[CSHARP-573] Change MD5 Hash for Machine Key to Something FIPS Compliant Created: 17/Sep/12  Updated: 18/Jun/20  Resolved: 22/Jun/15

Status: Closed
Project: C# Driver
Component/s: None
Affects Version/s: 1.6
Fix Version/s: 2.0

Type: Improvement Priority: Minor - P4
Reporter: Craig Wilson Assignee: Craig Wilson
Resolution: Done Votes: 3
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Gantt Dependency
has to be done after SERVER-2360 Add a stronger password authenticatio... Closed
Related
related to CSHARP-1703 SCRAM-SHA-1 fails on FIPS machines Closed
is related to CSHARP-1331 Use of SHA256Managed is not FIPS comp... Closed
is related to SERVER-6977 Support for alternative hashing algor... Closed
Backwards Compatibility: Minor Change

 Description   

See SERVER-6977 for reasons.



 Comments   
Comment by Craig Wilson [ 22/Jun/15 ]

Since we've actually solved the problem identified by this ticket, I've opened CSHARP-1331 to track this need.

Comment by Craig Wilson [ 22/Jun/15 ]

Apparently, we changed MD5 for SHA256Managed which, while SHA-256 is FIPS compliant, this particular implementation hasn't been validated. We need to change to using the SHA256CryptoServiceProvider instead, which is FIPS validated.

Comment by Jeremy Herman [ 22/Jun/15 ]

I'm still seeing this error. Any advice?

2015-06-22 09:50:04 ERROR - System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
   at System.Security.Cryptography.SHA256Managed..ctor()
   at MongoDB.Driver.PasswordEvidence.GenerateDigest(SecureString secureString)
   at MongoDB.Driver.PasswordEvidence..ctor(SecureString password)
   at MongoDB.Driver.MongoCredential.FromComponents(String mechanism, String source, String username, String password)
   at MongoDB.Driver.MongoClientSettings.FromUrl(MongoUrl url)
   at MongoDB.Driver.MongoClient..ctor(MongoUrl url)

Comment by Githook User [ 17/Apr/14 ]

Author:

{u'username': u'craiggwilson', u'name': u'Craig Wilson', u'email': u'craiggwilson@gmail.com'}

Message: CSHARP-573: changed the machine part of an ObjectId to come from the hash code of the machine name instead of the MD5 hash, which was causing issues in FIPS compliant organizations.
Branch: master
https://github.com/mongodb/mongo-csharp-driver/commit/f52547be87f99f0f933b6ad53d2967cfbbd9eb35

Comment by Craig Wilson [ 25/Sep/13 ]

If this is a new project, then another option is to not use ObjectIds and instead use Guids. We'll keep your needs in mine and perhaps accelerate a fix for this.

Comment by Paul Judson [ 25/Sep/13 ]

Understood - that doesn't relate to how we are using Mongo so I didn't think of that. I think it was mentioned in the original thread for this that it would be nice to have a configuration setting that could be used so if a client wanted to use a Mongo supplied FIPS algorithm they could - so have two code paths that depend on the configuration setting.

That would allow people who wanted to accept the side-effects to do so. For us it would be a big win because we have federal customers who require FIPS. As a short term fix we are hoping they will accept us using the .NET configuration to ignore FIPS since the MD5 is only for generating unique ids and not for anything security related.

Comment by Craig Wilson [ 25/Sep/13 ]

ObjectId provides access to the individual components. We don't necessarily compare them internally, but it is potentially useful to determine if 2 documents were created on the same machine. Unless we switch to a hash that generates the first 3 bytes identically to how MD5 does, then it is no longer possible to do this. Probably not a large concern, but it is one. In addition, other drivers also use MD5 to generate the machine hash, so we'd no longer be generating identical ObjectIds. Again, not sure how important this is.

Comment by Paul Judson [ 25/Sep/13 ]

The hash is only used to generate new IDs so I'm not sure I understand where you would be comparing an existing ID with a newly generated one (I may be missing your point here). Also, the method is just returning the first 3 bytes of the hash as part of the generation process so as long as the new hash algorithm still generated a relatively unique first 3 bytes I'm not sure there would be much difference from the client's point of view.

Comment by Craig Wilson [ 25/Sep/13 ]

MD5 is used in two places in the driver, one for calculating the Machine Hash and one for authentication. As long as you aren't using authentication, then changing the Machine hash to something other than MD5 will allow compliance with FIPS.

The problem with changing MD5 in the has has to do with loading up ObjectIds that were created before the change. The same machine will have 2 different hashes and thus comparing 2 ObjectIds becomes hit or miss.

Thoughts?

Comment by Paul Judson [ 25/Sep/13 ]

I have a question about this change. Is this directed at the method GetMachineHash in the default constructor of ObjectId()?

We don't use authentication but obviously any time you want to let Mongo generate a new ID it eventually calls that default constructor which throws an exception.

It doesn't sound to me like this would be related to authentication with the server but if it is I would like to understand how.

The reason I'm asking is it seems like changing just this method wouldn't require a server change since all it's being used for is generating a unique ID and we were hoping we might get a fix for this sooner than the next stable server release.

Thanks,

Paul

Generated at Wed Feb 07 21:37:14 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.