Replace MD5 in dgraph cert ls #3254
Conversation
There was a problem hiding this comment.
Reviewed 2 of 3 files at r1.
Reviewable status: 2 of 3 files reviewed, 2 unresolved discussions (waiting on @codexnull)
dgraph/cmd/cert/info.go, line 129 at r1 (raw file):
groupSize
nit: rename to groupByteSize so the units are explicit.
dgraph/cmd/cert/info.go, line 133 at r1 (raw file):
hex := fmt.Sprintf("%0*X", groupSize*2, digest[0:groupSize])
A small comment with an example of how the output is supposed to look would be helpful.
There was a problem hiding this comment.
Reviewable status: 2 of 3 files reviewed, 2 unresolved discussions (waiting on @martinmr)
dgraph/cmd/cert/info.go, line 129 at r1 (raw file):
Previously, martinmr (Martin Martinez Rivera) wrote…
groupSizenit: rename to groupByteSize so the units are explicit.
Done.
dgraph/cmd/cert/info.go, line 133 at r1 (raw file):
Previously, martinmr (Martin Martinez Rivera) wrote…
hex := fmt.Sprintf("%0*X", groupSize*2, digest[0:groupSize])A small comment with an example of how the output is supposed to look would be helpful.
Done.
There was a problem hiding this comment.
Reviewable status: 2 of 3 files reviewed, 2 unresolved discussions (waiting on @martinmr)
There was a problem hiding this comment.
Reviewed 2 of 3 files at r1, 1 of 1 files at r2.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @martinmr)
* Change cert ls command to output SHA-256 digests instead of MD5.
* Change cert ls command to output SHA-256 digests instead of MD5.
MD5 digests are vulnerable to collisions nowadays. This is a simple change to replace them with SHA-256 digests (aka hashes, fingerprints, thumbprints) in dgraph cert ls output.
This change is