[zeromq-dev] Proposal for ZeroMQ certificate format

Pieter Hintjens ph at imatix.com
Mon Oct 14 15:16:34 CEST 2013


I almost feel that explaining is spoiling the fun. Obviously I wanted
to use SHA512 because it's more secure, and already in libsodium.

Nonetheless, I used MD5. The assertion is that collisions do not
matter here. I may be wrong.

SHA512 generates a 64-byte hash. That is not usable as a human
readable signature. We could use SHA1 then, but it's not secure. So we
have MD5, which SSH2 uses already for this purpose. That means our
signatures are familiar to anyone using ssh, which is a good overlap.

Not inventing a new concept is worth more than premature optimization.
Thus, MD5.

-Pieter



More information about the zeromq-dev mailing list