436290 – Opening vault is really slow even with small data

Bug 436290 - Opening vault is really slow even with small data

Summary: Opening vault is really slow even with small data

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Plasma Vault
Classification:	Plasma
Component:	general (show other bugs)
Version:	unspecified
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Ivan Čukić

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-04-28 01:51 UTC by medin
Modified:	2021-05-07 10:37 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description medin 2021-04-28 01:51:23 UTC

Opening vault (CryFS) takes really long time to open even small enrypted data folder compared to how Veracrypt open fast huge encrypted volume.

Operating System: Manjaro Linux
KDE Plasma Version: 5.21.4
KDE Frameworks Version: 5.81.0
Qt Version: 5.15.2
Kernel Version: 5.4.112-1-MANJARO
OS Type: 64-bit
Graphics Platform: X11

Comment 1 dauntless 2021-05-06 18:50:31 UTC

Can confirm the same experience in Kubuntu, and this makes Vaults unusable when I tested with a 60GB Vault.

Comment 2 Ivan Čukić 2021-05-06 20:06:11 UTC

CryFS has some performance issues. This should be reported upstream again.

There is currently an open bug report for large volumes [1] where the comment was that it might be slow because cryfs splits everything into 32k files (though, on my system it looks like the default is 16k).

This could, I guess, be a valid reason for large volumes to be slow, but not for the small ones.

It could be a solution to use the gocryptfs backend instead (had no slowness reports in Vault yet for that one), or encfs if you don't plan to sync the data to a cloud (I'm using encfs for ages now for several large volumes without any issues).

@dauntless

Vaults have been designed to cover many-small-encrypted-containers instead of the one-huge-container use-case.

If you want to keep all files on an encrypted drive, I'd advise to go for full-disk encryption or something like Tomb [2].

At some point, I created a Tomb backend for Vaults, but never merged it as Tomb requires some interaction with sudo which is a problem I haven't found a satisfying solution to yet except forcing the user to edit sudoers to allow running sudo tomb without entering a password.

[1] https://github.com/cryfs/cryfs/issues/346
[2] https://www.dyne.org/software/tomb/

Comment 3 dauntless 2021-05-07 08:22:16 UTC

Ah I wasn't aware it used such small fixed-size chunking, that would explain the performance. I'll try gocryptfs instead then, thanks for the help.

Comment 4 Ivan Čukić 2021-05-07 09:28:20 UTC

Please report back if gocryptfs is up to the task. I liked the way cryfs is developed, and how open the author is to requests, but this would be a second big plus for making gocryptfs the default in Vault.

Comment 5 dauntless 2021-05-07 10:37:30 UTC

Yeah my large vault works great with gocryptfs, no complaints so far. After researching the different encryption backends some more I'd be in favour of making it the default also, because it's EncFS without the security vulnerabilities and it's much more performant than CryFS. The additional security is likely not worth how much user experience can get degraded for most people.

I also found a similar GitHub issue[1] to the one you linked, which describes the performance issue as well as a solution for it but it hasn't been actioned despite the author sounding open to adding the feature 5 years ago. 

[1] https://github.com/cryfs/cryfs/issues/70