[SERVER-6977] Support for alternative hashing algorithm for authentication Created: 09/Sep/12 Updated: 15/Feb/13 Resolved: 16/Dec/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.2.0 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Dave Curylo | Assignee: | Andy Schwerin |
| Resolution: | Duplicate | Votes: | 1 |
| Labels: | Windows, connection, driver, replicaset | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Windows Server 2008 with FIPS-140 Policy Enabled |
||
| Issue Links: |
|
||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
MD5 is not an approved algorithm for the Federal Information Processing Standards, however, FIPS-140 compliance is a requirement for many federal government software projects. A list of approved algorithms may be found here: Because MongoDB authentication uses MD5 hashing for the message digest, there is no way to meet FIPS-140 compliance with authentication enabled. In order to meet FIPS compliance, please add support for an alternative hashing algorithm to be optionally enabled in the server. Client drivers should follow suit. For example, a new option --authAlgorithm=HMACSHA256 could instruct the server to use the approved HMAC+SHA256 algorithm for the authentication message digest. I recommend this as an option rather than simply switching entirely from MD5 to HMAC+SHA256 because this would break existing clients until all drivers could upgrade. Here is a bit more background in order to recreate the issue: This affects servers and client libraries, and is simple to recreate by setting this registry bit on a Windows machine to 1 (enabled): HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled With this set, components that use non-compliant algorithms should fail. The .NET client will throw an exception when attempting to create the message digest for authentication. Other drivers may or may not adhere to the policy, depending on whether their underlying crypto implementations or runtime libraries check for this. It is also worth noting that the MongoDB Server does not appear to check for the FIPS policy setting on Windows, and as such, even though this registry setting is enabled when running mongod.exe server on a Windows host, MongoDB continues to use MD5 hashing during the authentication process. Not adhering to this policy in mongod.exe on Windows Servers with FIPS enabled may also cause MongoDB to fail a FIPS audit. As such, it's also recommended that you use a cryptography library that has gained the FIPS-140 certification and adheres to this policy on Windows. |
| Comments |
| Comment by Eliot Horowitz (Inactive) [ 16/Dec/12 ] |
|
Kai - yes, agreed. |
| Comment by Kai Virkki [ 15/Dec/12 ] |
|
It's not only the authentication with the client that uses MD5; MongoDB also stores passwords as MD5 hashes, which is not anymore considered to be secure. Something better should be used, like SHA256 or SHA512. Preferable a key derivation function like PBKDF2 or scrypt should be used as they can be parametrized to make it harder to brute-force the hashes when attackers' machines get faster. |