Re: Adopting the Multihash spec as a work item?

Sites like virustotal.com deal in hashes constantly. They distinguish
algorithms for hashes based on the output size (MD5 has one size digest,
SHA2 has another size, SHA256 another size, etc).

I assume we feel like adding a prefix is important because this technique
is not adequate?

On Tue, Jan 1, 2019 at 11:02 AM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> Hi all (bcc: Protocol Labs Research Division),
>
> The Multihash specification was drafted before/during the last RWoT and
> has been released as an IETF Internet-Draft. The specification is
> intended to be a joint work product of Protocol Labs (IPFS and
> Filecoin), the W3C Digital Verification Community Group, and the W3C
> Credentials Community Group... which means we need to decide if we're
> adopting it as a Work Item in the CCG.
>
> So, what problem does Multihash solve and why do we care?
>
> Our community depends on cryptographic hashes to generate short
> fingerprints for files and data. These fingerprints look like this as
> binary data:
>
> 0x0a4ec6f1629e49262d7093e2f82a3278
>
> While that may look like gobbledygook to a human reader, it's enough for
> a computer to uniquely identify, for example, one picture among all of
> the other trillions of pictures on the Web. We use these fingerprints
> when working with Verifiable Credentials, DIDs, public keys, and
> evidence data (images, PDFs, etc.) that are linked to VCs.
>
> The problem is that we don't know what sort of cryptographic hash
> function generated the hash above, so we need to put an identifier at
> the front of that cryptographic hash. That's basically what Multihash
> does: it provides a mechanism to identify how cryptographic hashes were
> generated.
>
> This is useful because if we have a cryptographic hash identifier, we
> can design upgradability into the systems we're building today.
> Cryptographic hashing systems are broken every 10 years or so -- they
> have a shelf life and will eventually need to be upgraded. Building this
> concept of upgradability into our systems, especially DIDs and VCs, is a
> good engineering practice and the Multihash spec enables us to do just
> that. It's a fairly short 10 page spec and can be found here:
>
> https://tools.ietf.org/html/draft-multiformats-multihash-00
>
> This email is a request to the Chairs to add this to the next meeting
> Agenda for the CCG and adopt it as a work item.
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches
>
>

Received on Tuesday, 1 January 2019 20:35:27 UTC