DGraph Security Concerns

(Honne) #1

Hi noticed in your documentation that when spinning up a cluster using a TLS configuration, the example uses an MD5 hash to encrypt your keys. I can see that you can specify an algorithm using -aes256 in the tooltip, I just wanted to make sure that you are indeed using the specified algorithm for the keygen in general and not only for openssl ceritificates.

(Martin Martinez Rivera) #2

If you are talking about https://docs.dgraph.io/deploy/#certificate-inspection, the MD5 hashes are just used to output a checksum that can be used to verify the files. They are not being used for generating the keys or any other process.

(Honne) #3

ah perfect thank you!

(Daniel Mai) #4

In the upcoming v1.1 we’ve changed the checksum output to SHA-256 instead of MD5 to avoid this concern.