Can't create CryFS encrypted volume due to high memory usage #23

Open
opened 2023-09-28 09:14:40 +02:00 by nasakoto · 29 comments

I can't create CryFS encrypted volume, neither ordinary or hidden. I tried all possible locations (DroidFS internal, phone, SD card). The error I got is "The volume creation has failed".
GocryptFS works fine.

DroidFS versions tried: 2.1.0 and 2.1.2 (both installed via F-droid)
Android version: 8.1.0

I can't create CryFS encrypted volume, neither ordinary or hidden. I tried all possible locations (DroidFS internal, phone, SD card). The error I got is "The volume creation has failed". GocryptFS works fine. DroidFS versions tried: 2.1.0 and 2.1.2 (both installed via F-droid) Android version: 8.1.0

Unfortunatly I cannot reproduce. It would be very helpful if you could show the logcat.

How long the message "Creating volume..." is displayed before showing the error?
Can you reproduce the issue with the APKs provided here?

Unfortunatly I cannot reproduce. It would be very helpful if you could show the logcat. How long the message "Creating volume..." is displayed before showing the error? Can you reproduce the issue with the APKs provided here?
Author

I tried the "universal" APK - still the same result. Unfortunately, I'm not a programmer, and I can't provide the logcat.

_ How long the message "Creating volume..." is displayed before showing the error?_

In the majority of cases this time is a fraction of a second, with one or two exceptions (for instance: the first time I tried to use aes-256, the "Creating volume..." message was displayed for about two seconds, followed by error, and on the second try (immediately after the first one), this time was considerably shorter.

Here are some screenshots:

https://i.postimg.cc/tC3vb2cf/Screenshot-20230928-080847.png

https://i.postimg.cc/RCnbsMLv/Screenshot-20230928-080851.png

https://i.postimg.cc/CLTr9Wck/Screenshot-20230928-080911.png

https://i.postimg.cc/XYx2GX4k/Screenshot-20230928-094857.png

I'm standing by for further assistance.

I tried the "universal" APK - still the same result. Unfortunately, I'm not a programmer, and I can't provide the logcat. > _ How long the message "Creating volume..." is displayed before showing the error?_ In the majority of cases this time is a fraction of a second, with one or two exceptions (for instance: the first time I tried to use aes-256, the "Creating volume..." message was displayed for about two seconds, followed by error, and on the second try (immediately after the first one), this time was considerably shorter. Here are some screenshots: https://i.postimg.cc/tC3vb2cf/Screenshot-20230928-080847.png https://i.postimg.cc/RCnbsMLv/Screenshot-20230928-080851.png https://i.postimg.cc/CLTr9Wck/Screenshot-20230928-080911.png https://i.postimg.cc/XYx2GX4k/Screenshot-20230928-094857.png I'm standing by for further assistance.

OK, that's hard to tell what's the problem without seeing the logcat. Can't you use adb or LogFox?

Do you have the same issue with different ciphers and different passwords (including empty)?

OK, that's hard to tell what's the problem without seeing the logcat. Can't you use `adb` or [LogFox](https://f-droid.org/en/packages/com.f0x1d.logfox)? Do you have the same issue with different ciphers and different passwords (including empty)?
Author

Sorry for the slow response, in the attached file is what I got.

The package is DroidFS-v2.1.2-universal.apk, directly downloaded from here.

(Just tried DroidFS-v2.1.3-universal.apk - same behaviour.)

Do you have the same issue with different ciphers and different passwords (including empty)?

Yes, all the ciphers and password lenghts (empty password, 1,3,8, 10 character) I tried failed.

Sorry for the slow response, in the attached file is what I got. The package is DroidFS-v2.1.2-universal.apk, directly downloaded from here. (Just tried DroidFS-v2.1.3-universal.apk - same behaviour.) > Do you have the same issue with different ciphers and different passwords (including empty)? Yes, all the ciphers and password lenghts (empty password, 1,3,8, 10 character) I tried failed.

Thank you very much. The only relevant line I spot in the provided logs is the following:

[libcryfs] [error] Crashed: std::bad_alloc

I think cryfs is failing to allocate enough memory for the scrypt derivation of the password.

How much memory does your device have? Are you using memory-hungry applications at the same time as DroidFS?

Are you using any special memory features from your ROM or other applications (such as memory usage constraints)?

Thank you very much. The only relevant line I spot in the provided logs is the following: ``` [libcryfs] [error] Crashed: std::bad_alloc ``` I think cryfs is failing to allocate enough memory for the scrypt derivation of the password. How much memory does your device have? Are you using memory-hungry applications at the same time as DroidFS? Are you using any special memory features from your ROM or other applications (such as memory usage constraints)?
Author

At the moment of writing: 3 Gb total memory, 1.7 Gb used.

Are you using any special memory features from your ROM or other applications (such as memory usage constraints)?

What did you say? ;-)
Smartphone related: I'm an ordinary, dumb user and I don't do anything unusual. Usually there are browser (Vivaldi), messenger (Threema), non-root firewall and e-mail client napping in the background.

At the moment of writing: 3 Gb total memory, 1.7 Gb used. > Are you using any special memory features from your ROM or other applications (such as memory usage constraints)? What did you say? ;-) Smartphone related: I'm an ordinary, dumb user and I don't do anything unusual. Usually there are browser (Vivaldi), messenger (Threema), non-root firewall and e-mail client napping in the background.

How many processor cores does your device have?

Can you try to close all running applications (force close if necessary), then try again to create a cryfs volume?

On my 8-core device, DroidFS memory usage increases to around 600 MB during CryFS password derivation. You can run top in a terminal on your device (or over adb) to see how much memory DroidFS is using (check the RES column).

How many processor cores does your device have? Can you try to close all running applications (force close if necessary), then try again to create a cryfs volume? On my 8-core device, DroidFS memory usage increases to around 600 MB during CryFS password derivation. You can run `top` in a terminal on your device (or over `adb`) to see how much memory DroidFS is using (check the `RES` column).
Author

I managed to free about 100 Mb of RAM killing whatever I saw - nothing changed. Memory used by the droidFS process never exceeds 130 Mb, as long as I can see it in top. I'm attaching a screenshot. My device has 4 processor cores.

I managed to free about 100 Mb of RAM killing whatever I saw - nothing changed. Memory used by the droidFS process never exceeds 130 Mb, as long as I can see it in `top`. I'm attaching a [screenshot](https://i.postimg.cc/6QNX8qR1/droidfs-top-2-c1.png). My device has 4 processor cores.

Does this also happen when opening an existing cryfs volume? (For example, creating a volume with the original cryfs program on the desktop, then trying to open it with DroidFS).

Can you try to reproduce the bug with gocryptfs, by editing the scrypt parameters in the gocryptfs.conf file? The default parameters used by cryfs are:

"scryptobject": {
	"n": 1048576,
	"r": 4,
	"p": 8,
}

However, gocryptfs doesn't allow r to be less than 8. Maybe you could try with:

"scryptobject": {
	"n": 1048576,
	"r": 8,
	"p": 8,
}
Does this also happen when opening an existing cryfs volume? (For example, creating a volume with the original cryfs program on the desktop, then trying to open it with DroidFS). Can you try to reproduce the bug with gocryptfs, by editing the scrypt parameters in the `gocryptfs.conf` file? The default parameters used by cryfs are: ```json "scryptobject": { "n": 1048576, "r": 4, "p": 8, } ``` However, gocryptfs doesn't allow `r` to be less than 8. Maybe you could try with: ```json "scryptobject": { "n": 1048576, "r": 8, "p": 8, } ```
Author

Please excuse my extreme delay!

Does this also happen when opening an existing cryfs volume? (For example, creating a volume with the original cryfs program on the desktop, then trying to open it with DroidFS).

Yes, but the error is different: "Open failed. Unknown error code: 0"
This particular volume was created on fairly modern phone, 8 cores/8 gigs RAM, using the DroidFS itself. I'm attaching the log captured (01-11_20-12-55.log)

Can you try to reproduce the bug with gocryptfs.....

I tried using the second set of parameters (those with "r": 8), and I got a DroidFS crash - all the three log files I obtained are attached too. I hope they can provide some information.

I'm standing by for any further assistance.

Please excuse my extreme delay! > Does this also happen when opening an existing cryfs volume? (For example, creating a volume with the original cryfs program on the desktop, then trying to open it with DroidFS). Yes, but the error is different: "Open failed. Unknown error code: 0" This particular volume was created on fairly modern phone, 8 cores/8 gigs RAM, using the DroidFS itself. I'm attaching the log captured (01-11_20-12-55.log) > Can you try to reproduce the bug with gocryptfs..... I tried using the second set of parameters (those with "r": 8), and I got a DroidFS crash - all the three log files I obtained are attached too. I hope they can provide some information. I'm standing by for any further assistance.

Interesting. The logcat when opening a volume shows the same error:

1698862389.068 10166  4786  4801 E spdlog  : [2023-11-01 20:13:09.067] [libcryfs] [error] Crashed: std::bad_alloc

If it crashed with gocryptfs then it's definitely a scrypt issue. Unfortunately, CryFS has not be designed to run on mobile devices and there are no ways to change the scrypt parameters at the moment. However, this is a TODO feature in DroidFS. When implemented, you will be able to reduce CryFS scrypt parameters and so create CryFS volumes.

Corresponding CryFS issue: https://github.com/cryfs/cryfs/issues/349

Interesting. The logcat when opening a volume shows the same error: ``` 1698862389.068 10166 4786 4801 E spdlog : [2023-11-01 20:13:09.067] [libcryfs] [error] Crashed: std::bad_alloc ``` If it crashed with gocryptfs then it's definitely a scrypt issue. Unfortunately, CryFS has not be designed to run on mobile devices and there are no ways to change the scrypt parameters at the moment. However, this is a TODO feature in DroidFS. When implemented, you will be able to reduce CryFS scrypt parameters and so create CryFS volumes. Corresponding CryFS issue: https://github.com/cryfs/cryfs/issues/349
hardcoresushi changed title from Can't create CryFS encrypted volume to Can't create CryFS encrypted volume due to high memory usage 2023-11-02 12:30:56 +01:00

DroifFS 2.2.0 fdroid v8a
OnePlus CPH2399 EEA
Android 14

This morning I had a similar issue: "DroidFS has not created the vault" or something similar statement.

I was unable to create a new CryFS vault. To solve the issue I had to delete the app cache, but even after the cache deletion, the vault opening is enough slow (it is empty).

DroifFS 2.2.0 fdroid v8a OnePlus CPH2399 EEA Android 14 This morning I had a similar issue: "DroidFS has not created the vault" or something similar statement. I was unable to create a new CryFS vault. To solve the issue I had to delete the app cache, but even after the cache deletion, the vault opening is enough slow (it is empty).

Another question, I am not a developer.

Is it safe posting here a logcat file?

Another question, I am not a developer. Is it safe posting here a logcat file?

the vault opening is enough slow (it is empty).

Yes that's because CryFS use way more costly KDF parameters by default. It should also be noticeable on desktop with gocryptfs vs CryFS.

Is it safe posting here a logcat file?

If it contains DroidFS logs only yes it's mostly safe. Otherwise, you can just look at it to check if it contains some information you don't want to share. You can also send it to me encrypted with my PGP key.

> the vault opening is enough slow (it is empty). Yes that's because CryFS use way more costly KDF parameters by default. It should also be noticeable on desktop with gocryptfs vs CryFS. > Is it safe posting here a logcat file? If it contains DroidFS logs only yes it's mostly safe. Otherwise, you can just look at it to check if it contains some information you don't want to share. You can also send it to me encrypted with my PGP key.

My email provider is Tuta. Currently it doesn't allow PGP/GPG encryption. It allows me to negotiate an encryption key with my recipient.

In the case I have to send something to you I must to find a safe way to send you this key.
I use SimpleX Chat as well.

you can just look at it to check if it contains some information you don't want to share.

Maybe this action it is difficult for my IT level.

My email provider is Tuta. Currently it doesn't allow PGP/GPG encryption. It allows me to negotiate an encryption key with my recipient. In the case I have to send something to you I must to find a safe way to send you this key. I use SimpleX Chat as well. `you can just look at it to check if it contains some information you don't want to share.` Maybe this action it is difficult for my IT level.

You don't need an email provider to use PGP. Just run gpg -ear B64EFE86CEE1D054F0821711AFE384344A45E13A < logcat.txt in a terminal and paste the output here. If you prefer GUI, you can use something like Kleopatra, Gpg Frontend or KGpg.

You don't need an email provider to use PGP. Just run `gpg -ear B64EFE86CEE1D054F0821711AFE384344A45E13A < logcat.txt` in a terminal and paste the output here. If you prefer GUI, you can use something like [Kleopatra](https://flathub.org/apps/org.kde.kleopatra), [Gpg Frontend](https://flathub.org/apps/com.bktus.gpgfrontend) or [KGpg](https://apps.kde.org/kgpg).

Some app to do this in Android with GUI?

Some app to do this in Android with GUI?
https://f-droid.org/en/packages/org.sufficientlysecure.keychain/

This is my fingerprint:

9f0c81a847e64d90d6182b6d6c6f2f9ab75dc9b1

This is my fingerprint: 9f0c81a847e64d90d6182b6d6c6f2f9ab75dc9b1

Your message is not encrypted with my PGP key. Here it is:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYg/BKBYJKwYBBAHaRw8BAQdAblsBVxg0zVpzkaRGq+W0KN2RFdc7A8cuKyoE
t1JX1LW0K0hhcmRjb3JlIFN1c2hpIDxoYXJkY29yZS5zdXNoaUBkaXNyb290Lm9y
Zz6IlgQTFggAPhYhBLZO/obO4dBU8IIXEa/jhDRKReE6BQJiD8EoAhsDBQkJZgGA
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEK/jhDRKReE64wQA+watMq1h4gIl
yEQwYFazTYLu2r2q+lfiYzd9emKFMEbfAPwOHcQUXnRIv+goBBPUAlfRRiOHvyw2
pWmrSXLMLX29Crg4BGIPwSgSCisGAQQBl1UBBQEBB0Aq+E9DnclL3MHloUKB2OwX
pw2l36Wrnoc9IaChzOHiZQMBCAeIfgQYFggAJhYhBLZO/obO4dBU8IIXEa/jhDRK
ReE6BQJiD8EoAhsMBQkJZgGAAAoJEK/jhDRKReE6vJgBALzSVX2Z7pxZ29Ne/Ebz
pCNs0p9bL6u7fPpFhunOaA1gAPsHUe7Tz0t77GN9uC9XHR7pw8LNTzRy70GhSH7v
R/yZCg==
=dxeT
-----END PGP PUBLIC KEY BLOCK-----

My fingerprint:

B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A
Your message is not encrypted with my PGP key. Here it is: ``` -----BEGIN PGP PUBLIC KEY BLOCK----- mDMEYg/BKBYJKwYBBAHaRw8BAQdAblsBVxg0zVpzkaRGq+W0KN2RFdc7A8cuKyoE t1JX1LW0K0hhcmRjb3JlIFN1c2hpIDxoYXJkY29yZS5zdXNoaUBkaXNyb290Lm9y Zz6IlgQTFggAPhYhBLZO/obO4dBU8IIXEa/jhDRKReE6BQJiD8EoAhsDBQkJZgGA BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEK/jhDRKReE64wQA+watMq1h4gIl yEQwYFazTYLu2r2q+lfiYzd9emKFMEbfAPwOHcQUXnRIv+goBBPUAlfRRiOHvyw2 pWmrSXLMLX29Crg4BGIPwSgSCisGAQQBl1UBBQEBB0Aq+E9DnclL3MHloUKB2OwX pw2l36Wrnoc9IaChzOHiZQMBCAeIfgQYFggAJhYhBLZO/obO4dBU8IIXEa/jhDRK ReE6BQJiD8EoAhsMBQkJZgGAAAoJEK/jhDRKReE6vJgBALzSVX2Z7pxZ29Ne/Ebz pCNs0p9bL6u7fPpFhunOaA1gAPsHUe7Tz0t77GN9uC9XHR7pw8LNTzRy70GhSH7v R/yZCg== =dxeT -----END PGP PUBLIC KEY BLOCK----- ``` My fingerprint: ``` B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A ```

I put B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A in the red field?

I put B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A in the red field?

Yes, but you first have to import my key into the app. If it doesn't work try to type my email instead.

Yes, but you first have to import my key into the app. If it doesn't work try to type my email instead.

Can you read my message now?

-----BEGIN PGP MESSAGE-----

wV4DBoNzfWHIDWUSAQdAMI1JX8wRzRPL8r2uM8egilz+oR5VtNEks96mV+Ok1z4w
t5yn8XX6aywh8aPDo9QnJ67HanpPUmiLQVwJZeFX+WwjySIplkUGq02RsT30uq4n
wV4DrDY38VOwTTgSAQdAVB2PAc1GC3VqVLf7mxMCPdi+hz7vpMz3h7HHrEIFs3sw
7tQ6P1GRm+c3G767FZzB8x6xRPWVez74dFSqxSYmzvWAi2gw+wc+lx2mBxQki5oP
0sAIAaIQd57PgyYRocFZUKhqiV2WbcCPagEp9cvT/8YfuSYG5UZTBd/fl746qGZ9
EB7Fq8lrrGoodTcI57Z4lxi8XkoKV0TSkK6tSetBlQZKioxcBkd4SAyh0yQYP5p9
TBpSb1PpoTOQUh/ybQw9cosP7SI9T0vo9ZtSeS7HtX4qeTvF9iSVDfH9jeQv3SdM
9kWEURlmsuVJ+VsxsGT1FZInqSwkW1e6A3mSCLjWj0WeoTEbJhKgfthCmBKrwV7U
LbobvsvxWhwHRoQ=
=/tEr
-----END PGP MESSAGE-----

Can you read my message now? -----BEGIN PGP MESSAGE----- wV4DBoNzfWHIDWUSAQdAMI1JX8wRzRPL8r2uM8egilz+oR5VtNEks96mV+Ok1z4w t5yn8XX6aywh8aPDo9QnJ67HanpPUmiLQVwJZeFX+WwjySIplkUGq02RsT30uq4n wV4DrDY38VOwTTgSAQdAVB2PAc1GC3VqVLf7mxMCPdi+hz7vpMz3h7HHrEIFs3sw 7tQ6P1GRm+c3G767FZzB8x6xRPWVez74dFSqxSYmzvWAi2gw+wc+lx2mBxQki5oP 0sAIAaIQd57PgyYRocFZUKhqiV2WbcCPagEp9cvT/8YfuSYG5UZTBd/fl746qGZ9 EB7Fq8lrrGoodTcI57Z4lxi8XkoKV0TSkK6tSetBlQZKioxcBkd4SAyh0yQYP5p9 TBpSb1PpoTOQUh/ybQw9cosP7SI9T0vo9ZtSeS7HtX4qeTvF9iSVDfH9jeQv3SdM 9kWEURlmsuVJ+VsxsGT1FZInqSwkW1e6A3mSCLjWj0WeoTEbJhKgfthCmBKrwV7U LbobvsvxWhwHRoQ= =/tEr -----END PGP MESSAGE-----

Yes I can read it. Congratulations!

Yes I can read it. Congratulations!

I didnt understand the relation between PGP public bloc and fingerprint.

If have I to write secretly to a developer I have to provide him just the pub bloc, just the fingerprint or both?

I didnt understand the relation between PGP public bloc and fingerprint. If have I to write secretly to a developer I have to provide him just the pub bloc, just the fingerprint or both?

What you call the PGP public block is the full PGP key, needed to perform encryption. The fingerprint is just the hash of the key, used to identify the key and check it's the correct one. It's derived from the full key.

If you want to send an encrypted PGP message to someone, you need their full PGP key. However, if their key has been uploaded to a keyserver like keyserver.ubuntu.com, you can download it with their email or fingerprint. For example:

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys AFE384344A45E13A
What you call the PGP public block is the full PGP key, needed to perform encryption. The fingerprint is just the hash of the key, used to identify the key and check it's the correct one. It's derived from the full key. If you want to send an encrypted PGP message to someone, you need their full PGP key. However, if their key has been uploaded to a keyserver like [keyserver.ubuntu.com](https://keyserver.ubuntu.com), you can download it with their email or fingerprint. For example: ``` gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys AFE384344A45E13A ```

The second server there wasn't. I added it manually now (reading your message).

The second server there wasn't. I added it manually now (reading your message).

I encountered an issue creating a CryFS encrypted volume because of high memory usage. This problem has been logged as #23. It’s essential to troubleshoot memory allocation, ensuring that resources are optimally used, much like strategizing in wordle unlimited where every guess counts. Let’s seek a resolution to enhance performance for a smoother experience!

I encountered an issue creating a CryFS encrypted volume because of high memory usage. This problem has been logged as #23. It’s essential to troubleshoot memory allocation, ensuring that resources are optimally used, much like strategizing in [wordle unlimited](https://wordleunlimitedplay.com/) where every guess counts. Let’s seek a resolution to enhance performance for a smoother experience!

It seems the high memory usage is causing issues with creating the CryFS encrypted volume. Just like navigating through difficult levels in moto x3m, troubleshooting requires careful planning. Whether you're racing through obstacles or managing system resources, find a solution to optimize memory for a smoother experience. Let's tackle this challenge efficiently!

It seems the high memory usage is causing issues with creating the CryFS encrypted volume. Just like navigating through difficult levels in [moto x3m](https://motox3mfree.io/), troubleshooting requires careful planning. Whether you're racing through obstacles or managing system resources, find a solution to optimize memory for a smoother experience. Let's tackle this challenge efficiently!
Sign in to join this conversation.
No Milestone
No Assignees
5 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: hardcoresushi/DroidFS#23
No description provided.