Closed acdha closed 7 years ago
:+1: for generating multiple. That is what the new bagit-java will do
@johnscancella which are you enabling by default? I was wondering whether to leave MD-5 in the list for backwards compatibility but I'm really hoping nobody has a workflow which depends on e.g. md5deep.
As of https://github.com/LibraryOfCongress/bagit-python/commit/81a6123f91b6d9c7ee0b81e21fc034eb3f95b891 the default list is SHA-256 and SHA-512 and future upgrades should be easier because it includes every recommended algorithm supported by hashlib
by default.
I just have MD5, SHA-1, SHA-256, and SHA-512 all generated at the same time. However, the bagit-java library is extensible so you can even use third party libraries like bouncy castle
that include SHA3
Since it's cheap enough on computers made in the last decade, we should either change the default to SHA-256 or use more than one algorithm if there's any concern about compatibility with very old workflows.