substract password verification time from delay between unsuccessful login/unlock and new login attempt
Submitted by David Jaša
Link to original bug (#723773)
Description
When user raises "rounds" count to sha512-crypt (of Fedora, add rounds=500000 next to "sha512" at pam_unix.so line in /etc/pam.d/system-auth-ac and regenerate password) and mistypes the password, the delay seems to be sum of actual password verification time and the delay added by gdm. If this is indeed the case, this extra delay annoys user for no extra benefit as the delay was already caused by extra time to verify password so there's no need to make it any larger.
Version: gdm-3.10.0.1-1 @ Fedora 20
Steps to reproduce:
- set up password verification to take non-negligible time, regenerate your password
- enter wrong password at login or unlock screen
Actual result: there seems to be fixed delay between announcing user the verification failure and making it possible to enter password again
Expected result: gdm ensures minimum delay between entering wrong password and enabling password prompt again; if password verification is shorter than the delay, gdm's artificial delay fills the gap, if password verification exceeds the delay, no delay is added by gdm
Version: 3.10.x