Add the BLAKE3 hashing algorithm to fn:hash #1226
Conversation
… separate ranking
|
I think you've made quite a tangle here. I suggest you discard this PR and start over. I don't know how you have your repository configured, I have an "upstream" repository that points to the QT4CG version and an "origin" repository that points to my version. I think maybe you've got something like that, but I can't tell.
That way you'll have independent PRs. |
|
When I investigated Blake3, I found three different "flavors" of hashing, with different parameters. How does your proposal address those flavors and their parameters. (e.g., https://commons.apache.org/proper/commons-codec/apidocs/org/apache/commons/codec/digest/Blake3.html) |
This proposal is just for the Hashing function of Blake3 - not for Keyed Hashing or Keyed Derivation. And this is what the For this reason there is no ambiguity here, and the added bullet explicitly specifies Blake3 Hashing: "BLAKE3: the BLAKE3 algorithm defined by [BLAKE3 Hashing]." |
|
who needs so many different hash functions? |
Thanks Norm, The reason for this is that the changes for the previous submitted PR (1027, for Thus in the hashAddBlake3 branch I had to revert all those changes in order to start in a clean way. It seems that a good way to fix this is that I should discard PR1027, refresh my fork to fully match the qtspecs repository, then make two separate (and from master) feature branches for Do you see a better way to do this? |
I share the concerns that if we add BLAKE3 to the list, people may miss RIPEMD-160, SHAKE or Whirlpool (which, as far as I can judge, are still more popular today). Do we have good arguments for adding BLAKE3 to the most common 3 (+CRC-32) and not adding various others as well? |
I recommend you to create a fresh clone of the original repository and create new branches for fn:rank and BLAKE3. This will be even more helpful if you create future PRs in the future. |
Yes @ChristianGruen this is exactly what I have starting doing. Thanks! |
|
Closing this PR to resolve a branches situation that causes a dependency between two different PRs. Will reopen it after the issue is fixed. |
|
@ChristianGruen (or anyone having this knowledge): How can I delete my fork of qtspec in order to be able then to create a new, fresh one? |
|
The BLAKE3 hashing algorithm is at present the fastest and the most secure (no known breaches) hashing algorithm. If this is not a sufficient reason for you to consider it, then any further arguments are not meaningful. Please, read the description and the detailed benchmarking results here: https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf. In particular, see the three diagrams on page 9 to page 11 summarizing the benchmarking results comparing BLAKE with SHA-256 and SHA-512. See also Table 4 and 5 summarizing the extremely low probabilities for successful attack using different known attack-methods. Providing the best of the best hashing algorithm is a good opportunity for us and missing it would be unfortunate. |
You seem to have misread my question, which was what would be reasonable arguments against adding other algorithms like RIPEMD-160, SHAKE or Whirlpool as well. |
Where/when did I say that I have any arguments for not adding other algorithms? |
I found 155 faster hashs: https://rurban.github.io/smhasher/doc/table.html Better add all of them
That would have been much easier if it was an EXPath module rather than a core function. Then all kinds of hash functions could be added with needing so many arguments |
I agree. The EXPath initiative is somewhat dormant as its founder is not responsive anymore. My personal preference would be to stick with the existing set of 4 hash functions, and let implementors decide which other hash algorithms to add. @ndw Do you have an example for an option argument in mind that has more keys than |
|
I observe that implementations can support any and all hash algorithms that their users ask for. The only thing that's really on the table here is which algorithms must be supported by conforming implementations. You can take the position "everything I want must be supported by all conforming implmeentations" but it's not the easy path. Every feature you ask an implementor to add, no matter that it's small, is another feature they have to implement, and test, and document. FWIW, XProc's p:hash step mandates CRC32, MD5, and SHA1. My XProc implementation also supports HMAC and (because @dnovatchev intrigued me, all three flavors of BLAKE3). I could (easily) add more flavors, my implementation would remain conformant, and no specifications would have to be updated. |
|
@ChristianGruen the |
|
If we adopted a position that was more open to optional features (loved by implementors, hated by users), we could divide things up. We could, for example, have a separate specification for the |
Thanks. Maybe we could add an example to the spec that is expected to work in future versions of Saxon (adding a note that it is vendor-specific). Something like this? hash("input", { "algorithm": "HMAC", "accessKey": "secret" }) |
|
I've implemented in my XProc processor, not Saxon (yet 😄 ), but yes, that would be fine. I wonder if algorithm should be a QName in this case... |
True – the optional parameters would need to have a prefix. Something like: hash("input", { "algorithm": "HMAC", xs:QName("vendor:accessKey"): "secret" }) |
|
I was thinking that the algorithm should be a union of string and QName... |
I think we have no rule yet that treats option values differently, depending on their type (but I may be wrong?). My favorite would still be to separate the algorithm from the options, and have no rules imposed on the last argument: fn:hash(
$value as (xs:string | xs:hexBinary | xs:base64Binary)?,
$algorithm as xs:string? := 'MD-5',
$options as map(*)? := ()
) as xs:hexBinary?
|
This PR adds the BLAKE3 hashing algorithm as one of the hashing algorithms in
fn:hashThis comes from a different branch than the one that contains the PR for
fn:ranks, thus both PRs must be active and independent of each other.