In this section, the encryption keys for Hosted Checkout are generated. Note that if the Payment Page is currently in use in either Demo or Production modes, generating new keys will break the existing page links.
Do not regenerate the merchant key unless absolutely certain.
Two types of encryption are offered: MD5 and SHA-1. Most Hosted Checkout instances will use MD5 as the SHA-1 option is only advised for specifically requested custom solutions.
This key is one of the values used to calculate the value, "x_fp_hash". This x_fp_hash validates that the merchant’s server generated the redirect parameters correctly and serves as verification to Hosted Checkout that the form was generated by the merchant's server, and not by the customer or a third party.
1. Press the "Generate New Transaction Key" button to produce a new value.
This value is specific to the Relay Response method and is one of the values used to calculate the value, "x_MD5_hash". This "x_MD5_hash" is how the Hosted Checkout system cryptographically signs transaction results returned to the merchant's server. Merchants can calculate and use the x_MD5_hash to verify that these results are being returned from Hosted Checkout and not an unknown third party.
1. Press the "Generate New Response Key" button to produce a new value.
Hit "Next" to proceed to the next step, "Previous" to return to the preceding screen, "Save Changes" to return at a later time or "Cancel" if editing an existing page.
"SHA-1 option is only advised for specifically requested custom solutions"
Would somebody care to explain what that means? That we should not use it?
I hear that MD5 is "broken" and that SHA-1 should be preferred.