Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-26952

Cache SCRAM-SHA-1 ClientKey

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.2.16, 3.4.4, 3.5.3
    • Component/s: Internal Client
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Backport Requested:
      v3.4, v3.2
    • Sprint:
      Platforms 2017-03-27
    • Case:

      Description

      SCRAM-SHA-1, by design, consumes a great deal of CPU resources while performing authentication. This can be a problem while populating connection pools, where many clients are authenticating at once. Fortunately, most of the expensive computations of SCRAM can be reused across multiple authentication requests. RFC5802 makes provisions for this:

      Note that a client implementation MAY cache ClientKey&ServerKey (or just SaltedPassword) for later reauthentication to the same service, as it is likely that the server is going to advertise the same salt value upon reauthentication. This might be useful for mobile clients where CPU usage is a concern.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                15 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: