search

FiloSottile / age

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
https://age-encryption.org
BSD 3-Clause "New" or "Revised" License
15.75k stars 475 forks source link

Latest release spins CPU #493

Open notramo opened 1 year ago

notramo commented 1 year ago

On Void Linux musl, age 1.1.1 infinitely spins CPU when using password encryption.

rumpelsepp commented 1 year ago

Can confirm this. Decrypting a small textfile with one line takes up to 5 minutes. I traced this down to this: https://github.com/FiloSottile/age/blob/8e3f74c283b2e9b3cd0ec661fa4008504e536d20/scrypt.go#L163

FiloSottile commented 1 year ago

Interesting, I don't think we changed anything related to scrypt in this release. Did you maybe update the Go version at the same time? What happens if you build age v1.1.1 with an older version of Go?

rumpelsepp commented 1 year ago

I did a few tests yesterday, I downgraded the crypto package a few times. The problem stayed the same and was reproducible. Currently, I am not suffering from this problem any more, because I did a sysupgrade and rebooted my system. :open_mouth: I will try a different go version once it reappears.

FiloSottile commented 1 year ago

because I did a sysupgrade and rebooted my system

Huh!

If anyone else can reproduce it, I would love to get the binary and uname -a output, so I can try to track it down.