SUMMARY I have a system with 16 GiB of RAM. I just found myself with 13 GB used and I tried to open a vault. The whole system crashed because it ran out of memory. Considering the vault is just a few kilobytes (it only stores a few .txt files), I do not think such high memory requirements are justified. STEPS TO REPRODUCE 1. Try to open a Plasma vault OBSERVED RESULT If you have less than 4 GB of free RAM, the system starts closing down applications, potentially ending the whole session. EXPECTED RESULT The vault is opened even in low-memory situations or, if this is not possible, the user is alerted that there is not enough free memory. SOFTWARE/OS VERSIONS Linux: KDE neon KDE Plasma Version: 5.27.1 KDE Frameworks Version: 5.103.0 Qt Version: 5.15.8 ADDITIONAL INFORMATION
What encryption backend is your vault using? What process exactly uses up all the memory when you unlock the vault?
(In reply to Nate Graham from comment #1) > What encryption backend is your vault using? > > What process exactly uses up all the memory when you unlock the vault? I'm using cryfs. I've just tested this, and it's the cryfs process taking up all the memory. It seems like this is intentional: https://github.com/cryfs/cryfs/issues/335#issuecomment-652338744 Cryfs is currently the default (it's the first on the list) when creating a new vault. It would be good to inform the user of this limitation, as it seems like it is intentionally made to use 4 GB of RAM: this makes it impossible to use it on devices with 4 GB of RAM or less. From my limited testing, gocryptfs appears to use a lot less memory while providing similar (if not even better) performance.
Thanks for reporting this. I guess it is time to rethink the backends and whether to have a default... I like cryfs security-wise, but it was a pain point for a few times now...
cryfs slow browsing is still a problem for Plasma 6.3.5, it can't even handle a small folder containing 10gb of data, gocryptfs is much faster, but I don't know if it's safer than cryfs.
(In reply to medin from comment #4) > cryfs slow browsing is still a problem for Plasma 6.3.5, it can't even > handle a small folder containing 10gb of data, gocryptfs is much faster, but > I don't know if it's safer than cryfs. It is as safe as cryfs, there are some differences in implementation that make it more or less suitable for the encryption of individual files and folders, but that is not an issue with Vaults. There is no practical downside to using it.
(In reply to Riccardo Robecchi from comment #5) > (In reply to medin from comment #4) > > cryfs slow browsing is still a problem for Plasma 6.3.5, it can't even > > handle a small folder containing 10gb of data, gocryptfs is much faster, but > > I don't know if it's safer than cryfs. > > It is as safe as cryfs, there are some differences in implementation that > make it more or less suitable for the encryption of individual files and > folders, but that is not an issue with Vaults. There is no practical > downside to using it. I found this page https://www.cryfs.org/comparison It seems that cryfs split the whole data and hides its structure and metadata which makes it more suitable for uploading to cloud storages. But for local storage I think others are more suitable to adopt.
In Plasma 6.4, only Gocryptfs is supported for new vaults, effectively fixing this automatically. Cryfs and Encfs vaults created in the past can still be used, but new ones have to be Gocryptfs, and it wouldn't be a bad idea to migrate your old vault content to a new Gocryptfs fault, too.