Re: Proposal for hash functions in SPARQL 1.1

>> Proposal 5:
>> MD5
>> SHA1
>> SHA256
>> SHA512
>> SHA384
>> SHA512
>>
>> (i.e. remove SHA224, but that's the problmeatic one for the commenter
>> (Jeen) because it's not in the core Java runtime).
>
> You also include SHA512 twice, making the list look longer!  :-)

Two independent implementations, just to be sure.

> Also, I was advised against including MD5 -- as the earlier xmldsig
> advises -- because of known security problems with it.  I guess the
> theory is that it's important to steer people away from technology that
> looks secure but isn't.   (The counter-argument is that some people
> still use it.  But maybe should let that be entirely on them.)

Yes - it's not recommended for weak for SSL certificates or digital 
signatures (hence xmldsig).

MD5 has it's place as for error-checking:

http://en.wikipedia.org/wiki/MD5#Applications

 Andy

>
>     -- Sandro
>
>> http://download.oracle.com/javase/7/docs/api/
>> http://download.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest
>>
>> Do any programming languages have problems with this set?
>>
>>  Andy
>>
>>
>
>
>

Received on Thursday, 29 September 2011 16:30:47 UTC