Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-1073

updates scram.js hi() algorithm to utilize crypto.pbkdf2Sync()

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Fixed
    • Affects Version/s: 2.2.29
    • Fix Version/s: None
    • Component/s: MongoDB 3.2, MongoDB 3.4
    • Labels:

      Description

      From github pull request https://github.com/christkv/mongodb-core/pull/184 .

      This pull request fixes a few different issues.

      The previous hi() algorithm was basically a manually written version of crypto.pbkdf2Sync(). My guess is that this library predates the addition of that method in Node v0.9.3. That method in crypto is a C++ native algorithm so it's able to perform the computations dramatically faster. In example on my machine, the previous hi() algorithm would take around 200-300ms while the same pbkdf2Sync version only takes around 12ms.

      The hi() function is deterministic in the sense that for the same arguments you get the same result back, always. The reason this matter is that when using hi() each worker in the pool will call hi() with the exact same arguments. That means it's doing the same computationally intense call for each worker in the pool even though all of them will utilize the same resulting string. In this fork I'm storing the result of the previous call so that way it only performs the computation once per boot.

      After the clientFinal generation it appears there was some left-behind code. // Generate server key and // Generate server signature. Neither of those calls appears to have their result used anywhere in the rest of the function. Removing them appears to have no regression.

      If you have questions let me know. Thanks.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sebastian.hallumclarke Sebastian Hallum Clarke
              Reporter:
              owenallenaz Owen Allen
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: