-
Type: Improvement
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Authentication
-
None
-
Java Drivers
-
Needed
-
Summary
The https://www.mongodb.com/docs/manual/core/security-scram/#std-label-authentication-scram page states that SCRAM-SHA-256 can be used in the FIPS mode.
At the same time looking into mongo-java-driver: https://github.com/mongodb/mongo-java-driver/blob/98934ddc52efa48e7e3b41339e57ff4c8dc89322/driver-core/src/main/com/mongodb/internal/connection/ScramShaAuthenticator.java#L258
it looks that:
private byte[] hi(final byte[] password, final byte[] salt, final int iterations) throws SaslException
is kind of key derivation function implementation. While SHA-256 is OK, still the problem is that imho any crypto/key derivation should be done via FIPS validated/certified crypto module, so for example PBKDF2 with Bouncy Castle FIPS via JCA.
So, any crypto implemented outside of the certified module makes the code not FIPS compliant and SCRAM-SHA-256 should not be available in the FIPS mode, at least with that driver in the current form.
Additional Background
- is duplicated by
-
JAVA-5534 SCRAM-SHA-256 FIPS Compliance
- Closed