This project has moved. For the latest updates, please go here.

veracrypt causes 100% cpu load when clicking on mount with default keyfile specified for ~30 seconds

Topics: Technical Issues
Oct 1, 2015 at 3:28 PM
Edited Oct 1, 2015 at 3:28 PM
Hi Support,

we use the current stable version of veracrypt 1.15 64-bit and so far, this software works.

Most of our clients are still using truecrypt, which we want to change - therefore our containers are still in truecrypt-format. Veracrypt has no problems so far opening this, which is great.

Our containers were created in the past with the need of an password and a keyfile. Both are needed to open our containers.

To make the mount comfortable, we specified the following default actions, so the user only has to type in the password:
  • Settings -> Default keyfiles -> Add our keyfile and checked the option "Use keyfiles"
  • Settings -> Default mount parameters -> Autodetection and checked the option "truecrypt mode"
Now, when we select the container file and a drive letter and click on "mount", veracrypt responds with this typical message about appearing unresponsive. Now our CPU load skyrockets to 100%, which makes many applications, that we use simultaneously, really unresponsive. This holds on for about 30 seconds, THEN the password dialog appears. When we type in the password, the mount-process is finished nearly in an instant.

However, if we go to Default keyfiles and UNCHECK the option "use keyfiles" and then click on mount again - the password dialog is there in an instant. Here we just check the option "use keyfiles" and type in the password and the mount process is complete.

So there seems so be a problem about the option "use keyfiles" in the default keyfile configuration.

We have now a workaround for this (users just have to check the option "use keyfiles" in the password dialog, in addition to type in the password) but i believe that this behavior is not intended, and therefore post this here.

Some notes:
  • this only happens, when we use a default keyfile AND check the option "use keyfiles" under Settings -> Default keyfile
  • it also happens on Veracrypt containers with a keyfile created by VeraCrypt - so it is not specific to truecrypt containers and its keyfile.
  • it also happens with all forms of Veracrypt containers, regardless of encryption type and regardless of keyfile length. I tested this for several hours.
  • It also makes no difference if i activate or deactivate the thread-based parallelization under Settings -> Peformance and Driver Options
  • Checking or unchecking "extended disk control codes support" does not change this behaviour also.
  • CPU is a i3-3110 M, RAM is 8 GB and drive is an 256 SSD -> this problem also happens on any other client in our environment with different specs.
Can someone verify this? Is there some setting that i miss to make it work? As i said, it is not such a bother to make that one click on the password dialog but i spent several hours to pin down that behaviour and i feel the need to post it here - and is hopefully fixed in a future version.

Thanks in advance!
Oct 1, 2015 at 8:42 PM
Edited Oct 1, 2015 at 8:48 PM
I can confirm this, of course.
I thought that was normal for veracrypt, though I never understood why it would take such a long time to even show the password dialog.

How can Veracrypt know which keyfile you want to use, if you just check "use keyfiles" without choosing one?

Edit: OK, I got it. You uncheck "use keyfiles" in the settings but still have a default file. Thanks for the workaround.
Now I have a couple of extra minutes to use each day for something more meaningful than waiting for the password dialog to appear. :-)
I would use Auto-mount but that takes even longer. Truecrypt only took about 1 Second...good times...
Oct 1, 2015 at 8:59 PM
Now that Arne001 has confirmed your findings, you should open a ticket in the issues section so this can be tracked for resolution in the future versus this thread disappearing into oblivion as newer threads occur on the forum. :-)

You can link to this thread while creating the issue after giving a brief description of the problem to save time.
Oct 2, 2015 at 7:48 AM
Arne001
Thank you for the confirmation. Yes, i leave my keyfile stay there as a default keyfile but i uncheck the option "use keyfiles" so it is not automatically checked in the password dialog. Glad i could help you with that workaround. :-)
Enigma2Illusion
Thank you, i opened a ticket, so the issue will not be forgotten. :-)

Best Regards

dkomander
Oct 2, 2015 at 12:24 PM
For people wanting to track the progress or vote-up the ticket:

https://veracrypt.codeplex.com/workitem/237
Coordinator
Oct 8, 2015 at 12:55 PM
This issue was fixed in version 1.16. here is quote of my comment on the issue ticket:
A new option was added in version 1.16 to address this issue.
What was happening is that when a default keyfile is configured, VeraCrypt was trying first to mount any volume with this keyfile and an empty password and only when it fails it displays the password prompt.

This behavior was inherited from TrueCrypt but users didn't notice it because TrueCrypt key derivation was almost immediate.

After installing VeraCrypt 1.16, VeraCrypt no longer tries to mount with an empty password when a default keyfile is configured. Thus, your issue will be solved automatically.

For those requiring an empty password with default key file, you have to explicitly check the option "Try first to mount with an empty password" in the menu "Settings -> Default Keyfiles". The screenshot below show this.
If you are using the command line, you can either specify an empty password explicitly or you can use the new switch "/tryemptypass y" documented here: https://veracrypt.codeplex.com/wikipage?title=Command%20Line%20Usage#tryemptypass

Image
Oct 9, 2015 at 11:02 PM
Thank you very much. You are doing a great job.