<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:15:32 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-2539] SCRAM secrets should be cached by hashed password, salt, and iterations</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-2539</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-2150&quot; title=&quot;Cache SCRAM-SHA-1 ClientKey&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-2150&quot;&gt;&lt;del&gt;CDRIVER-2150&lt;/del&gt;&lt;/a&gt; implemented caching for SCRAM-SHA-1 by tracking the client key, server key, and salted password on the &lt;tt&gt;mongoc_cluster_t&lt;/tt&gt; object. Once cached, those values are then used for all subsequent SCRAM authentications for the same cluster/client.&lt;/p&gt;

&lt;p&gt;In &lt;a href=&quot;https://jira.mongodb.org/browse/PHPC-1022&quot; title=&quot;Sporadic SCRAM-SHA-1 authentication failures due to &amp;quot;storedKey mismatch&amp;quot;&quot; class=&quot;issue-link&quot; data-issue-key=&quot;PHPC-1022&quot;&gt;&lt;del&gt;PHPC-1022&lt;/del&gt;&lt;/a&gt;, we discovered that this behavior was the cause of occasional authentication failures for persisted libmongoc clients. While the client error was vague, the server logs indicated:&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Looking at &lt;a href=&quot;https://github.com/mongodb/mongo/commit/16e83332ed20e4054324a1a7714506e74eed5180#diff-321fcfb3d0fe29184ab39d1943c1285fR42&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;16e8333&lt;/a&gt; for &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-26952&quot; title=&quot;Cache SCRAM-SHA-1 ClientKey&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-26952&quot;&gt;&lt;del&gt;SERVER-26952&lt;/del&gt;&lt;/a&gt;,&lt;br/&gt;
 &lt;tt&gt;scram_sha1_client_cache.cpp&lt;/tt&gt; uses the following pre-secrets as its hash key:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;hashed password&lt;/li&gt;
	&lt;li&gt;salt&lt;/li&gt;
	&lt;li&gt;iteration count&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Rather than maintain a single cache entry for the entire cluster, libmongoc should cache its secrets by an n-tuple of the above pre-secrets. This cache need not be limited to &lt;tt&gt;mongoc_cluster_t&lt;/tt&gt;. We can have &lt;tt&gt;_mongoc_scram_startup()&lt;/tt&gt; (called by &lt;tt&gt;_mongoc_do_init()&lt;/tt&gt; initialize a global hash table for use by all libmongoc clients. This will allow us to remove any notion of caching from &lt;tt&gt;mongoc-cluster.c&lt;/tt&gt; and contain it within &lt;tt&gt;mongoc-scram.c&lt;/tt&gt;. That hash table can later be freed in a new &lt;tt&gt;_mongoc_scram_cleanup()&lt;/tt&gt; function, which can be invoked by &lt;tt&gt;_mongoc_do_cleanup()&lt;/tt&gt;.&lt;/p&gt;</description>
                <environment></environment>
        <key id="507883">CDRIVER-2539</key>
            <summary>SCRAM secrets should be cached by hashed password, salt, and iterations</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="jmikola@mongodb.com">Jeremy Mikola</assignee>
                                    <reporter username="jmikola@mongodb.com">Jeremy Mikola</reporter>
                        <labels>
                    </labels>
                <created>Thu, 8 Mar 2018 17:24:26 +0000</created>
                <updated>Sat, 28 Oct 2023 11:30:03 +0000</updated>
                            <resolved>Tue, 13 Mar 2018 18:23:17 +0000</resolved>
                                    <version>1.7.0</version>
                                    <fixVersion>1.10.0</fixVersion>
                                    <component>auth</component>
                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="1832701" author="jesse" created="Tue, 13 Mar 2018 20:17:51 +0000"  >&lt;p&gt;Thanks Jeremy!&lt;/p&gt;</comment>
                            <comment id="1832517" author="xgen-internal-githook" created="Tue, 13 Mar 2018 18:22:39 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;email&apos;: &apos;jmikola@gmail.com&apos;, &apos;name&apos;: &apos;Jeremy Mikola&apos;, &apos;username&apos;: &apos;jmikola&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-2539&quot; title=&quot;SCRAM secrets should be cached by hashed password, salt, and iterations&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-2539&quot;&gt;&lt;del&gt;CDRIVER-2539&lt;/del&gt;&lt;/a&gt; use pre-secrets for SCRAM caching&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/bfcbed2aaed6082f6eaacf490858bb73eb1c042b&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/bfcbed2aaed6082f6eaacf490858bb73eb1c042b&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="446578">PHPC-1022</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="381284">CDRIVER-2150</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="337153">DRIVERS-343</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|htjga7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>