Hi,
dovecot does not work with ENCRYPT_METHOD YESCRYPT and YESCRYPT_COST_FACTOR=11. I have tested with 2.4.2-4 and 2.3.21.1-4 on endeavouros.
When changing YESCRYPT_COST_FACTOR to 11 in /etc/login.defs and recreacting the user password for my user and restarting the dovecot service I get:
doveadm auth test matthias
Password: passdb: matthias auth failed extra fields: user=matthias
When reverting the change to YESCRYPT_COST_FACTOR=5 it works again:
doveadm auth test matthias
Password: passdb: matthias auth succeeded extra fields: user=matthias
I have tested this back and forth. The culprit is definitely a high value for YESCRYPT_COST_FACTOR. A value of 7 is still good but a value of 9 or 11 fails.
Matthias
Am Freitag, dem 09.01.2026 um 10:30 +0100 schrieb Matthias Bodenbinder via dovecot:
Hi,
dovecot does not work with ENCRYPT_METHOD YESCRYPT and YESCRYPT_COST_FACTOR=11. I have tested with 2.4.2-4 and 2.3.21.1-4 on endeavouros.
When changing YESCRYPT_COST_FACTOR to 11 in /etc/login.defs and recreacting the user password for my user and restarting the dovecot service I get:
doveadm auth test matthias
Password: passdb: matthias auth failed extra fields: user=matthias When reverting the change to YESCRYPT_COST_FACTOR=5 it works again:
doveadm auth test matthias
Password: passdb: matthias auth succeeded extra fields: user=matthias
I have tested this back and forth. The culprit is definitely a high value for YESCRYPT_COST_FACTOR. A value of 7 is still good but a value of 9 or 11 fails.
Can it be that this problem has to do with
#define AUTH_FAILURE_DELAY_CHECK_MSECS 500
in auth-request-handler.c ?
Increasing the YESCRYPT_COST_FACTOR for the password hashing will certainly extend the time of the pam auth process.
Matthias
participants (1)
-
Matthias Bodenbinder