Hi all, Thanks for the bug report.
Okay I've tracked this down. It helped quite a bit to see that it's mostly Atom processors (eee pc's, and netbooks). This is totally a function of eCryptfs' key strengthening mechanism. For more information about key strengthening, see: * http://en.wikipedia.org/wiki/Key_strengthening The goal here is to make your eCryptfs keys as strong as possible. In the course of generating your fekek (file encryption key encryption key -- see the ecryptfs source code for more details), we perform a has iterative sha512 hash ~65,000 times. This is a non-trivial operation, and it's intended to make brute force attacks against your passphrases 65,000 times harder. While many desktop/laptop/server CPU's can do this key strengthening in about ~1 second, it's taking a bit longer on lower power processors. Unfortunately, this is not something we're going to be able to solve without breaking the ABI/API of eCryptfs. We would need two different versions--a weak-key and a normal key mode. I doubt we're going to solve this any time soon. I'm going to have to mark this "won't fix" for now. Sorry! :-Dustin ** Changed in: ecryptfs-utils (Ubuntu) Status: New => Won't Fix -- pam_encryptfs.so causes authentication to be slow https://bugs.launchpad.net/bugs/295429 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in “ecryptfs-utils” source package in Ubuntu: Won't Fix Bug description: Binary package hint: ecryptfs-utils I have the encrypted ~/Private enabled. In /etc/pam.d/common-auth is the line: auth optional pam_encryptfs.so unwrap If that line is commented out, then doing something like 'sudo ls' is instantanious after I enter my password. If that line is not commented out (like normal), 'sudo ls', or anything else involving my password such as logging in, and unlocking the screensaver take about 4 or 5 seconds longer than they need to. The following is also syslogged. I'm not sure if it's relevant or not, but that 5 second delay seems to be the pause that occurs. Nov 8 17:33:00 gulik sudo: pam_sm_authenticate: Called Nov 8 17:33:00 gulik sudo: pam_sm_authenticate: username = [robin] Nov 8 17:33:00 gulik sudo: Error attempting to parse .ecryptfsrc file; rc = [-5] Nov 8 17:33:00 gulik sudo: Unable to read salt value from user's .ecryptfsrc file; using default Nov 8 17:33:05 gulik sudo: Passphrase key already in keyring Nov 8 17:33:05 gulik sudo: Error attempting to add passphrase key to user session keyring; rc = [1] Nov 8 17:33:05 gulik sudo: There is already a key in the user session keyring for the given passphrase. This doesn't seem to impair the functionality, but it is a little bit annoying. _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
