it crashed with gocryptfs then it's definitely a scrypt issue. Unfortunately, CryFS has not be designed to run on mobile devices and there are no ways to change the scrypt parameters at the moment. However, this is a TODO feature in DroidFS. When implemented, you will be able to reduce CryFS scrypt parameters and so create CryFS volumes.

Corresponding CryFS issue: https://github.com/cryfs/cryfs/issues/349

Interesting. The logcat when opening a volume shows the same error: ``` 1698862389.068 10166 4786 4801 E spdlog : [2023-11-01 20:13:09.067] [libcryfs] [error] Crashed: std::bad_alloc ``` If it crashed with gocryptfs then it's definitely a scrypt issue. Unfortunately, CryFS has not be designed to run on mobile devices and there are no ways to change the scrypt parameters at the moment. However, this is a TODO feature in DroidFS. When implemented, you will be able to reduce CryFS scrypt parameters and so create CryFS volumes. Corresponding CryFS issue: https://github.com/cryfs/cryfs/issues/349

hardcoresushi changed title from ~~Can't create CryFS encrypted volume~~ to Can't create CryFS encrypted volume due to high memory usage

2023-11-02 12:30:56 +01:00

srapzr commented

2024-09-19 07:52:20 +02:00

DroifFS 2.2.0 fdroid v8a
OnePlus CPH2399 EEA
Android 14

This morning I had a similar issue: "DroidFS has not created the vault" or something similar statement.

I was unable to create a new CryFS vault. To solve the issue I had to delete the app cache, but even after the cache deletion, the vault opening is enough slow (it is empty).

DroifFS 2.2.0 fdroid v8a OnePlus CPH2399 EEA Android 14 This morning I had a similar issue: "DroidFS has not created the vault" or something similar statement. I was unable to create a new CryFS vault. To solve the issue I had to delete the app cache, but even after the cache deletion, the vault opening is enough slow (it is empty).

srapzr commented

2024-09-19 07:55:39 +02:00

Another question, I am not a developer.

Is it safe posting here a logcat file?

Another question, I am not a developer. Is it safe posting here a logcat file?

hardcoresushi commented

2024-09-19 11:54:44 +02:00

the vault opening is enough slow (it is empty).

Yes that's because CryFS use way more costly KDF parameters by default. It should also be noticeable on desktop with gocryptfs vs CryFS.

Is it safe posting here a logcat file?

If it contains DroidFS logs only yes it's mostly safe. Otherwise, you can just look at it to check if it contains some information you don't want to share. You can also send it to me encrypted with my PGP key.

> the vault opening is enough slow (it is empty). Yes that's because CryFS use way more costly KDF parameters by default. It should also be noticeable on desktop with gocryptfs vs CryFS. > Is it safe posting here a logcat file? If it contains DroidFS logs only yes it's mostly safe. Otherwise, you can just look at it to check if it contains some information you don't want to share. You can also send it to me encrypted with my PGP key.

👍 1

srapzr commented

2024-09-19 12:07:24 +02:00

My email provider is Tuta. Currently it doesn't allow PGP/GPG encryption. It allows me to negotiate an encryption key with my recipient.

In the case I have to send something to you I must to find a safe way to send you this key.
I use SimpleX Chat as well.

you can just look at it to check if it contains some information you don't want to share.

Maybe this action it is difficult for my IT level.

My email provider is Tuta. Currently it doesn't allow PGP/GPG encryption. It allows me to negotiate an encryption key with my recipient. In the case I have to send something to you I must to find a safe way to send you this key. I use SimpleX Chat as well. `you can just look at it to check if it contains some information you don't want to share.` Maybe this action it is difficult for my IT level.

hardcoresushi commented

2024-09-19 12:29:49 +02:00

You don't need an email provider to use PGP. Just run gpg -ear B64EFE86CEE1D054F0821711AFE384344A45E13A < logcat.txt in a terminal and paste the output here. If you prefer GUI, you can use something like Kleopatra, Gpg Frontend or KGpg.

You don't need an email provider to use PGP. Just run `gpg -ear B64EFE86CEE1D054F0821711AFE384344A45E13A < logcat.txt` in a terminal and paste the output here. If you prefer GUI, you can use something like [Kleopatra](https://flathub.org/apps/org.kde.kleopatra), [Gpg Frontend](https://flathub.org/apps/com.bktus.gpgfrontend) or [KGpg](https://apps.kde.org/kgpg).

👍 1

srapzr commented

2024-09-19 12:33:49 +02:00

Some app to do this in Android with GUI?

hardcoresushi commented

2024-09-19 12:35:21 +02:00

https://f-droid.org/en/packages/org.sufficientlysecure.keychain/

srapzr commented

2024-09-19 13:29:05 +02:00

This is my fingerprint:

9f0c81a847e64d90d6182b6d6c6f2f9ab75dc9b1

This is my fingerprint: 9f0c81a847e64d90d6182b6d6c6f2f9ab75dc9b1

hardcoresushi commented

2024-09-19 13:35:54 +02:00

Your message is not encrypted with my PGP key. Here it is:

My fingerprint:

B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A

Your message is not encrypted with my PGP key. Here it is: ``` -----BEGIN PGP PUBLIC KEY BLOCK----- mDMEYg/BKBYJKwYBBAHaRw8BAQdAblsBVxg0zVpzkaRGq+W0KN2RFdc7A8cuKyoE t1JX1LW0K0hhcmRjb3JlIFN1c2hpIDxoYXJkY29yZS5zdXNoaUBkaXNyb290Lm9y Zz6IlgQTFggAPhYhBLZO/obO4dBU8IIXEa/jhDRKReE6BQJiD8EoAhsDBQkJZgGA BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEK/jhDRKReE64wQA+watMq1h4gIl yEQwYFazTYLu2r2q+lfiYzd9emKFMEbfAPwOHcQUXnRIv+goBBPUAlfRRiOHvyw2 pWmrSXLMLX29Crg4BGIPwSgSCisGAQQBl1UBBQEBB0Aq+E9DnclL3MHloUKB2OwX pw2l36Wrnoc9IaChzOHiZQMBCAeIfgQYFggAJhYhBLZO/obO4dBU8IIXEa/jhDRK ReE6BQJiD8EoAhsMBQkJZgGAAAoJEK/jhDRKReE6vJgBALzSVX2Z7pxZ29Ne/Ebz pCNs0p9bL6u7fPpFhunOaA1gAPsHUe7Tz0t77GN9uC9XHR7pw8LNTzRy70GhSH7v R/yZCg== =dxeT -----END PGP PUBLIC KEY BLOCK----- ``` My fingerprint: ``` B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A ```

srapzr commented

2024-09-19 13:41:09 +02:00

I put B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A in the red field?

1000120327.jpg

98 KiB

hardcoresushi commented

2024-09-19 13:43:01 +02:00

Yes, but you first have to import my key into the app. If it doesn't work try to type my email instead.

srapzr commented

2024-09-19 13:50:51 +02:00

Can you read my message now?

-----BEGIN PGP MESSAGE-----

wV4DBoNzfWHIDWUSAQdAMI1JX8wRzRPL8r2uM8egilz+oR5VtNEks96mV+Ok1z4w
t5yn8XX6aywh8aPDo9QnJ67HanpPUmiLQVwJZeFX+WwjySIplkUGq02RsT30uq4n
wV4DrDY38VOwTTgSAQdAVB2PAc1GC3VqVLf7mxMCPdi+hz7vpMz3h7HHrEIFs3sw
7tQ6P1GRm+c3G767FZzB8x6xRPWVez74dFSqxSYmzvWAi2gw+wc+lx2mBxQki5oP
0sAIAaIQd57PgyYRocFZUKhqiV2WbcCPagEp9cvT/8YfuSYG5UZTBd/fl746qGZ9
EB7Fq8lrrGoodTcI57Z4lxi8XkoKV0TSkK6tSetBlQZKioxcBkd4SAyh0yQYP5p9
TBpSb1PpoTOQUh/ybQw9cosP7SI9T0vo9ZtSeS7HtX4qeTvF9iSVDfH9jeQv3SdM
9kWEURlmsuVJ+VsxsGT1FZInqSwkW1e6A3mSCLjWj0WeoTEbJhKgfthCmBKrwV7U
LbobvsvxWhwHRoQ=
=/tEr
-----END PGP MESSAGE-----

Can you read my message now? -----BEGIN PGP MESSAGE----- wV4DBoNzfWHIDWUSAQdAMI1JX8wRzRPL8r2uM8egilz+oR5VtNEks96mV+Ok1z4w t5yn8XX6aywh8aPDo9QnJ67HanpPUmiLQVwJZeFX+WwjySIplkUGq02RsT30uq4n wV4DrDY38VOwTTgSAQdAVB2PAc1GC3VqVLf7mxMCPdi+hz7vpMz3h7HHrEIFs3sw 7tQ6P1GRm+c3G767FZzB8x6xRPWVez74dFSqxSYmzvWAi2gw+wc+lx2mBxQki5oP 0sAIAaIQd57PgyYRocFZUKhqiV2WbcCPagEp9cvT/8YfuSYG5UZTBd/fl746qGZ9 EB7Fq8lrrGoodTcI57Z4lxi8XkoKV0TSkK6tSetBlQZKioxcBkd4SAyh0yQYP5p9 TBpSb1PpoTOQUh/ybQw9cosP7SI9T0vo9ZtSeS7HtX4qeTvF9iSVDfH9jeQv3SdM 9kWEURlmsuVJ+VsxsGT1FZInqSwkW1e6A3mSCLjWj0WeoTEbJhKgfthCmBKrwV7U LbobvsvxWhwHRoQ= =/tEr -----END PGP MESSAGE-----

hardcoresushi commented

2024-09-19 13:52:17 +02:00

Yes I can read it. Congratulations!

❤️ 1

srapzr commented

2024-09-19 13:54:49 +02:00

I didnt understand the relation between PGP public bloc and fingerprint.

If have I to write secretly to a developer I have to provide him just the pub bloc, just the fingerprint or both?

I didnt understand the relation between PGP public bloc and fingerprint. If have I to write secretly to a developer I have to provide him just the pub bloc, just the fingerprint or both?

hardcoresushi commented

2024-09-19 14:07:09 +02:00

What you call the PGP public block is the full PGP key, needed to perform encryption. The fingerprint is just the hash of the key, used to identify the key and check it's the correct one. It's derived from the full key.

If you want to send an encrypted PGP message to someone, you need their full PGP key. However, if their key has been uploaded to a keyserver like keyserver.ubuntu.com, you can download it with their email or fingerprint. For example:

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys AFE384344A45E13A

What you call the PGP public block is the full PGP key, needed to perform encryption. The fingerprint is just the hash of the key, used to identify the key and check it's the correct one. It's derived from the full key. If you want to send an encrypted PGP message to someone, you need their full PGP key. However, if their key has been uploaded to a keyserver like [keyserver.ubuntu.com](https://keyserver.ubuntu.com), you can download it with their email or fingerprint. For example: ``` gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys AFE384344A45E13A ```

👍 1

srapzr commented

2024-09-19 14:16:49 +02:00

The second server there wasn't. I added it manually now (reading your message).

1000120330.jpg

170 KiB

Sign in to join this conversation.