Cache SCRAM ClientKey and ServerKey

XMLWordPrintableJSON

    • Type: Improvement
    • Resolution: Fixed
    • Priority: Major - P3
    • 3.7
    • Affects Version/s: None
    • Component/s: Auth
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Per RFC5802:

      Note that a client implementation MAY cache ClientKey&ServerKey (or just SaltedPassword) for later reauthentication to the same service, as it is likely that the server is going to advertise the same salt value upon reauthentication. This might be useful for mobile clients where CPU usage is a concern.

      We should use the hash name as part of the cache key, for future compatibility if / when we add some new version of SCRAM.

            Assignee:
            Bernie Hackett
            Reporter:
            Rathi Gnanasekaran (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: