Can't create CryFS encrypted volume due to high memory usage #23
Labels
No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
No Milestone
No Assignees
5 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: hardcoresushi/DroidFS#23
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I can't create CryFS encrypted volume, neither ordinary or hidden. I tried all possible locations (DroidFS internal, phone, SD card). The error I got is "The volume creation has failed".
GocryptFS works fine.
DroidFS versions tried: 2.1.0 and 2.1.2 (both installed via F-droid)
Android version: 8.1.0
Unfortunatly I cannot reproduce. It would be very helpful if you could show the logcat.
How long the message "Creating volume..." is displayed before showing the error?
Can you reproduce the issue with the APKs provided here?
I tried the "universal" APK - still the same result. Unfortunately, I'm not a programmer, and I can't provide the logcat.
In the majority of cases this time is a fraction of a second, with one or two exceptions (for instance: the first time I tried to use aes-256, the "Creating volume..." message was displayed for about two seconds, followed by error, and on the second try (immediately after the first one), this time was considerably shorter.
Here are some screenshots:
https://i.postimg.cc/tC3vb2cf/Screenshot-20230928-080847.png
https://i.postimg.cc/RCnbsMLv/Screenshot-20230928-080851.png
https://i.postimg.cc/CLTr9Wck/Screenshot-20230928-080911.png
https://i.postimg.cc/XYx2GX4k/Screenshot-20230928-094857.png
I'm standing by for further assistance.
OK, that's hard to tell what's the problem without seeing the logcat. Can't you use
adb
or LogFox?Do you have the same issue with different ciphers and different passwords (including empty)?
Sorry for the slow response, in the attached file is what I got.
The package is DroidFS-v2.1.2-universal.apk, directly downloaded from here.
(Just tried DroidFS-v2.1.3-universal.apk - same behaviour.)
Yes, all the ciphers and password lenghts (empty password, 1,3,8, 10 character) I tried failed.
Thank you very much. The only relevant line I spot in the provided logs is the following:
I think cryfs is failing to allocate enough memory for the scrypt derivation of the password.
How much memory does your device have? Are you using memory-hungry applications at the same time as DroidFS?
Are you using any special memory features from your ROM or other applications (such as memory usage constraints)?
At the moment of writing: 3 Gb total memory, 1.7 Gb used.
What did you say? ;-)
Smartphone related: I'm an ordinary, dumb user and I don't do anything unusual. Usually there are browser (Vivaldi), messenger (Threema), non-root firewall and e-mail client napping in the background.
How many processor cores does your device have?
Can you try to close all running applications (force close if necessary), then try again to create a cryfs volume?
On my 8-core device, DroidFS memory usage increases to around 600 MB during CryFS password derivation. You can run
top
in a terminal on your device (or overadb
) to see how much memory DroidFS is using (check theRES
column).I managed to free about 100 Mb of RAM killing whatever I saw - nothing changed. Memory used by the droidFS process never exceeds 130 Mb, as long as I can see it in
top
. I'm attaching a screenshot. My device has 4 processor cores.Does this also happen when opening an existing cryfs volume? (For example, creating a volume with the original cryfs program on the desktop, then trying to open it with DroidFS).
Can you try to reproduce the bug with gocryptfs, by editing the scrypt parameters in the
gocryptfs.conf
file? The default parameters used by cryfs are:However, gocryptfs doesn't allow
r
to be less than 8. Maybe you could try with:Please excuse my extreme delay!
Yes, but the error is different: "Open failed. Unknown error code: 0"
This particular volume was created on fairly modern phone, 8 cores/8 gigs RAM, using the DroidFS itself. I'm attaching the log captured (01-11_20-12-55.log)
I tried using the second set of parameters (those with "r": 8), and I got a DroidFS crash - all the three log files I obtained are attached too. I hope they can provide some information.
I'm standing by for any further assistance.
Interesting. The logcat when opening a volume shows the same error:
If it crashed with gocryptfs then it's definitely a scrypt issue. Unfortunately, CryFS has not be designed to run on mobile devices and there are no ways to change the scrypt parameters at the moment. However, this is a TODO feature in DroidFS. When implemented, you will be able to reduce CryFS scrypt parameters and so create CryFS volumes.
Corresponding CryFS issue: https://github.com/cryfs/cryfs/issues/349
Can't create CryFS encrypted volumeto Can't create CryFS encrypted volume due to high memory usageDroifFS 2.2.0 fdroid v8a
OnePlus CPH2399 EEA
Android 14
This morning I had a similar issue: "DroidFS has not created the vault" or something similar statement.
I was unable to create a new CryFS vault. To solve the issue I had to delete the app cache, but even after the cache deletion, the vault opening is enough slow (it is empty).
Another question, I am not a developer.
Is it safe posting here a logcat file?
Yes that's because CryFS use way more costly KDF parameters by default. It should also be noticeable on desktop with gocryptfs vs CryFS.
If it contains DroidFS logs only yes it's mostly safe. Otherwise, you can just look at it to check if it contains some information you don't want to share. You can also send it to me encrypted with my PGP key.
My email provider is Tuta. Currently it doesn't allow PGP/GPG encryption. It allows me to negotiate an encryption key with my recipient.
In the case I have to send something to you I must to find a safe way to send you this key.
I use SimpleX Chat as well.
you can just look at it to check if it contains some information you don't want to share.
Maybe this action it is difficult for my IT level.
You don't need an email provider to use PGP. Just run
gpg -ear B64EFE86CEE1D054F0821711AFE384344A45E13A < logcat.txt
in a terminal and paste the output here. If you prefer GUI, you can use something like Kleopatra, Gpg Frontend or KGpg.Some app to do this in Android with GUI?
https://f-droid.org/en/packages/org.sufficientlysecure.keychain/
This is my fingerprint:
9f0c81a847e64d90d6182b6d6c6f2f9ab75dc9b1
Your message is not encrypted with my PGP key. Here it is:
My fingerprint:
I put B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A in the red field?
Yes, but you first have to import my key into the app. If it doesn't work try to type my email instead.
Can you read my message now?
-----BEGIN PGP MESSAGE-----
wV4DBoNzfWHIDWUSAQdAMI1JX8wRzRPL8r2uM8egilz+oR5VtNEks96mV+Ok1z4w
t5yn8XX6aywh8aPDo9QnJ67HanpPUmiLQVwJZeFX+WwjySIplkUGq02RsT30uq4n
wV4DrDY38VOwTTgSAQdAVB2PAc1GC3VqVLf7mxMCPdi+hz7vpMz3h7HHrEIFs3sw
7tQ6P1GRm+c3G767FZzB8x6xRPWVez74dFSqxSYmzvWAi2gw+wc+lx2mBxQki5oP
0sAIAaIQd57PgyYRocFZUKhqiV2WbcCPagEp9cvT/8YfuSYG5UZTBd/fl746qGZ9
EB7Fq8lrrGoodTcI57Z4lxi8XkoKV0TSkK6tSetBlQZKioxcBkd4SAyh0yQYP5p9
TBpSb1PpoTOQUh/ybQw9cosP7SI9T0vo9ZtSeS7HtX4qeTvF9iSVDfH9jeQv3SdM
9kWEURlmsuVJ+VsxsGT1FZInqSwkW1e6A3mSCLjWj0WeoTEbJhKgfthCmBKrwV7U
LbobvsvxWhwHRoQ=
=/tEr
-----END PGP MESSAGE-----
Yes I can read it. Congratulations!
I didnt understand the relation between PGP public bloc and fingerprint.
If have I to write secretly to a developer I have to provide him just the pub bloc, just the fingerprint or both?
What you call the PGP public block is the full PGP key, needed to perform encryption. The fingerprint is just the hash of the key, used to identify the key and check it's the correct one. It's derived from the full key.
If you want to send an encrypted PGP message to someone, you need their full PGP key. However, if their key has been uploaded to a keyserver like keyserver.ubuntu.com, you can download it with their email or fingerprint. For example:
The second server there wasn't. I added it manually now (reading your message).
I encountered an issue creating a CryFS encrypted volume because of high memory usage. This problem has been logged as #23. It’s essential to troubleshoot memory allocation, ensuring that resources are optimally used, much like strategizing in wordle unlimited where every guess counts. Let’s seek a resolution to enhance performance for a smoother experience!
It seems the high memory usage is causing issues with creating the CryFS encrypted volume. Just like navigating through difficult levels in moto x3m, troubleshooting requires careful planning. Whether you're racing through obstacles or managing system resources, find a solution to optimize memory for a smoother experience. Let's tackle this challenge efficiently!