On 22 October 2014 09:57, Tobias Markmann <[email protected]> wrote:
> I think using a more secure hash function would be beneficial for reducing > code. Secure wireless constrained applications are likely to already > include a high security cryptographic hash function. Using this hash > function would avoid the need of implementing MD5 at all. Maybe, hash > agility could also be useful in this case. So clients, I think this is the > main deployment target for as constrained device, can pick the one already > available. Servers which are likely to have more power can then simply use > the same hash as the client. > I would think SHA-1 a better choice than MD5 at least. And clients will already need it for capabilities: http://xmpp.org/extensions/xep-0115.html#security-mti
