I almost feel that explaining is spoiling the fun. Obviously I wanted to use SHA512 because it's more secure, and already in libsodium.
Nonetheless, I used MD5. The assertion is that collisions do not matter here. I may be wrong. SHA512 generates a 64-byte hash. That is not usable as a human readable signature. We could use SHA1 then, but it's not secure. So we have MD5, which SSH2 uses already for this purpose. That means our signatures are familiar to anyone using ssh, which is a good overlap. Not inventing a new concept is worth more than premature optimization. Thus, MD5. -Pieter _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
