[SERVER-6977] Support for alternative hashing algorithm for authentication Created: 09/Sep/12  Updated: 15/Feb/13  Resolved: 16/Dec/12

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.2.0
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Dave Curylo Assignee: Andy Schwerin
Resolution: Duplicate Votes: 1
Labels: Windows, connection, driver, replicaset
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows Server 2008 with FIPS-140 Policy Enabled


Issue Links:
Depends
Related
related to SERVER-7648 Support Use of FIPS 140-2 Compliant C... Closed
related to CSHARP-573 Change MD5 Hash for Machine Key to So... Closed
Participants:

 Description   

MD5 is not an approved algorithm for the Federal Information Processing Standards, however, FIPS-140 compliance is a requirement for many federal government software projects. A list of approved algorithms may be found here:
http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html

Because MongoDB authentication uses MD5 hashing for the message digest, there is no way to meet FIPS-140 compliance with authentication enabled.

In order to meet FIPS compliance, please add support for an alternative hashing algorithm to be optionally enabled in the server. Client drivers should follow suit. For example, a new option --authAlgorithm=HMACSHA256 could instruct the server to use the approved HMAC+SHA256 algorithm for the authentication message digest. I recommend this as an option rather than simply switching entirely from MD5 to HMAC+SHA256 because this would break existing clients until all drivers could upgrade.

Here is a bit more background in order to recreate the issue:

This affects servers and client libraries, and is simple to recreate by setting this registry bit on a Windows machine to 1 (enabled):

HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled

With this set, components that use non-compliant algorithms should fail. The .NET client will throw an exception when attempting to create the message digest for authentication. Other drivers may or may not adhere to the policy, depending on whether their underlying crypto implementations or runtime libraries check for this.

It is also worth noting that the MongoDB Server does not appear to check for the FIPS policy setting on Windows, and as such, even though this registry setting is enabled when running mongod.exe server on a Windows host, MongoDB continues to use MD5 hashing during the authentication process. Not adhering to this policy in mongod.exe on Windows Servers with FIPS enabled may also cause MongoDB to fail a FIPS audit. As such, it's also recommended that you use a cryptography library that has gained the FIPS-140 certification and adheres to this policy on Windows.



 Comments   
Comment by Eliot Horowitz (Inactive) [ 16/Dec/12 ]

Kai - yes, agreed.
Resolving this as a dup though: SERVER-2360

Comment by Kai Virkki [ 15/Dec/12 ]

It's not only the authentication with the client that uses MD5; MongoDB also stores passwords as MD5 hashes, which is not anymore considered to be secure. Something better should be used, like SHA256 or SHA512. Preferable a key derivation function like PBKDF2 or scrypt should be used as they can be parametrized to make it harder to brute-force the hashes when attackers' machines get faster.

Generated at Thu Feb 08 03:13:17 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.