MD4, MD5, SHA-0, SHA-1 have all been, more or less, broke. Which are left and which would you use for hashing passwords? // Danne

Use a One Time Pad, it can secure anything.

--More seriously?
Hashes are used because they are fast. But if you are not concerned with speed,
then you may want to think about an encryption scheme.
MD5 the password, then use that as input to 3DES's IV in CBC mode, and encrypt the password.
Or again generate some IV for some other stream cipher, like RC4, and encrypt the password.

If you are the only one with physical access to the machine that is being used to varify passwords, then store any hash you like on the machine. To keep the transmission of the passwords safe, send the passwords through a public-key crypto system (like RSA) to the server, where they would be hashed.

The new(ish) AES is supposed to be rather good. While it's mainly for encryption you can still use it to generate a hash in the standard way.

Do MMORPGs use public-key protocols to verify passwords? I am reading Applied Cryptography and cannot see any protocols in that book that perfectly forefills the needs of a MMORPG.

I would be surprised if current games use anything more than a key built-into the game executable to encrypt the password when sending it to the server for log-in, or, if they're feeling generous, a random key provided by the server before login. The point of password encryption is to hide it from some random packet snooper on the web, which that's probably good enough for. The user himself, of course, already knows his password, so you don't need to hide it from him :-)

Note that even Diffie-Hellman exchange isn't secure against a determined man in the middle, either, because the man-in-the-middle can do a D-H exchange towards each end, and trans-crypt the data on its way through (while snooping it at his leasure inbetween). You need a chain of trust with public certificates to get "totally" secure link.


What was the question again? Oh, right -- Tiger is a 192-bit hash function which hasn't yet been cracked. The point of a cryptographic hash is to make it both fast, and hard to procedurally generate a hash collision for -- once the algorithm is attacked to the point where you can generate a collision without exhaustive search, the point of the hash decreases significantly.

And if you're really smart, you re-use some existing library, such as OpenSSL, for your encryption and authentication needs :-)