W3C home > Mailing lists > Public > public-rdf-dawg@w3.org > July to September 2011

Re: Proposal for hash functions in SPARQL 1.1

From: Andy Seaborne <andy.seaborne@epimorphics.com>
Date: Thu, 29 Sep 2011 17:30:14 +0100
Message-ID: <4E849D16.7070900@epimorphics.com>
To: public-rdf-dawg@w3.org

>> Proposal 5:
>> MD5
>> SHA1
>> SHA256
>> SHA512
>> SHA384
>> SHA512
>>
>> (i.e. remove SHA224, but that's the problmeatic one for the commenter
>> (Jeen) because it's not in the core Java runtime).
>
> You also include SHA512 twice, making the list look longer!  :-)

Two independent implementations, just to be sure.

> Also, I was advised against including MD5 -- as the earlier xmldsig
> advises -- because of known security problems with it.  I guess the
> theory is that it's important to steer people away from technology that
> looks secure but isn't.   (The counter-argument is that some people
> still use it.  But maybe should let that be entirely on them.)

Yes - it's not recommended for weak for SSL certificates or digital 
signatures (hence xmldsig).

MD5 has it's place as for error-checking:

http://en.wikipedia.org/wiki/MD5#Applications

	Andy

>
>     -- Sandro
>
>> http://download.oracle.com/javase/7/docs/api/
>> http://download.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest
>>
>> Do any programming languages have problems with this set?
>>
>> 	Andy
>>
>>
>
>
>
Received on Thursday, 29 September 2011 16:30:47 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 16:15:46 GMT