Why multihash is used for identify a package?


I search this question in zig issue, but there seems no obvious reason, so posting here, what advantages it has over other format on earth?

The multihash is produced from all the included contents of the package.
As a consequence, if two packages have the same contents are identical, otherwise they are not.
As a package identity is an instant verification for the package contents and it is useful as a key for caching.

Are you asking why does zig use multihash over a set hash function, it is so that multiple types of hashing functions can be supported. That way if a hash algorithim is found to be insecure or too easy to bypass a new algorithim can be used. Imagine if zig had decided to use MD5, lots of tooling would depend on it, and changing the algorithm would break them.

If you are looking for tools on using multihashes, I wrote a library for that. (GitHub - Calder-Ty/multihash: Zig Multihash implementation)

Thanks, Above question is unclear, the question I really want to know is what advantages multihash has over something like sha256:xxx, but it seems the doc has an answer for that.

1 Like