[SERVER-28237] Support selectable SCRAM-SHA-256 authentication Created: 07/Mar/17  Updated: 27/Oct/23  Resolved: 07/Feb/19

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: Spencer Brown Assignee: DO NOT USE - Backlog - Platform Team
Resolution: Gone away Votes: 3
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Participants:
Case:

 Description   

The current SCRAM-SHA-1 implementation does not appear to be vulnerable to the current attacks on SHA-1, or suspected weaknesses of SHA-1. However, this feature request asks to implement selectable SCRAM hashing methods, including SCRAM-SHA-256 as defined in RFC 7677, because future developments may call for it.



 Comments   
Comment by Sara Williamson [ 07/Feb/19 ]

Closing this ticket as Gone Away, as SCRAM-SHA-256 support was added in MongoDB 4.0

Comment by Justin Cohler [ 10/Mar/17 ]

We'll consider this as security requirements grow for new hashing methods or as we see more user demand for this capability.

Generated at Thu Feb 08 04:17:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.