search

opencontainers / go-digest

Common digest package used across the container ecosystem
https://www.opencontainers.org/
Other
184 stars 60 forks source link

digest: promote blake3 to first-class digest #66

Open stevvooe opened 2 years ago

stevvooe commented 2 years ago

The dual module approach for blake3 was slightly awkward. Since it provides similar usability with a massive bump in performance, it's extremely likely to land as a registered algorithm in the image-spec.

This PR removes the secondary module, which made it difficult to test as a unit. This may break users who are using HEAD versions of the package. For a new release, this will be backwards compatible. The other drawback is that the zeebo/blake3 will now be a dependency but this can be replaced transparently by the standard libary in the future.

Signed-off-by: Stephen Day stephen.day@getcruise.com

vbatts commented 2 years ago

oh beans, a rebase is needed

AkihiroSuda commented 2 years ago

it's extremely likely to land as a registered algorithm in the image-spec.

I'm not against this, but I'm not sure we have reached the consensus on the algorithm name. This PR uses "blake3" as the algo name, but https://github.com/opencontainers/image-spec/issues/819 proposes "b3-256".

Is there any actual implementation that has been already using blake3/b3-256/whatever else?

ktarplee commented 2 years ago

Since blake3 supports multiple digests sizes it seems to me that "blake3" without the digest size (e.g., "blake3-256") is a bad choice for a name. Furthermore, it makes sense to register the 512 bit algorithm as well to have the same collision resistance as SHA512 that you already have registered. "blake3-512" or "b3-512" along with either "blake3-256" or "b3-256" seem to make the most sense for names. This is not a binary compact format like multihash so I favor spelling out "blake3" instead of using "b3". That is my two cents for what it is worth.

AkihiroSuda commented 2 years ago

@stevvooe @dmcgowan What should we do with the algo name?

vbatts commented 2 years ago

since the library you've pulled is is defaulting to 256bit, I think going with @ktarplee is a fine idea. Make the algo name "blake3-256".

And optionally we could also add "blake3-512"

stevvooe commented 3 months ago

Do we want to pick this up again? Do we have consensus in the spec yet?

AkihiroSuda commented 3 months ago

Is there any existing user of blake3 in OCI? What algo identifier do they use?