Loading...

XML

Word

Printable

JSON

Type: New Feature
Resolution: Done
Priority: Minor - P4
Fix Version/s: 2.7.7
Affects Version/s: None
Component/s: Security
Labels:
None

Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Add a stronger authentication scheme, ideally something certificate-based. The current protocol for password authentication using Md5 looks reversible via rainbow (not confirmed).

has to be done before

CSHARP-573 Change MD5 Hash for Machine Key to Something FIPS Compliant

Closed

is depended on by

SERVER-7648 Support Use of FIPS 140-2 Compliant Crypto Library

Closed

is related to

SERVER-7596 Support SCRAM-SHA-1 SASL Mechanism

Closed

related to

SERVER-9058 Use FIPS-140-2 Approved Pseudorandom Number Generator for SecureRandom

Backlog

Assignee:: Andreas Nilsson (Inactive)
Reporter:: Daniel Doubrovkine
Participants:: Andreas Nilsson, Daniel Doubrovkine, Dave Curylo, David Hows, Dwight Merriman, Jan Paul Ettles, Tim
Votes:: 6 Vote for this issue
Watchers:: 23 Start watching this issue

Created:: Jan 14 2011 05:37:05 PM UTC
Updated:: Jul 12 2016 12:19:32 AM UTC
Resolved:: Sep 12 2014 03:29:34 PM UTC

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates