Using secure fingerprint hash approach

[peter279k]

As title, it seems that we use MD5 and SHA-1 hashes for the connection fingerprint.

But they're not safe because of collision.

To be secure, I think we can use the SHA-2, SHA-3 or bcrypt (password_hash) to replace original hash approaches.

@DivineOmega, what do you think about that? Thanks.

[DivineOmega]

@peter279k I'd be happy to accept a PR that adds all these algorithms as options.

I'd suggest we keep the current default for now though, and perhaps do a later breaking release to change it.

[peter279k]

Hi @DivineOmega, thanks for your reply.

Perhaps we can consider add this to be the 2.0 version release milestone.

What do you think about this idea?

[DivineOmega]

@peter279k We're already at v2.1.0, but yes. We could make it v3.0.0.

I'd suggest we add the new fingerprint algorithms with the default kept the same, and release that as v2.2.0.
Immediately after that, we can set the default to a more secure algorithm and release that as v3.0.0.