Uploaded image for project: 'Motor'
  1. Motor
  2. MOTOR-194

SCRAM-SHA-256 Support

    • Type: Icon: New Feature New Feature
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 2.0
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None

      The next version of MongoDB will include SCRAM-SHA-256 as an authentication type. This is defined in RFC 7677. The sample conversation from the RFC is:

       This is a simple example of a SCRAM-SHA-256 authentication exchange... The username
         'user' and password 'pencil' are being used
      
         C: n,,n=user,r=rOprNGfwEbeRWgbNEkqO
      
         S: r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,
            s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096
      
         C: c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,
            p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=
      
         S: v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=
      

      In advance of updates to the Auth spec, which will include additional details of mechanism negotiation and user/password normalization (see DRIVERS-444), all drivers should take steps now to ensure their SCRAM libraries are capable of operating in SHA-256 mode, using the sample conversation for verification. (You'll need for force the client nonce to be "rOprNGfwEbeRWgbNEkqO" for the test conversation to work.)

            Assignee:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Reporter:
            rathi.gnanasekaran Rathi Gnanasekaran
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: