johnscancella
commented
7 years ago :+1: for generating multiple. That is what the new bagit-java will do
Closed acdha closed 7 years ago
johnscancella
commented
7 years ago :+1: for generating multiple. That is what the new bagit-java will do
acdha
commented
7 years ago @johnscancella which are you enabling by default? I was wondering whether to leave MD-5 in the list for backwards compatibility but I'm really hoping nobody has a workflow which depends on e.g. md5deep.
acdha
commented
7 years ago As of https://github.com/LibraryOfCongress/bagit-python/commit/81a6123f91b6d9c7ee0b81e21fc034eb3f95b891 the default list is SHA-256 and SHA-512 and future upgrades should be easier because it includes every recommended algorithm supported by hashlib by default.
johnscancella
commented
7 years ago I just have MD5, SHA-1, SHA-256, and SHA-512 all generated at the same time. However, the bagit-java library is extensible so you can even use third party libraries like bouncy castle that include SHA3
Since it's cheap enough on computers made in the last decade, we should either change the default to SHA-256 or use more than one algorithm if there's any concern about compatibility with very old workflows.