therealromster / cryptsetup

Automatically exported from code.google.com/p/cryptsetup
GNU General Public License v2.0
0 stars 0 forks source link

Very slow to luksOpen with libgcrypt 1.6.0 #199

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
With cryptsetup compiled against libgcrypt 1.6.0 it is *much* slower to 
luksOpen a device. This is noticable when using a keyfile (maybe due to the 
length of the passphrase then?), where the operation could take a few minutes 
now (where it used to be pretty much instant).

Running with --debug, I noticed the delay occured between the two following 
messages:
# Trying to open key slot 1 [ACTIVE].
# Reading key slot 1 area.

Which came down to the crypt_pbkdf() function. I'm not sure if this is a bug in 
libgcrypt or what, nor where the problem/slowness is located, that's above my 
paygrade. But it does make cryptsetup much slower.

As a workaround for now I compiled it using the internal pbkdf2 function (as 
with older versions of libgcrypt) so I can luksOpen as fast as I used to. This 
required a little patch in configure.ac since --disable-gcrypt-pbkdf2 isn't 
actually supported, it might be a good idea though.

Hopefully someone more knowledgeable can look into this more and find a 
fix/fill a bug on libgcrypt.

What steps will reproduce the problem?
1. Compile cryptsetup using libgcrypt 1.6.0
2. luksOpen a device with a keyfile
3. Go get a coffee or something.

What version of the product are you using? On what operating system?
cryptsetup 1.6.3 w/ libgcrypt 1.6.0 on Arch Linux x86_64. Same thing in a VM 
running Arch i686 (same versions).

Original issue reported on code.google.com by i.am.jac...@gmail.com on 15 Jan 2014 at 5:40

Attachments:

GoogleCodeExporter commented 9 years ago
Yes, it is bug in libgcrypt. My fix for that was accepted yesterday, see
https://bugzilla.redhat.com/show_bug.cgi?id=1051733

Adding --disable-gcrypt-pbkdf2 is in this situation perhaps good idea.

Original comment by gmazyl...@gmail.com on 15 Jan 2014 at 6:06

GoogleCodeExporter commented 9 years ago
Patch added to git
http://code.google.com/p/cryptsetup/source/detail?r=aa7346bb3639529a69c9a151a6e0
bf3f2c7054aa

btw there was a typo (yes instead of xyes) so your code disabled it always :)

Thanks. (I hope gcrypt will release fix but for now it must be manually 
disabled...)

Original comment by gmazyl...@gmail.com on 15 Jan 2014 at 7:11

GoogleCodeExporter commented 9 years ago

Original comment by gmazyl...@gmail.com on 18 Jan 2014 at 12:20