[DRIVERS-343] Cache SCRAM ClientKey Created: 07/Dec/16  Updated: 10/Sep/21  Resolved: 05/Dec/19

Status: Closed
Project: Drivers
Component/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Bernie Hackett Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on GODRIVER-46 Cache SCRAM-SHA-1 ClientKey Closed
depends on JAVA-2510 Cache SCRAM-SHA-1 ClientKey Closed
depends on RUST-60 Cache SCRAM ClientKey Closed
depends on CDRIVER-2150 Cache SCRAM-SHA-1 ClientKey Closed
depends on CSHARP-1977 Cache SCRAM ClientKey Closed
depends on CXX-1333 Cache SCRAM-SHA-1 ClientKey Closed
depends on MOTOR-167 Cache SCRAM-SHA-1 ClientKey Closed
depends on NODE-990 Cache SCRAM-SHA-1 ClientKey Closed
depends on PHPC-960 Cache SCRAM-SHA-1 ClientKey Closed
depends on PYTHON-1273 Cache SCRAM ClientKey and ServerKey Closed
depends on RUBY-1213 Cache SCRAM credentials Closed
Duplicate
is duplicated by DRIVERS-490 Document SCRAM credential caching in ... Closed
Related
related to CDRIVER-2539 SCRAM secrets should be cached by has... Closed
related to SERVER-26952 Cache SCRAM-SHA-1 ClientKey Closed
Case:
Driver Compliance:
Key Status/Resolution FixVersion
CXX-1333 Works as Designed 3.2.0-rc0
SCALA-302 Done 2.2.0
JAVA-2510 Fixed 3.8.0
CSHARP-1977 Fixed 2.9.0
CDRIVER-2150 Fixed 1.7.0
NODE-990 Fixed 3.0.0
RUBY-1213 Fixed 2.12.0.rc0
PYTHON-1273 Fixed 3.7
PHPC-960 Done 1.3.0
PERL-767 Fixed 2.0.0
GODRIVER-46 Fixed 0.0.1
MOTOR-167 Fixed 2.0
SWIFT-187 Won't Fix
RUST-60 Fixed 0.9.0-alpha

 Description   

The shell is going to cache and reuse ClientKey in 3.6. We should do the same in drivers. From SERVER-26952 ticket :

SCRAM, by design, consumes a great deal of CPU resources while performing authentication. This can be a problem while populating connection pools, where many clients are authenticating at once. Fortunately, most of the expensive computations of SCRAM can be reused across multiple authentication requests. RFC5802 makes provisions for this:

Note that a client implementation MAY cache ClientKey&ServerKey (or just SaltedPassword) for later reauthentication to the same service, as it is likely that the server is going to advertise the same salt value upon reauthentication. This might be useful for mobile clients where CPU usage is a concern.



 Comments   
Comment by Bernie Hackett [ 08/Mar/18 ]

Updated to make it clear this is for SCRAM, regardless of digest, now that we have SCRAM-SHA-256.

Generated at Thu Feb 08 08:21:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.