[SERVER-28237] Support selectable SCRAM-SHA-256 authentication Created: 07/Mar/17 Updated: 27/Oct/23 Resolved: 07/Feb/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Spencer Brown | Assignee: | DO NOT USE - Backlog - Platform Team |
| Resolution: | Gone away | Votes: | 3 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Participants: | |||||
| Case: | (copied to CRM) | ||||
| Description |
|
The current SCRAM-SHA-1 implementation does not appear to be vulnerable to the current attacks on SHA-1, or suspected weaknesses of SHA-1. However, this feature request asks to implement selectable SCRAM hashing methods, including SCRAM-SHA-256 as defined in RFC 7677, because future developments may call for it. |
| Comments |
| Comment by Sara Williamson [ 07/Feb/19 ] |
|
Closing this ticket as Gone Away, as SCRAM-SHA-256 support was added in MongoDB 4.0 |
| Comment by Justin Cohler [ 10/Mar/17 ] |
|
We'll consider this as security requirements grow for new hashing methods or as we see more user demand for this capability. |