DGraph Security Concerns

Hi noticed in your documentation that when spinning up a cluster using a TLS configuration, the example uses an MD5 hash to encrypt your keys. I can see that you can specify an algorithm using -aes256 in the tooltip, I just wanted to make sure that you are indeed using the specified algorithm for the keygen in general and not only for openssl ceritificates.

If you are talking about https://docs.dgraph.io/deploy/#certificate-inspection, the MD5 hashes are just used to output a checksum that can be used to verify the files. They are not being used for generating the keys or any other process.

ah perfect thank you!

In the upcoming v1.1 we’ve changed the checksum output to SHA-256 instead of MD5 to avoid this concern.