[SERVER-26952] Cache SCRAM-SHA-1 ClientKey Created: 08/Nov/16  Updated: 17/Oct/17  Resolved: 02/Feb/17

Status: Closed
Project: Core Server
Component/s: Internal Client
Affects Version/s: None
Fix Version/s: 3.2.16, 3.4.4, 3.5.3

Type: Improvement Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Done Votes: 0
Labels: bkp
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Duplicate
is duplicated by SERVER-26740 Total connections is not stable and s... Closed
Related
is related to PHPC-1022 Sporadic SCRAM-SHA-1 authentication f... Closed
is related to DRIVERS-343 Cache SCRAM ClientKey Closed
Backwards Compatibility: Fully Compatible
Backport Requested:
v3.4, v3.2
Sprint: Platforms 2017-03-27
Participants:
Case:

 Description   

SCRAM-SHA-1, by design, consumes a great deal of CPU resources while performing authentication. This can be a problem while populating connection pools, where many clients are authenticating at once. Fortunately, most of the expensive computations of SCRAM can be reused across multiple authentication requests. RFC5802 makes provisions for this:

Note that a client implementation MAY cache ClientKey&ServerKey (or just SaltedPassword) for later reauthentication to the same service, as it is likely that the server is going to advertise the same salt value upon reauthentication. This might be useful for mobile clients where CPU usage is a concern.



 Comments   
Comment by Githook User [ 11/Jul/17 ]

Author:

{u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}

Message: SERVER-26952: Cache SCRAM-SHA-1 ClientKey

(cherry picked from commit 47da0b53f9cd27aeec1d2822780784866269a47d)
Branch: v3.2
https://github.com/mongodb/mongo/commit/16e83332ed20e4054324a1a7714506e74eed5180

Comment by Githook User [ 07/Apr/17 ]

Author:

{u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}

Message: SERVER-26952: Cache SCRAM-SHA-1 ClientKey

(cherry picked from commit 47da0b53f9cd27aeec1d2822780784866269a47d)
Branch: v3.4
https://github.com/mongodb/mongo/commit/c53363894310c144aefd06ce323d348735789601

Comment by Githook User [ 02/Feb/17 ]

Author:

{u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}

Message: SERVER-26952: Cache SCRAM-SHA-1 ClientKey
Branch: master
https://github.com/mongodb/mongo/commit/47da0b53f9cd27aeec1d2822780784866269a47d

Comment by David Golden [ 09/Dec/16 ]

N.B. SaltedPassword and thus ClientKey and ServerKey are a function of both salt and iteration count, so the cache would be invalid if either change (which is fortunately also unlikely in the timeframe of multiple server connections in a pool).

Generated at Thu Feb 08 04:13:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.