Re: md5sum and sha1sum functions

On Mon, Dec 6, 2010 at 7:25 AM, Andy Seaborne
<> wrote:
> I agree with Sandro that we should have sha1, sha224, sha256, sha384 and
> sha512.
> Whether they are named or have a length parameters (for certain fixed values
> only), I don't much mind.  Does anyone want the ability to switch at runtime
> on a per-call basis? sha256(s) and sha(s, len) is also possible.

While I'm not a fan of gratuitously making the function list longer,
I'd prefer to see different function names for the different
keylengths. Having a strict enumeration for the keylengths makes it
seem less useful as a parameter. Also, for people less familiar with
what's going on, it will be simpler to just ask for the hash that they
need (e.g. sha1), rather than a function and keylength.

> FYI: Apache common codec does not have sha224.  Searching, I find that
> sha224 is an addition of Feb 2004 and is a truncated SHA-2 256.
> On 03/12/10 23:04, Paul Gearon wrote:
>> As discussed in the last teleconf, I would like to propose the include
>> of an "md5sum" function, in a similar fashion to MySQL.
> Fine tuning: Just MD5() and SHA1()?
> md5sum is the name of a program that generates md5 checksums.

Yes. I'm used to using md5sum and sha1sum, so didn't think about it.
MySQL uses MD5 and SHA1, which I'm quite happy with.

> (I know FOAF uses mbox_sha1sum but it also has the experimental foaf:sha1
> for documents).
>> MD5SUM is often used for storing passwords. SHA1SUM is used in a
>> similar way, and is also used for hashing email addresses in FOAF.
>> ---
>> The MD5SUM function accepts a single plain literal argument and
>> returns a simple literal containing a string of exactly 32 characters.
>> Each character represents a hexadecimal digit and is one of [0-9a-f].
> Is plain literal the right choice here?
> Either of
>  simple literal
>  simple literal+xsd:string
> make more sense to me

That was a thinko on my part, sorry.

I was indeed just thinking of simple literals. It crossed my mind to
consider xsd:strings as well, but I wasn't sure if that was needed.
After all, it's always possible to just wrap the parameter in STR. I
suppose it's simpler for users if it just accepts strings of either

> The case of plain+lang seems to me to be a bad choice as the checksum does
> not include the language tag.


>        Andy
> ...
>> ?r
>> --
>> "f96b697d7cb7938d525a2f31aaf161d0"
> ?r => ?m

Typo. Thanks.


Received on Monday, 6 December 2010 17:31:24 UTC