I’m building out a IPFS project, and currently am using the ipfs dag [put|get] commnads to store, and retrieve my configuration files. These IPFS nodes are also publicly exposed to the internet, and allow authenticated users to query the node for generalized information about content it is tracking, etc…
My main security concern is whether or not adding configuration files to a dag, and storing/retrieving the information from that if there is any possibility for the name of that dag to be leaked, therefore making the configuratoin information freely available.
If this is a concern without encryption, how would I mitigate it?
I am not one of the IPFS authors, but as far as I understand the situation is as follows: It is not possible to enumerate all hashes via the ipfs gateway. So it’s not like somebody can traverse all stored objects by somehow crawling the gateway of your node.
It is however possible to listen to DHT traffic for any node of the public ipfs swarm. So an attacker could create a number of public ipfs nodes, listen to DHT traffic, and then get the hash of objects stored elsewhere in the swarm. There is a certain probability that he will be able to get the hashes of your configuration file dag objects this way, which increases with the number of nodes the attacker is running.
The chance of “guessing” the hash if you don’t have the data is essentially zero.
So the bottom line is: a sophisticated attacker could definitely get your dag config files. If the security requirements for your configuration files are really high, you should store them in an encrypted way.