W3C home > Mailing lists > Public > public-rdf-dawg@w3.org > October to December 2010

Re: md5sum and sha1sum functions

From: Paul Gearon <gearon@ieee.org>
Date: Mon, 6 Dec 2010 12:30:50 -0500
Message-ID: <AANLkTinb5WngJ6CKyKbL1K40j7Gv80zDUrFsYUL40TOa@mail.gmail.com>
To: Andy Seaborne <andy.seaborne@epimorphics.com>
Cc: SPARQL Working Group <public-rdf-dawg@w3.org>
On Mon, Dec 6, 2010 at 7:25 AM, Andy Seaborne
<andy.seaborne@epimorphics.com> wrote:
> I agree with Sandro that we should have sha1, sha224, sha256, sha384 and
> sha512.
>
> Whether they are named or have a length parameters (for certain fixed values
> only), I don't much mind.  Does anyone want the ability to switch at runtime
> on a per-call basis? sha256(s) and sha(s, len) is also possible.

While I'm not a fan of gratuitously making the function list longer,
I'd prefer to see different function names for the different
keylengths. Having a strict enumeration for the keylengths makes it
seem less useful as a parameter. Also, for people less familiar with
what's going on, it will be simpler to just ask for the hash that they
need (e.g. sha1), rather than a function and keylength.

> FYI: Apache common codec does not have sha224.  Searching, I find that
> sha224 is an addition of Feb 2004 and is a truncated SHA-2 256.
>
>
> On 03/12/10 23:04, Paul Gearon wrote:
>>
>> As discussed in the last teleconf, I would like to propose the include
>> of an "md5sum" function, in a similar fashion to MySQL.
>
> Fine tuning: Just MD5() and SHA1()?
>
> md5sum is the name of a program that generates md5 checksums.

Yes. I'm used to using md5sum and sha1sum, so didn't think about it.
MySQL uses MD5 and SHA1, which I'm quite happy with.

> (I know FOAF uses mbox_sha1sum but it also has the experimental foaf:sha1
> for documents).
>
>> MD5SUM is often used for storing passwords. SHA1SUM is used in a
>> similar way, and is also used for hashing email addresses in FOAF.
>>
>> ---
>>
>> MD5SUM
>>
>> The MD5SUM function accepts a single plain literal argument and
>> returns a simple literal containing a string of exactly 32 characters.
>> Each character represents a hexadecimal digit and is one of [0-9a-f].
>
> Is plain literal the right choice here?
>
> Either of
>
>  simple literal
>  simple literal+xsd:string
>
> make more sense to me

That was a thinko on my part, sorry.

I was indeed just thinking of simple literals. It crossed my mind to
consider xsd:strings as well, but I wasn't sure if that was needed.
After all, it's always possible to just wrap the parameter in STR. I
suppose it's simpler for users if it just accepts strings of either
type.

> The case of plain+lang seems to me to be a bad choice as the checksum does
> not include the language tag.

Agreed.

>        Andy
> ...
>
>>
>> ?r
>> --
>> "f96b697d7cb7938d525a2f31aaf161d0"
>
> ?r => ?m

Typo. Thanks.

Paul
Received on Monday, 6 December 2010 17:31:24 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 16:15:44 GMT