Re: md5sum and sha1sum functions from Sandro Hawke on 2010-12-04 (public-rdf-dawg@w3.org from October to December 2010)

From: Sandro Hawke <sandro@w3.org>
Date: Fri, 03 Dec 2010 20:02:36 -0500
To: Paul Gearon <gearon@ieee.org>
Cc: SPARQL Working Group <public-rdf-dawg@w3.org>
Message-ID: <1291424556.4437.26.camel@waldron>

On Fri, 2010-12-03 at 18:04 -0500, Paul Gearon wrote:
> As discussed in the last teleconf, I would like to propose the include
> of an "md5sum" function, in a similar fashion to MySQL.
> 
> MD5SUM is often used for storing passwords. SHA1SUM is used in a
> similar way, and is also used for hashing email addresses in FOAF.
> 
> ---
> 
> MD5SUM
> 
> The MD5SUM function accepts a single plain literal argument and
> returns a simple literal containing a string of exactly 32 characters.
> Each character represents a hexadecimal digit and is one of [0-9a-f].
> 
> The value returned from MD5SUM, is the result of applying the MD5
> message-digest algorithm to the argument, as described in RFC 1321.
>   http://tools.ietf.org/html/rfc1321
> 
> Examples:
> 
> SELECT (MD5SUM('') AS ?m)
> WHERE { }
> 
> ?m
> --
> "d41d8cd98f00b204e9800998ecf8427e"
> 
> 
> SELECT (MD5SUM('a') AS ?m)
> WHERE { }
> 
> ?m
> --
> "0cc175b9c0f1b6a831c399e269772661"
> 
> SELECT (MD5SUM('message digest') AS ?m)
> WHERE { }
> 
> ?r
> --
> "f96b697d7cb7938d525a2f31aaf161d0"
> 
> 
> ------
> 
> 
> Also, since SHA1SUM is used in FOAF, it could be included in the same
> way. SHA1 is defined at:
>   http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf
> Example code is provided at:
>   http://tools.ietf.org/html/rfc3174
> 
> 
> 
> SHA1SUM
> 
> The SHA1SUM function accepts a single plain literal argument and
> returns a simple literal containing a string of exactly 32 characters.
> Each character represents a hexadecimal digit and is one of [0-9a-f].
> 
> The value returned from SHA1SUM, is the result of applying the SHA-1
> message-digest algorithm to the argument, as described in RFC 3174.
>   http://tools.ietf.org/html/rfc3174

As I mentioned in the telecon, I think if we're going to include SHA-1
it would be odd to ignore SHA-2.

http://en.wikipedia.org/wiki/SHA-2

I think the pair can be handled by using a function like
SHASUM('abc',256), where the second arg is the key length.  The
keylength 160 would mean SHA-1, and the lengths 224, 256,384, and 512
would mean SHA-2.   I don't know enough about the SHA-3 proposals to
know how that might be extended to SHA-3.

http://en.wikipedia.org/wiki/NIST_hash_function_competition

I won't object to ignoring SHA-2, but I wanted to make sure the group
considered it.   I use SHA-256 when I need a hash.

    -- Sandro

> Examples:
> 
> SELECT (SHA1SUM('') AS ?m)
> WHERE { }
> 
> ?m
> --
> "da39a3ee5e6b4b0d3255bfef95601890afd80709"
> 
> 
> SELECT (SHA1SUM('abc') AS ?m)
> WHERE { }
> 
> ?m
> --
> "a9993e364706816aba3e25717850c26c9cd0d89d"
> 
> 
> 
> 
> Regards,
> Paul Gearon
> 
>

Received on Saturday, 4 December 2010 01:02:47 UTC