# blowfish passwords and roundcubemail



## pacija (Jan 20, 2013)

Since I changed dovecot's password scheme from MD5 to Blowfish, roundcube login times increased from instant to more than a second. Also, clicking on every message in roundcube's message list takes more than a second to display its contents. top shows CPU usage increase to up to 100% for root user, auth process.

Is there a way to improve this besides giving more CPU power?


----------



## chatwizrd (Jan 21, 2013)

Shouldnt you be asking roundcube?


----------



## xtaz (Jan 23, 2013)

Roundcube is just a web front end to the dovecot IMAP server. Unfortunately due to the fact the IMAP connections are not persistent as it's a web based application it means every time you click on something new it needs to log in to the IMAP server again.

Basically your dovecot login times have now increased because you changed it from MD5 to Blowfish. The easy workaround will be to revert back to MD5! You don't say what your hardware is so can't really say if it's under-powered or not. If it is, then change the hardware. If it's not then you need to talk to the Dovecot people to see if you can debug why it's taking so long.


----------



## pacija (Jan 24, 2013)

xtaz said:
			
		

> You don't say what your hardware is so can't really say if it's under-powered or not.



It is VM in ESXi5.1, has 2 vCPUs and 1Gb of RAM. Underlying metal is HP ProLiant DL320 with 8Gb of RAM. It does not look busy, except for processor spikes while authenticating blowfish. I reverted to MD5 and it authenticates in an eyeblink now.

Now I have another problem - I would like to integrate Openfire XMPP server to use same credentials as current wordpress, dovecot and postfix. Unfortunately it is not so easy, as Openfire can do only plain MD5 hashes, while wordpress 'upgrades' plain MD5 on first user login by salting it, and after that Openfire can no more authenticate.

Guess I need to open new thread...


----------

