[SERVER-2360] Add a stronger password authentication scheme (replace md5 with sha?) - MongoDB

XML

Word

Printable

Details

Type: New Feature
Status: Closed
Priority: Minor - P4
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.7.7
Component/s: Security
Labels:
None

Epic Link:
scram

Description

Add a stronger authentication scheme, ideally something certificate-based. The current protocol for password authentication using Md5 looks reversible via rainbow (not confirmed).

Attachments

Issue Links

has to be done before

CSHARP-573 Change MD5 Hash for Machine Key to Something FIPS Compliant

Closed

is depended on by

SERVER-7648 Support Use of FIPS 140-2 Compliant Crypto Library

Closed

is related to

SERVER-7596 Support SCRAM-SHA-1 SASL Mechanism

Closed

related to

SERVER-9058 Use FIPS-140-2 Approved Pseudorandom Number Generator for SecureRandom

Open

Activity

People

Assignee:: Andreas Nilsson

Reporter:: Daniel Doubrovkine

Participants:: Andreas Nilsson, Daniel Doubrovkine, Dave Curylo, David Hows, Dwight Merriman, Jan Paul Ettles, Tim

Votes:: 6 Vote for this issue

Watchers:: 23 Start watching this issue

Dates

Created:: Jan 14 2011 05:37:05 PM UTC

Updated:: Jul 12 2016 12:19:32 AM UTC

Resolved:: Sep 12 2014 03:29:34 PM UTC