Hello John, I have answered in more detail in another email.
After reading a lot more about this topic I believe it is not a timeout issue but more of a memory allocation issue. E.g.: https://www.openwall.com/lists/yescrypt/2024/03/20/2 In the above thread it is claimed that: The value 11 results in 1 GiB memory usage That is a lot. I will refrain from using that. I will go for a value of 7. That is good enough. Kind Regards Matthias Am Freitag, dem 16.01.2026 um 14:16 +0100 schrieb John Fawcett via dovecot: > Hi Matthias > > I'm pretty sure that this value (AUTH_FAILURE_DELAY_CHECK_MSECS) is the > delay that Dovecot waits after the failure before reporting it, so not > really relevant since the failure has already happened when that comes > into play. > > Out of curiosity, when you do the test that fails, how long did it take > before it failed? > > Maybe there is a timeout configured in pam (e.g. LOGIN_TIMEOUT in > login.defs) or elsewhere. > > John > > > On 11/01/2026 10:11, Matthias Bodenbinder via dovecot wrote: > > Am Freitag, dem 09.01.2026 um 10:30 +0100 schrieb Matthias Bodenbinder via > > dovecot: > > > Hi, > > > > > > dovecot does not work with ENCRYPT_METHOD YESCRYPT and > > > YESCRYPT_COST_FACTOR=11. > > > I have tested with 2.4.2-4 and 2.3.21.1-4 on endeavouros. > > > > > > When changing YESCRYPT_COST_FACTOR to 11 in /etc/login.defs and > > > recreacting the user > > > password for my user and restarting the dovecot service I get: > > > > > > # doveadm auth test matthias > > > Password: > > > passdb: matthias auth failed > > > extra fields: > > > user=matthias > > > > > > When reverting the change to YESCRYPT_COST_FACTOR=5 it works again: > > > > > > # doveadm auth test matthias > > > Password: > > > passdb: matthias auth succeeded > > > extra fields: > > > user=matthias > > > > > > > > > I have tested this back and forth. The culprit is definitely a high value > > > for > > > YESCRYPT_COST_FACTOR. A value of 7 is still good but a value of 9 or 11 > > > fails. > > > > Can it be that this problem has to do with > > > > #define AUTH_FAILURE_DELAY_CHECK_MSECS 500 > > > > in auth-request-handler.c ? > > > > Increasing the YESCRYPT_COST_FACTOR for the password hashing will certainly > > extend the > > time of the pam auth process. > > > > Matthias > > > > _______________________________________________ > > dovecot mailing list [email protected] > > To unsubscribe send an email [email protected] > Hi Matthias > > I'm pretty sure that this value (AUTH_FAILURE_DELAY_CHECK_MSECS) is the > delay that Dovecot waits after the failure before reporting it, so not > really relevant since the failure has already happened when that comes > into play. > > Out of curiosity, when you do the test that fails, how long did it take > before it failed? > > Maybe there is a timeout configured in pam (e.g. LOGIN_TIMEOUT in > login.defs) or elsewhere. > > John > > On 11/01/2026 10:11, Matthias Bodenbinder via dovecot wrote: > > Am Freitag, dem 09.01.2026 um 10:30 +0100 schrieb Matthias Bodenbinder via > dovecot: > > Hi, > > dovecot does not work with ENCRYPT_METHOD YESCRYPT and > YESCRYPT_COST_FACTOR=11. > I have tested with 2.4.2-4 and 2.3.21.1-4 on endeavouros. > > When changing YESCRYPT_COST_FACTOR to 11 in /etc/login.defs and recreacting > the user > password for my user and restarting the dovecot service I get: > > # doveadm auth test matthias > Password: > passdb: matthias auth failed > extra fields: > user=matthias > > When reverting the change to YESCRYPT_COST_FACTOR=5 it works again: > > # doveadm auth test matthias > Password: > passdb: matthias auth succeeded > extra fields: > user=matthias > > > I have tested this back and forth. The culprit is definitely a high value for > YESCRYPT_COST_FACTOR. A value of 7 is still good but a value of 9 or 11 > fails. > > > Can it be that this problem has to do with > > #define AUTH_FAILURE_DELAY_CHECK_MSECS 500 > > in auth-request-handler.c ? > > Increasing the YESCRYPT_COST_FACTOR for the password hashing will certainly > extend the > time of the pam auth process. > > Matthias > > _______________________________________________ > dovecot mailing list -- [1][email protected] > To unsubscribe send an email to [2][email protected] > > References > > Visible links > 1. mailto:[email protected] > 2. mailto:[email protected] > _______________________________________________ > dovecot mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
