The needs for OpenSSL's LHASH are exactly what SipHash was designed for: fast on short strings. OpenSSL's hash currently *does not* call MD5 or SHA1; the MD5 code is commented out. Yes, performance tests would greatly inform the decision.