diff --git a/specifications/xpath-functions-40/src/function-catalog.xml b/specifications/xpath-functions-40/src/function-catalog.xml index 9ffcff85d..2f3ec5e66 100644 --- a/specifications/xpath-functions-40/src/function-catalog.xml +++ b/specifications/xpath-functions-40/src/function-catalog.xml @@ -5369,15 +5369,17 @@ return normalize-unicode(concat($v1, $v2)) the value through fn:upper-case(fn:normalize-space()).

Conforming implementations must support the following options and the functions referred to by them:

- +

MD5: the MD5 Message-Digest algorithm defined by (update to ).

 -

SHA-1: the SHA-1 algorithm, defined by

BLAKE3: the BLAKE3 algorithm defined by .

 +

CRC-32: the CRC-32 algorithm, defined by .

+

SHA-1: the SHA-1 algorithm, defined by .

SHA-256: the SHA-256 algorithm, defined by .

-

CRC-32: the CRC-32 algorithm, defined by .

Conforming implementations may support other checksum and hash functions with implementation-defined semantics.

@@ -5393,9 +5395,18 @@ return normalize-unicode(concat($v1, $v2))

It is common for secure algorithms to be cryptographically broken, as has happened to - the algorithms MD5 and SHA-1. Developers are responsible for + the algorithms MD5, SHA-1, and SHA-256. + And the CRC-32 algorithm is not intended for cryptographic purposes. + Developers are responsible for ensuring that the algorithm chosen meets any expected security protocols, if relevant.

+

The BLAKE3 algorithm is included in the list of hashing algorithms + because at the time of writing it appears to be a promising candidate as a secure and fast algorithm + that shows signs of gaining widespread support. + However, this is a fast moving field and the community group recognizes that this decision might eventually not stand the test of time. + As the technology evolves in the future, implementations are free to drop support for this algorithm and substitute another + that appears to better meet requirements. +

Additional security practices, such as salting, may be applied as a preprocessing step, or fn:hash() can be incorporated into more complex functions.

In most cases, the xs:hexBinary output of the function will be sought in @@ -5424,6 +5435,19 @@ return normalize-unicode(concat($v1, $v2)) xs:hexBinary("3C01BDBB26F358BAB27F267924AA2C9A03FCFDB8") + hash("ABC", { "algorithm": "BLAKE3" }) +=> string() => lower-case() + "d1717274597cf0289694f75d96d444b992a096f1afd8e7bbfa6ebb1d360fedfc" + + + hash("ABC", { "algorithm": "BLAKE3" }) +=> xs:base64Binary() => string() + "0XFydFl88CiWlPddltREuZKglvGv2Oe7+m67HTYP7fw=" + + + hash("ABC", { "algorithm": "sha-256" }) +=> string() + "B5D4045C3F466FA91FE2CC6ABE79232A1A57CDF104F7A26E716E0A1E2789DF78" hash("ABC", { "algorithm": "sha-256" }) xs:hexBinary("B5D4045C3F466FA91FE2CC6ABE79232A1A57CDF104F7A26E716E0A1E2789DF78") @@ -5433,7 +5457,7 @@ return normalize-unicode(concat($v1, $v2)) hash(serialize($doc), { "algorithm": "sha-1" }) -=> xs:base64Binary() +=> xs:base64Binary() => string() "8PzN28NtxQv5RlxQ5/w6DcnrpEU=" @@ -32174,4 +32198,4 @@ return pin($data)??languages[. = 'German'] ! label()?path()[1] - + \ No newline at end of file diff --git a/specifications/xpath-functions-40/src/xpath-functions.xml b/specifications/xpath-functions-40/src/xpath-functions.xml index 2b51e883b..feb03d4fc 100644 --- a/specifications/xpath-functions-40/src/xpath-functions.xml +++ b/specifications/xpath-functions-40/src/xpath-functions.xml @@ -11197,6 +11197,10 @@ currently, Version 9.0.0. Non-normative references + + Blake3 Algorithm Specification. Available at: + https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf + Edward M. Reingold and Nachum Dershowitz. Calendrical Calculations Millennium edition (2nd Edition). Cambridge University Press,