Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.1.0
Affects Version/s: None
Component/s: None
Labels:
None

Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

The Ruby driver currently does a direct comparison to the server signature returned by the server in SCRAM-SHA-1. Best practice is to use a constant time comparison function. See here:

http://ruby-doc.org/stdlib-2.0.0/libdoc/openssl/rdoc/OpenSSL/PKCS5.html#module-OpenSSL::PKCS5-label-Important+Note+on+Checking+Passwords

is depended on by

DRIVERS-255 Use constant-time hash comparison functions

Closed

Assignee:: Durran Jordan
Reporter:: Bernie Hackett
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Aug 14 2015 11:16:09 PM UTC
Updated:: Aug 24 2015 08:35:31 PM UTC
Resolved:: Aug 19 2015 08:36:56 AM UTC
Confidence Status Last Update:: 15/Aug/15 9:09 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates