Skip to content

SHA256 spelling fix #11062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

SHA256 spelling fix #11062

wants to merge 1 commit into from

Conversation

hawkeye101
Copy link
Contributor

@hawkeye101 hawkeye101 commented Mar 8, 2025
edited
Loading

#11023
Replaced 'SHA-256' with 'SHA256'.

@hawkeye101 hawkeye101 requested a review from a team as a code owner March 8, 2025 12:15
@ghost ghost added the area-System.Security Issues related to security practices for .NET developers. label Mar 8, 2025
@dotnet-policy-service dotnet-policy-service bot added the community-contribution Indicates that the PR has been added by a community member label Mar 8, 2025
@learn-build-service-prod Learn Build Service (PROD)
Copy link

Learn Build status updates of commit 3af6278:

✅ Validation status: passed

File Status Preview URL Details
xml/System.Security.Cryptography/HMACSHA256.xml ✅Succeeded View

For more details, please refer to the build report.

For any questions, please:

@gewarren
Copy link
Contributor

Thank you @hawkeye101. I want to figure out what the correct spelling is first (I left a question in the issue). Also, we'll probably need to update the SHA256 class docs as well.

@vcsjones
Copy link
Member

In general, I would expect SHA-256 when referring to the algorithm, and SHA256 when referring to the class.

It gets a little messier because SHA-2-256 is also acceptable, but in general I think it should only be used when disambiguating SHA-2-256 and SHA-3-256.

We should also address any inconsistencies with SHA384/SHA-384 and SHA512/SHA-512. I suspect they inherited any documentation inconsistencies.

@bartonjs likely has thoughts, too.

@bartonjs
Copy link
Member

I, personally, prefer always using "SHA-2-256" over "SHA-256", but I'm a pedant. Kevin's suggested "SHA256" is the class, "SHA-256" is the algorithm is probably the best starting place. Anything that already says "SHA-2-256" probably isn't worth changing since they'd have to be read to see if they're excluding (or contradistincting against) "SHA-3-256".

@hawkeye101
Copy link
Contributor Author

hawkeye101 commented Mar 16, 2025
edited
Loading

@gewarren Here is what I've understood. Just want to confirm before I make the changes.

  • In the HMAC class, it says "by using the SHA256 hash function" which contains a hyperlink to the SHA256 class. It seems to be referring to the algorithm here, not the class. So this should be SHA-256 and hyperlink removed.
  • In the fields, methods of HMAC class it should be SHA-256 as it is referring to the algorithm.
  • In the SHA256 class docs, "The hash size for the SHA256 algorithm is 256 bits" should be changed to "The hash size for the SHA-256 algorithm is 256 bits".

These are the only changes required as far as I understand. Please let me know if there are more (like HMACSHA3 classes)

@gewarren
Copy link
Contributor

@hawkeye101 Those changes look correct to me. There are likely additional changes required, but that would require additional research.

@gewarren gewarren mentioned this pull request Mar 18, 2025
Merged
@gewarren
Copy link
Contributor

Thank you @hawkeye101. I'm going to close this in favor of the more comprehensive #11104.

@gewarren gewarren closed this Mar 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area-System.Security Issues related to security practices for .NET developers. community-contribution Indicates that the PR has been added by a community member
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hawkeye101 @gewarren @vcsjones @bartonjs @arvindganeshQP