Standard hash algorithm names? #246
Comments
|
@matt-phylum what would be your recommendation? |
Uncommon but similar algorithms like This is probably another topic, but NuGet packages and Go modules have their own specialized hashes and those should probably be documented or warned about somehow. For NuGet packages, sometimes the sha512 hash includes the attached signature file and sometimes it does not (the package identity must not change when the registry adds its own signature to this file). For Go, packages are conceptually distributed as directory hierarchies instead of flat files, so they have something called an h1 hash, which is an sha1 Merkle tree computed over the package content. |
|
Related: #277 |
johnmhoran
added
the
PURL type definition
Everybody knows about the MD5 SHA-1 SHA-256 SHA-512 algorithms, and these are almost universally written as md5 sha1 sha256 sha512. Unfortunately, the PURL spec says the key for the checksum qualifier is "lowercase_algorithm" and then lowercases "SHA-1" and "SHA-256" into "sha1" and "sha256" for the example. For these algorithms, the description and example are probably okay. That implies that the rest of the SHA-2 family, SHA-224 SHA-384 SHA-512, becomes sha224 sha384 sha512.
However, it's unclear what the key should be for other algorithms like SHA3-256. It's probably sha3-256? sha3256 definitely doesn't seem right.
I've also noticed that some algorithms that shouldn't be ambiguous are made ambiguous by library implementations. For example, Python uses the ID
shake_256for the SHAKE256 algorithm and the IDripemd160for the RIPEMD-160 algorithm.It would be helpful to have a list of standard hash algorithms with their correct keys.
The text was updated successfully, but these errors were encountered: